[Syke360]

I have a brand new HP 6720s laptop with Windows Vista Home Basic installed

and within a matter of hours I start to get popups and registry entiries being made from something called MSserver

I have Norton Internet Security (which came with the lappy) also install Spybot search and destroy (Which is picking up the reg edits)

Windows Defender also picks up the problem but it being MS own program it cant fix it.

I have a feeling this is not all i have problem-wise

Here is my Hijack Log

Logfile of HijackThis v1.99.1
Scan saved at 01:20:27, on 15/06/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\System32\mobsync.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Syke360\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Syke360\AppData\Local\Temp\geBtSIyW.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Syke360\AppData\Local\Temp\xxyyaBqo.dll,c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [58004740] rundll32.exe "C:\Users\Syke360\AppData\Local\Temp\vwfwcbot.dll",b
O4 - HKCU\..\Run: [BM5b3374dc] Rundll32.exe "C:\Users\Syke360\AppData\Local\Temp\cuhtxydl.dll",s
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

hope you guys can help

I ran VundoFix also, it found something, but now thats gone

[rmurphy]

Welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
  
• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  -----------------------------------------------------------
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    -----------------------------------------------------------
  • Close any open browsers.
    
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  -----------------------------------------------------------
  
• Double click on combofix.exe & follow the prompts.
  
• When finished, it will produce a report for you.
  
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

-Ryan

[Syke360]

Thanks for the help Ryan. I did as instructed.

heres the ComboFix Log

ComboFix 08-06-15.4 - Syke360 2008-06-16 19:13:48.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.186 [GMT 1:00]
Running from: C:\Users\Syke360\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\x64
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))
.

2008-06-16 18:58 . 2008-06-16 18:59 <DIR> d-------- C:\Windows\LastGood
2008-06-15 17:06 . 2008-06-15 17:06 <DIR> d-------- C:\Users\Syke360\AppData\Roaming\Grisoft
2008-06-15 17:06 . 2008-06-15 17:06 <DIR> d-------- C:\Users\All Users\Grisoft
2008-06-15 17:06 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-06-14 23:58 . 2008-06-15 01:26 <DIR> d-------- C:\VundoFix Backups
2008-06-12 19:01 . 2008-06-12 19:01 <DIR> d-------- C:\Users\All Users\LightScribe
2008-06-12 18:47 . 2008-06-12 18:50 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-12 18:47 . 2008-06-12 18:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-12 18:29 . 2008-06-12 18:29 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-06-12 18:16 . 2008-06-12 18:16 <DIR> d-------- C:\Program Files\Bonjour
2008-06-12 02:50 . 2008-06-12 02:50 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-12 02:47 . 2008-06-12 18:16 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-11 21:03 . 2008-06-12 18:31 <DIR> d-------- C:\Users\Syke360\AppData\Roaming\uTorrent
2008-06-11 21:03 . 2008-06-11 21:03 <DIR> d-------- C:\Program Files\uTorrent
2008-06-11 16:50 . 2008-06-11 16:50 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 16:50 . 2008-06-11 16:50 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-06-11 16:49 . 2008-06-11 16:49 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-06-11 16:47 . 2008-06-11 16:47 826,368 --a------ C:\Windows\System32\wininet.dll
2008-06-11 02:10 . 2008-06-11 02:10 16 --a------ C:\Windows\System32\coh.cache
2008-06-11 01:46 . 2007-03-05 08:53 92,032 --a------ C:\Windows\System32\drivers\ewusbmdm.sys
2008-06-11 01:46 . 2007-03-05 08:52 23,424 --a------ C:\Windows\System32\drivers\ewdcsc.sys
2008-06-11 01:44 . 2008-06-11 01:44 <DIR> d-------- C:\Program Files\T-Mobile
2008-06-11 01:39 . 2008-06-11 01:39 <DIR> d-------- C:\Program Files\7-Zip
2008-06-11 01:31 . 2008-06-11 01:31 <DIR> d-------- C:\Users\Syke360\AppData\Roaming\Roxio
2008-06-10 18:09 . 2008-06-10 18:09 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-06-10 18:09 . 2008-06-10 18:09 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-06-10 18:06 . 2008-06-10 18:06 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-06-10 18:06 . 2008-06-10 18:06 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-06-10 18:06 . 2008-06-10 18:06 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-06-10 18:06 . 2008-06-10 18:06 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-06-10 18:06 . 2008-06-10 18:06 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-06-10 17:58 . 2008-06-10 17:58 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-10 17:58 . 2008-06-10 17:58 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-06-10 17:58 . 2008-06-10 17:58 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-06-10 17:58 . 2008-06-10 17:58 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-06-10 17:58 . 2008-06-10 17:58 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-06-10 17:58 . 2008-06-10 17:58 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-06-10 17:58 . 2008-06-10 17:58 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-06-10 17:58 . 2008-06-10 17:58 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-06-10 17:58 . 2008-06-10 17:58 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-06-10 17:55 . 2008-06-10 17:55 806,400 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-06-10 17:55 . 2008-06-10 17:55 217,144 --a------ C:\Windows\System32\drivers\netio.sys
2008-06-10 17:55 . 2008-06-10 17:55 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-06-10 17:55 . 2008-06-10 17:55 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-06-10 17:55 . 2008-06-10 17:55 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-06-10 17:51 . 2008-06-10 17:51 1,585,664 --a------ C:\Windows\System32\setupapi.dll
2008-06-10 17:46 . 2008-06-10 17:46 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-06-10 17:45 . 2008-06-10 17:45 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-06-10 17:45 . 2008-06-10 17:45 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-06-10 17:45 . 2008-06-10 17:45 2,048 --a------ C:\Windows\System32\asferror.dll
2008-06-10 17:43 . 2008-06-10 17:43 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-06-10 17:42 . 2008-06-10 17:42 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-06-10 17:42 . 2008-06-10 17:42 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-06-10 17:40 . 2008-06-10 17:40 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-06-10 17:39 . 2008-06-10 17:39 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-10 17:39 . 2008-06-10 17:39 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-06-10 17:39 . 2008-06-10 17:39 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-06-10 17:39 . 2008-06-10 17:39 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-06-10 17:38 . 2008-06-10 17:38 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-06-10 17:38 . 2008-06-10 17:38 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-06-10 17:38 . 2008-06-10 17:38 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-06-10 17:38 . 2008-06-10 17:38 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-06-10 17:38 . 2008-06-10 17:38 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-06-10 17:35 . 2008-06-10 17:35 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-10 17:34 . 2008-06-10 17:34 2,048 --a------ C:\Windows\System32\tzres.dll
2008-06-10 01:43 . 2008-06-10 01:43 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-06-10 01:43 . 2008-06-10 01:43 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-06-10 01:43 . 2008-06-10 01:43 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-06-10 01:43 . 2008-06-10 01:43 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-06-10 01:43 . 2008-06-10 01:43 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-06-10 01:43 . 2008-06-10 01:43 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-06-10 01:43 . 2008-06-10 01:43 43,352 --a------ C:\Windows\System32\wups2.dll
2008-06-10 01:43 . 2008-06-10 01:43 33,624 --a------ C:\Windows\System32\wups.dll
2008-06-10 01:43 . 2008-06-10 01:43 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-06-09 23:05 . 2008-06-09 23:57 <DIR> d-------- C:\Program Files\Windows Live
2008-06-09 23:05 . 2008-06-09 23:57 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-09 23:04 . 2008-06-09 23:04 0 --a------ C:\Windows\nsreg.dat
2008-06-09 23:02 . 2008-06-09 23:56 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-06-09 22:55 . 2008-06-09 22:55 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-06-09 22:48 . 2008-06-10 01:52 <DIR> d-------- C:\World of Warcraft
2008-06-09 21:51 . 2008-06-09 21:51 <DIR> dr------- C:\Users\Syke360\Searches
2008-06-09 21:51 . 2008-06-09 23:53 <DIR> dr------- C:\Users\Syke360\Contacts
2008-06-09 21:51 . 2008-06-09 21:51 44 --a------ C:\Windows\system\hpsysdrv.dat
2008-06-09 21:48 . 2008-06-09 21:48 <DIR> d-------- C:\Users\Syke360\AppData\Roaming\Hewlett-Packard
2008-06-09 21:43 . 2006-11-02 06:09 1,419,232 --a------ C:\Windows\System32\drivers\wdfcoinstaller01005.dll
2008-06-09 21:43 . 2007-06-18 16:12 16,768 --a------ C:\Windows\System32\drivers\HpqKbFiltr.sys
2008-06-09 21:41 . 2008-06-09 21:41 <DIR> d-------- C:\Program Files\Broadcom
2008-06-09 21:41 . 2008-06-09 21:40 3,231,744 --a------ C:\Windows\System32\bcmihvsrv.dll
2008-06-09 21:41 . 2008-06-09 21:40 2,895,872 --a------ C:\Windows\System32\bcmihvui.dll
2008-06-09 21:40 . 2008-06-09 21:40 <DIR> d-------- C:\Users\Syke360\AppData\Roaming\Hewlett Packard
2008-06-09 21:40 . 2007-09-14 16:41 1,044,472 --a------ C:\Windows\System32\drivers\BCMWL6.SYS
2008-06-09 21:40 . 2007-09-14 16:41 87,328 --a------ C:\Windows\System32\bcmwlcoi.dll
2008-06-09 21:39 . 2008-06-09 21:39 <DIR> d-------- C:\Program Files\Macrovision Corp
2008-06-09 21:39 . 2002-11-22 02:57 204,800 --a------ C:\Windows\System32\IVIresizeW7.dll
2008-06-09 21:39 . 2002-11-22 02:57 200,704 --a------ C:\Windows\System32\IVIresizeA6.dll
2008-06-09 21:39 . 2002-11-22 02:57 192,512 --a------ C:\Windows\System32\IVIresizeP6.dll
2008-06-09 21:39 . 2002-11-22 02:57 192,512 --a------ C:\Windows\System32\IVIresizeM6.dll
2008-06-09 21:39 . 2002-11-22 02:57 188,416 --a------ C:\Windows\System32\IVIresizePX.dll
2008-06-09 21:39 . 2002-11-22 02:57 20,480 --a------ C:\Windows\System32\IVIresize.dll
2008-06-09 21:37 . 2008-06-09 21:37 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-06-09 21:36 . 2008-06-09 21:36 <DIR> d-------- C:\Users\Syke360\AppData\Roaming\InstallShield
2008-06-09 21:36 . 2008-06-09 21:38 <DIR> d-------- C:\Program Files\InterVideo
2008-06-09 21:36 . 2008-06-09 21:36 0 -rahs---- C:\Windows\System32\drivers\103C_HP_bNB_6720s_Y5336AN_0U_QCNU8152F66_E452408-004_4A_I30D8_SHP_V83.0E_68MDU F.09_T080110_WV2-0_L409_M1015_J80_7Intel_86FA_91.73_#071211_N808610C4_(GB900EA#ABU)_XMOBILE_CN10_
Z_2F.09_G80862A12;80862A13.MRK
2008-06-09 21:34 . 2008-06-09 21:51 <DIR> dr------- C:\Users\Syke360\Videos
2008-06-09 21:34 . 2008-06-09 21:51 <DIR> dr------- C:\Users\Syke360\Saved Games
2008-06-09 21:34 . 2008-06-09 21:51 <DIR> dr------- C:\Users\Syke360\Pictures
2008-06-09 21:34 . 2008-06-09 21:51 <DIR> dr------- C:\Users\Syke360\Music
2008-06-09 21:34 . 2008-06-11 01:31 <DIR> dr------- C:\Users\Syke360\Links
2008-06-09 21:34 . 2008-06-12 02:39 <DIR> dr------- C:\Users\Syke360\Downloads
2008-06-09 21:34 . 2008-06-12 02:45 <DIR> dr------- C:\Users\Syke360\Documents
2008-06-09 21:34 . 2008-06-09 21:40 <DIR> d--h----- C:\Users\Syke360\AppData
2008-06-09 21:34 . 2008-06-15 03:09 <DIR> d-------- C:\Users\Syke360
2008-06-09 21:21 . 2008-06-09 21:21 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 17:23 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-11 16:10 --------- d-----w C:\Program Files\Windows Mail
2008-06-11 15:47 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-11 15:46 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-06-11 15:46 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-06-11 15:35 --------- d-----w C:\Program Files\Norton Internet Security
2008-06-11 01:03 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-06-11 01:03 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-06-11 01:03 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-06-11 01:03 --------- d-----w C:\Program Files\Symantec
2008-06-10 17:22 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-10 17:01 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-06-10 16:39 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-10 16:39 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-10 16:39 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-10 16:39 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-10 16:39 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-09 20:43 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-09 20:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-09 20:36 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-11 11:49 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"cmds"="C:\Users\Syke360\AppData\Local\Temp\xxyyaBqo.dll" [2008-06-12 02:46 321536]
"BM5b3374dc"="C:\Users\Syke360\AppData\Local\Temp\fgnfqeeh.dll" [2008-06-16 19:01 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-24 15:44 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-24 15:44 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-24 15:44 129560]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 14:14 1183744]
"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2007-05-08 17:38 331552]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-10 00:52 145184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 19:14 833072]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 22:21 472632]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-11 01:12 317128]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 18:12 71176]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 12:43 83608]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 16:34 177456]
"HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 08:11 49152]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-06-09 21:36:32 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
DeviceNP.dll 2007-06-08 18:04 49152 C:\Windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DE3F1BC4-50BB-4C6F-93EB-A5783DF3426F}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{4FD25612-206A-40CC-9F88-D9EB657E7AE3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{332F3A3F-9E90-4150-9CE8-AC9437953BD1}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{4B7AFAB4-C471-4429-9682-133BD01D0917}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080613.002\IDSvix86.sys [2008-06-03 17:55]
R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-06 07:44]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 17:50]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 17:38]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-24 13:39]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 15:32]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 08:30]
S3 DAMDrv;DAMDrv;C:\Windows\system32\DRIVERS\DAMDrv.sys [2007-06-08 17:49]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\system32\flcdlock.exe [2007-06-08 18:06]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ff20882-39bc-11dd-b2c7-0021000f229f}]
\shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ff20889-39bc-11dd-b2c7-0021000f229f}]
\shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2d11681-3738-11dd-ac61-001f29867928}]
\shell\AutoRun\command - G:\AutoRun.exe

*Newly Created Service* - AVGASCLN
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-06-11 15:36:20 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Syke360.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 19:20:47
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Users\Syke360\AppData\Local\Temp\lbrmwlci.dll
-> C:\Users\Syke360\AppData\Local\Temp\fgnfqeeh.dll
-> C:\Users\Syke360\AppData\Local\Temp\xxyyaBqo.dll
.
Completion time: 2008-06-16 19:23:36
ComboFix-quarantined-files.txt 2008-06-16 18:22:50

Pre-Run: 26,940,825,600 bytes free
Post-Run: 26,995,916,800 bytes free

259 --- E O F --- 2008-06-14 22:32:16


AND Heres the New HiJackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 19:27:52, on 16/06/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\Explorer.exe
C:\Users\Syke360\Desktop\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Syke360\AppData\Local\Temp\xxyyaBqo.dll,c
O4 - HKCU\..\Run: [BM5b3374dc] Rundll32.exe "C:\Users\Syke360\AppData\Local\Temp\fgnfqeeh.dll",s
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Syke360\AppData\Local\Temp\geBtSIyW.dll,#1
O4 - HKCU\..\Run: [58004740] rundll32.exe "C:\Users\Syke360\AppData\Local\Temp\vwfwcbot.dll",b
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

[rmurphy]

Please rename HiJackThis before completing the following directions.

1. Please open Notepad

• Click Start , then Run
  
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Quote

File::
C:\Users\Syke360\AppData\Local\Temp\lbrmwlci.dll
C:\Users\Syke360\AppData\Local\Temp\fgnfqeeh.dll
C:\Users\Syke360\AppData\Local\Temp\xxyyaBqo.dll

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
  
• A new HijackThis log.

-Ryan

[Syke360]

Heres the New ComboFix Log
ComboFix 08-06-15.4 - Syke360 2008-06-17 16:11:38.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.222 [GMT 1:00]
Running from: C:\Users\Syke360\Desktop\ComboFix.exe
Command switches used :: C:\Users\Syke360\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Users\Syke360\AppData\Local\Temp\fgnfqeeh.dll
C:\Users\Syke360\AppData\Local\Temp\lbrmwlci.dll
C:\Users\Syke360\AppData\Local\Temp\xxyyaBqo.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Syke360\AppData\Local\Temp\fgnfqeeh.dll
C:\Users\Syke360\AppData\Local\Temp\lbrmwlci.dll
C:\Users\Syke360\AppData\Local\Temp\xxyyaBqo.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.

2008-06-15 17:06 . 2008-06-15 17:06 <DIR> d-------- C:\Users\Syke360\AppData\Roaming\Grisoft
2008-06-15 17:06 . 2008-06-15 17:06 <DIR> d-------- C:\Users\All Users\Grisoft
2008-06-15 17:06 . 2007-05-30 13:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-06-14 23:58 . 2008-06-15 01:26 <DIR> d-------- C:\VundoFix Backups
2008-06-12 19:01 . 2008-06-12 19:01 <DIR> d-------- C:\Users\All Users\LightScribe
2008-06-12 18:47 . 2008-06-12 18:50 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-12 18:47 . 2008-06-12 18:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-12 18:29 . 2008-06-12 18:29 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-06-12 18:16 . 2008-06-12 18:16 <DIR> d-------- C:\Program Files\Bonjour
2008-06-12 02:50 . 2008-06-12 02:50 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-12 02:47 . 2008-06-12 18:16 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-11 21:03 . 2008-06-12 18:31 <DIR> d-------- C:\Users\Syke360\AppData\Roaming\uTorrent
2008-06-11 21:03 . 2008-06-11 21:03 <DIR> d-------- C:\Program Files\uTorrent
2008-06-11 16:50 . 2008-06-11 16:50 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 16:50 . 2008-06-11 16:50 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-06-11 16:49 . 2008-06-11 16:49 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-06-11 16:47 . 2008-06-11 16:47 826,368 --a------ C:\Windows\System32\wininet.dll
2008-06-11 02:10 . 2008-06-11 02:10 16 --a------ C:\Windows\System32\coh.cache
2008-06-11 01:46 . 2007-03-05 08:53 92,032 --a------ C:\Windows\System32\drivers\ewusbmdm.sys
2008-06-11 01:46 . 2007-03-05 08:52 23,424 --a------ C:\Windows\System32\drivers\ewdcsc.sys
2008-06-11 01:44 . 2008-06-11 01:44 <DIR> d-------- C:\Program Files\T-Mobile
2008-06-11 01:39 . 2008-06-11 01:39 <DIR> d-------- C:\Program Files\7-Zip
2008-06-11 01:31 . 2008-06-11 01:31 <DIR> d-------- C:\Users\Syke360\AppData\Roaming\Roxio
2008-06-10 18:09 . 2008-06-10 18:09 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-06-10 18:09 . 2008-06-10 18:09 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-06-10 18:06 . 2008-06-10 18:06 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-06-10 18:06 . 2008-06-10 18:06 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-06-10 18:06 . 2008-06-10 18:06 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-06-10 18:06 . 2008-06-10 18:06 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-06-10 18:06 . 2008-06-10 18:06 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-06-10 17:58 . 2008-06-10 17:58 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-10 17:58 . 2008-06-10 17:58 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-06-10 17:58 . 2008-06-10 17:58 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-06-10 17:58 . 2008-06-10 17:58 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-06-10 17:58 . 2008-06-10 17:58 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-06-10 17:58 . 2008-06-10 17:58 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-06-10 17:58 . 2008-06-10 17:58 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-06-10 17:58 . 2008-06-10 17:58 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-06-10 17:58 . 2008-06-10 17:58 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-06-10 17:55 . 2008-06-10 17:55 806,400 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-06-10 17:55 . 2008-06-10 17:55 217,144 --a------ C:\Windows\System32\drivers\netio.sys
2008-06-10 17:55 . 2008-06-10 17:55 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-06-10 17:55 . 2008-06-10 17:55 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-06-10 17:55 . 2008-06-10 17:55 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-06-10 17:51 . 2008-06-10 17:51 1,585,664 --a------ C:\Windows\System32\setupapi.dll
2008-06-10 17:46 . 2008-06-10 17:46 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-06-10 17:45 . 2008-06-10 17:45 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-06-10 17:45 . 2008-06-10 17:45 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-06-10 17:45 . 2008-06-10 17:45 2,048 --a------ C:\Windows\System32\asferror.dll
2008-06-10 17:43 . 2008-06-10 17:43 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-06-10 17:42 . 2008-06-10 17:42 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-06-10 17:42 . 2008-06-10 17:42 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-06-10 17:40 . 2008-06-10 17:40 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-06-10 17:39 . 2008-06-10 17:39 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-10 17:39 . 2008-06-10 17:39 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-06-10 17:39 . 2008-06-10 17:39 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-06-10 17:39 . 2008-06-10 17:39 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-06-10 17:38 . 2008-06-10 17:38 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-06-10 17:38 . 2008-06-10 17:38 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-06-10 17:38 . 2008-06-10 17:38 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-06-10 17:38 . 2008-06-10 17:38 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-06-10 17:38 . 2008-06-10 17:38 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-06-10 17:35 . 2008-06-10 17:35 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-10 17:34 . 2008-06-10 17:34 2,048 --a------ C:\Windows\System32\tzres.dll
2008-06-10 01:43 . 2008-06-10 01:43 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-06-10 01:43 . 2008-06-10 01:43 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-06-10 01:43 . 2008-06-10 01:43 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-06-10 01:43 . 2008-06-10 01:43 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-06-10 01:43 . 2008-06-10 01:43 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-06-10 01:43 . 2008-06-10 01:43 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-06-10 01:43 . 2008-06-10 01:43 43,352 --a------ C:\Windows\System32\wups2.dll
2008-06-10 01:43 . 2008-06-10 01:43 33,624 --a------ C:\Windows\System32\wups.dll
2008-06-10 01:43 . 2008-06-10 01:43 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-06-09 23:05 . 2008-06-09 23:57 <DIR> d-------- C:\Program Files\Windows Live
2008-06-09 23:05 . 2008-06-09 23:57 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-09 23:04 . 2008-06-09 23:04 0 --a------ C:\Windows\nsreg.dat
2008-06-09 23:02 . 2008-06-09 23:56 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-06-09 22:55 . 2008-06-09 22:55 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-06-09 22:48 . 2008-06-10 01:52 <DIR> d-------- C:\World of Warcraft
2008-06-09 21:51 . 2008-06-09 21:51 <DIR> dr------- C:\Users\Syke360\Searches
2008-06-09 21:51 . 2008-06-16 20:43 <DIR> dr------- C:\Users\Syke360\Contacts
2008-06-09 21:51 . 2008-06-09 21:51 44 --a------ C:\Windows\system\hpsysdrv.dat
2008-06-09 21:48 . 2008-06-09 21:48 <DIR> d-------- C:\Users\Syke360\AppData\Roaming\Hewlett-Packard
2008-06-09 21:43 . 2006-11-02 06:09 1,419,232 --a------ C:\Windows\System32\drivers\wdfcoinstaller01005.dll
2008-06-09 21:43 . 2007-06-18 16:12 16,768 --a------ C:\Windows\System32\drivers\HpqKbFiltr.sys
2008-06-09 21:41 . 2008-06-09 21:41 <DIR> d-------- C:\Program Files\Broadcom
2008-06-09 21:41 . 2008-06-09 21:40 3,231,744 --a------ C:\Windows\System32\bcmihvsrv.dll
2008-06-09 21:41 . 2008-06-09 21:40 2,895,872 --a------ C:\Windows\System32\bcmihvui.dll
2008-06-09 21:40 . 2008-06-09 21:40 <DIR> d-------- C:\Users\Syke360\AppData\Roaming\Hewlett Packard
2008-06-09 21:40 . 2007-09-14 16:41 1,044,472 --a------ C:\Windows\System32\drivers\BCMWL6.SYS
2008-06-09 21:40 . 2007-09-14 16:41 87,328 --a------ C:\Windows\System32\bcmwlcoi.dll
2008-06-09 21:39 . 2008-06-09 21:39 <DIR> d-------- C:\Program Files\Macrovision Corp
2008-06-09 21:39 . 2002-11-22 02:57 204,800 --a------ C:\Windows\System32\IVIresizeW7.dll
2008-06-09 21:39 . 2002-11-22 02:57 200,704 --a------ C:\Windows\System32\IVIresizeA6.dll
2008-06-09 21:39 . 2002-11-22 02:57 192,512 --a------ C:\Windows\System32\IVIresizeP6.dll
2008-06-09 21:39 . 2002-11-22 02:57 192,512 --a------ C:\Windows\System32\IVIresizeM6.dll
2008-06-09 21:39 . 2002-11-22 02:57 188,416 --a------ C:\Windows\System32\IVIresizePX.dll
2008-06-09 21:39 . 2002-11-22 02:57 20,480 --a------ C:\Windows\System32\IVIresize.dll
2008-06-09 21:37 . 2008-06-09 21:37 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-06-09 21:36 . 2008-06-09 21:36 <DIR> d-------- C:\Users\Syke360\AppData\Roaming\InstallShield
2008-06-09 21:36 . 2008-06-09 21:38 <DIR> d-------- C:\Program Files\InterVideo
2008-06-09 21:36 . 2008-06-09 21:36 0 -rahs---- C:\Windows\System32\drivers\103C_HP_bNB_6720s_Y5336AN_0U_QCNU8152F66_E452408-004_4A_I30D8_SHP_V83.0E_68MDU F.09_T080110_WV2-0_L409_M1015_J80_7Intel_86FA_91.73_#071211_N808610C4_(GB900EA#ABU)_XMOBILE_CN10_
Z_2F.09_G80862A12;80862A13.MRK
2008-06-09 21:34 . 2008-06-09 21:51 <DIR> dr------- C:\Users\Syke360\Videos
2008-06-09 21:34 . 2008-06-09 21:51 <DIR> dr------- C:\Users\Syke360\Saved Games
2008-06-09 21:34 . 2008-06-09 21:51 <DIR> dr------- C:\Users\Syke360\Pictures
2008-06-09 21:34 . 2008-06-09 21:51 <DIR> dr------- C:\Users\Syke360\Music
2008-06-09 21:34 . 2008-06-11 01:31 <DIR> dr------- C:\Users\Syke360\Links
2008-06-09 21:34 . 2008-06-12 02:39 <DIR> dr------- C:\Users\Syke360\Downloads
2008-06-09 21:34 . 2008-06-12 02:45 <DIR> dr------- C:\Users\Syke360\Documents
2008-06-09 21:34 . 2008-06-09 21:40 <DIR> d--h----- C:\Users\Syke360\AppData
2008-06-09 21:34 . 2008-06-15 03:09 <DIR> d-------- C:\Users\Syke360
2008-06-09 21:21 . 2008-06-09 21:21 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 17:23 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-11 16:10 --------- d-----w C:\Program Files\Windows Mail
2008-06-11 15:47 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-11 15:46 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-06-11 15:46 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-06-11 15:35 --------- d-----w C:\Program Files\Norton Internet Security
2008-06-11 01:03 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-06-11 01:03 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-06-11 01:03 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-06-11 01:03 --------- d-----w C:\Program Files\Symantec
2008-06-10 17:22 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-10 17:01 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-06-10 16:39 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-10 16:39 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-10 16:39 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-10 16:39 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-10 16:39 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-09 20:43 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-09 20:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-09 20:36 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-11 11:49 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-06-16_19.22.25.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-16 17:57:52 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-17 15:23:29 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-16 17:57:53 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-17 15:23:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-06-16 17:57:53 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-06-17 15:23:32 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-16 18:01:12 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-17 15:24:47 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-17 15:24:47 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-16 18:01:06 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-17 15:24:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-17 15:24:47 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-16 18:13:33 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-17 15:16:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-16 18:13:33 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-17 15:16:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-16 18:13:33 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-17 15:16:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-16 18:00:54 4,132 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3045987615-564324704-3291876626-1006_UserData.bin
+ 2008-06-17 15:03:31 4,188 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3045987615-564324704-3291876626-1006_UserData.bin
- 2008-06-16 18:00:53 72,060 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-17 15:03:30 72,712 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-16 18:00:34 35,016 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-17 15:03:28 35,136 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-24 15:44 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-24 15:44 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-24 15:44 129560]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 14:14 1183744]
"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2007-05-08 17:38 331552]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-10 00:52 145184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 19:14 833072]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 22:21 472632]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-11 01:12 317128]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 18:12 71176]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 12:43 83608]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 16:34 177456]
"HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 08:11 49152]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-06-09 21:36:32 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
DeviceNP.dll 2007-06-08 18:04 49152 C:\Windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DE3F1BC4-50BB-4C6F-93EB-A5783DF3426F}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{4FD25612-206A-40CC-9F88-D9EB657E7AE3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{332F3A3F-9E90-4150-9CE8-AC9437953BD1}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{4B7AFAB4-C471-4429-9682-133BD01D0917}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ff20882-39bc-11dd-b2c7-0021000f229f}]
\shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ff20889-39bc-11dd-b2c7-0021000f229f}]
\shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2d11681-3738-11dd-ac61-001f29867928}]
\shell\AutoRun\command - G:\AutoRun.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-06-16 19:00:21 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Syke360.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 16:24:59
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\wlanext.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\AEADISRV.EXE
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\SMINST\Scheduler.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2008-06-17 16:30:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-17 15:29:25
ComboFix2.txt 2008-06-16 18:23:37

Pre-Run: 27,339,612,160 bytes free
Post-Run: 27,868,495,872 bytes free

303 --- E O F --- 2008-06-14 22:32:16


and Hijack Log

Logfile of HijackThis v1.99.1
Scan saved at 17:54:03, on 17/06/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Syke360\Desktop\renameme.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

[rmurphy]

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

-Ryan

[Syke360]

Here you go

Malwarebytes' Anti-Malware 1.17
Database version: 865

03:20:25 18/06/2008
mbam-log-6-18-2008 (03-20-25).txt

Scan type: Full Scan (C:\|)
Objects scanned: 186351
Time elapsed: 45 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\58004740 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM5b3374dc (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\Users\Syke360\AppData\Local\Temp\lbrmwlci.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Users\Syke360\AppData\Local\Temp\xxyyaBqo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

[rmurphy]

How's the computer running?

-Ryan

[Syke360]

Its running ok

Still getting some wierd errors upon start up

RUNDLL error

Cannot start module. jdsebeyfd.dll missing


Not exactly like that but i get 3 of them, all with different DLL files missing.

None of the files make sense they all have strange and random filenames

Apart from that its running much better

The MSServer Reg Request has stopped

Thanks much for your Help.

Easy to fix with your step by step instructions.

[rmurphy]

Please post a new log from the renamed hijackthis.

-Ryan

[Syke360]

Logfile of HijackThis v1.99.1
Scan saved at 05:45:36, on 19/06/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Syke360\Desktop\renameme.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Syke360\AppData\Local\Temp\geBtSIyW.dll,#1
O4 - HKCU\..\Run: [58004740] rundll32.exe "C:\Users\Syke360\AppData\Local\Temp\vwfwcbot.dll",b
O4 - HKCU\..\Run: [BM5b3374dc] Rundll32.exe "C:\Users\Syke360\AppData\Local\Temp\fgnfqeeh.dll",s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

The Ones in BOLD are the ones that i get error messages up upon startup

[rmurphy]

Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s)

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Syke360\AppData\Local\Temp\geBtSIyW.dll,#1
O4 - HKCU\..\Run: [58004740] rundll32.exe "C:\Users\Syke360\AppData\Local\Temp\vwfwcbot.dll",b
O4 - HKCU\..\Run: [BM5b3374dc] Rundll32.exe "C:\Users\Syke360\AppData\Local\Temp\fgnfqeeh.dll",s

Close all open windows except for HiJack This and click fix checked.

Reboot your computer.

Please rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working.

-Ryan

[Syke360]

I Did as you asked but shortly after my Spybot pops up asking for MSserver to edit registry.

I deny and i scanned again and the three files are back again.

heres the log, the 3 culprits have been added again but are a little further down the list
Logfile of HijackThis v1.99.1
Scan saved at 04:18:23, on 20/06/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Syke360\Desktop\renameme.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...b&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Syke360\AppData\Local\Temp\geBtSIyW.dll,#1
O4 - HKCU\..\Run: [58004740] rundll32.exe "C:\Users\Syke360\AppData\Local\Temp\vwfwcbot.dll",b
O4 - HKCU\..\Run: [BM5b3374dc] Rundll32.exe "C:\Users\Syke360\AppData\Local\Temp\fgnfqeeh.dll",s
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

[rmurphy]

1. Please open Notepad

• Click Start , then Run
  
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Quote

File::
C:\Users\Syke360\AppData\Local\Temp\geBtSIyW.dll
C:\Users\Syke360\AppData\Local\Temp\vwfwcbot.dll
C:\Users\Syke360\AppData\Local\Temp\fgnfqeeh.dll
C:\Windows\System32\coh.cache

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSServer"=-
"58004740"=-
"BM5b3374dc"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
  
• A new HijackThis log.

-Ryan

[Syke360]