Hey,

I found out that my Google wasn't working right. Then I tried to fix it and when I did a virus scan, it automatically closed. Soon after, when I tried other virus programs, the programs wouldn't work anymore. Then I had to reset the computer and it won't let me into safe mode.

I have started running the Symantec online Virus Detection scan and a Bugbear Removal tool, but I'm not sure what is wrong with my computer.

What's wrong?:
Virus scan programs closing down
Virus scan programs not working after being shut off
Safe mode not working
Google links redirecting to random websites

EDIT: The Virus Detection found 4 viruses in my computer.

Also, will this affect my laptop at all (it is on my netgear network)?

Hi.Welcome to the forum

Run both these programs.

Please download Malwarebytes' Anti-Malware from one of these places:
|MG| Malwarebytes Anti-Malware 1.41 Download
Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com


Double Click mbam-setup.exe to install the application.
If it will not run make a copy of the MBAM.exe and rename MBAM.exe to xxx.exe and run that.Keep the genuine MBAM.exe as we may need to run that later as is.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
PLEASE NOTE:
If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Once that Malwarebytes' Anti-Malware is done removing the malware and you have rebooted the computer, browse around and see if you are still having that problem.

================================================== ===================================


You will need to download ComboFix.exe. Download Combofix from any of the links below. You must rename it before saving it. Name it ComFx, and Save it to your desktop.


http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe


* IMPORTANT !!! Save ComboFix.exe to your Desktop
It is important that it is saved and renamed following this process directly to your desktop**


Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools. More help on your specific AV here: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Double click on ComFx.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes to continue scanning for malware.
When finished, it shall produce a log for you. Please include the ComboFix.txt in your reply.

Caution.....
Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.

I cannot scan with Malwarebytes because the virus closes with down when it is scanning.

Here is the ComboFix log:

ComboFix 09-10-24.01 - Raj 10/25/2009 8:14.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.97 [GMT -4:00]
Running from: c:\documents and settings\Raj\Desktop\ComFx.exe
AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

-- Previous Run --

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\system32\dllcache\eventlog.dll

--------

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))
.

2009-10-25 02:26 . 2009-10-25 02:56 -------- dc----w- C:\ComFx9764C
2009-10-25 02:16 . 2009-10-25 02:20 -------- dc----w- C:\ComFx
2009-10-17 19:31 . 2009-10-17 19:31 -------- d-----w- C:\found.001
2009-09-28 22:20 . 2009-09-28 22:26 -------- d-----w- c:\documents and settings\Raj\Local Settings\Application Data\AIM
2009-09-28 22:20 . 2009-09-28 22:20 -------- dc----w- c:\documents and settings\All Users\Application Data\AIM
2009-09-28 22:19 . 2009-09-28 22:20 -------- d-----w- c:\program files\AIM7
2009-09-28 22:18 . 2009-09-28 22:18 -------- d-----w- c:\program files\Common Files\Software Update Utility

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-25 03:20 . 2003-09-03 00:25 182504 ----a-w- c:\documents and settings\Raj\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-25 02:47 . 2009-10-24 21:28 -------- dc----w- c:\documents and settings\All Users\Application Data\Norton
2009-10-25 02:24 . 2009-10-24 21:28 -------- dc----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-10-24 22:46 . 2009-10-24 16:03 0 ----a-r- c:\windows\win32k.sys
2009-10-24 22:06 . 2009-10-24 22:06 -------- d-----w- c:\documents and settings\Raj\Application Data\Tific
2009-10-24 21:31 . 2003-05-06 07:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-24 21:29 . 2003-05-06 07:55 -------- d-----w- c:\program files\Symantec
2009-10-24 21:29 . 2009-10-24 21:29 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-24 21:29 . 2009-10-24 21:29 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-24 21:29 . 2007-10-06 18:11 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-24 21:29 . 2007-10-06 18:11 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-24 21:28 . 2009-10-24 21:28 -------- d-----w- c:\program files\Windows Sidebar
2009-10-24 21:00 . 2009-10-24 21:00 -------- d-----w- c:\documents and settings\Raj\Application Data\AVG8
2009-10-24 20:58 . 2009-01-28 15:47 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-24 20:35 . 2009-10-24 20:34 23724034 -c--a-w- C:\SYM_REGISTRY_BACKUP.reg
2009-10-24 18:05 . 2009-02-09 20:38 -------- d-----w- c:\documents and settings\Raj\Application Data\HPAppData
2009-10-24 17:28 . 2009-10-24 17:22 -------- d-----w- c:\program files\UnHackMe
2009-10-24 17:22 . 2009-10-24 17:22 34760 ----a-w- c:\windows\system32\drivers\Partizan.sys
2009-10-24 17:22 . 2009-10-24 17:22 32480 ----a-w- c:\windows\system32\Partizan.exe
2009-10-24 16:13 . 2003-05-06 05:33 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-24 15:43 . 2008-12-19 23:58 -------- d-----w- c:\documents and settings\Raj\Application Data\Download Manager
2009-10-24 14:47 . 2009-07-02 19:31 -------- d-----w- c:\documents and settings\Raj\Application Data\Aim
2009-10-17 19:08 . 2008-06-05 00:26 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-17 19:05 . 2009-01-06 20:47 -------- d-----w- c:\program files\Microsoft Works
2009-09-19 11:29 . 2004-10-25 22:53 -------- d-----w- c:\program files\Google
2009-09-19 11:23 . 2009-09-19 11:23 -------- d-----w- c:\program files\wwdpae
2009-09-16 11:33 . 2003-05-06 05:38 -------- d-----w- c:\program files\Quicken
2009-09-13 13:17 . 2008-05-30 21:12 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-11 14:18 . 2003-05-21 21:16 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 19:57 . 2009-09-08 19:57 -------- d-----w- c:\documents and settings\Raj\Application Data\Malwarebytes
2009-09-08 19:57 . 2009-09-08 19:57 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-04 21:03 . 2003-05-21 21:15 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-24 00:32 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2003-05-21 20:53 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-06 23:24 . 2004-09-18 10:57 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-09-18 10:57 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-09-18 10:57 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2003-05-21 20:54 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2003-05-21 21:14 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-09-18 10:57 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2005-09-12 22:38 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2005-05-26 08:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2003-05-21 20:54 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2002-12-12 14:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2002-08-29 08:04 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2002-08-29 08:04 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2007-08-09 18:08 . 2008-02-26 02:08 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 18:10 . 2008-02-26 02:08 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2004-03-03 04:33 . 2004-03-03 04:33 0 -csha-w- c:\windows\SMINST\HPCD.sys
2006-04-11 22:28 . 2006-04-11 22:28 56 --sh--r- c:\windows\system32\DEFF81F1E0.sys
2007-06-28 13:48 . 2007-06-28 13:43 88 --sh--r- c:\windows\system32\E0F181FFDE.sys
2007-09-15 13:24 . 2007-06-28 13:43 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot_2009-10-25_02.48.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-25 12:08 . 2009-10-25 12:08 16384 c:\windows\temp\Perflib_Perfdata_6f8.dat
+ 2009-10-25 03:20 . 2009-10-25 03:20 10134 c:\windows\Installer\{F19F7B24-AAD4-4236-8475-5335483DA676}\ARPPRODUCTICON.exe
+ 2008-12-22 12:52 . 2009-10-25 12:08 2586720 c:\windows\system32\FNTCACHE.DAT
+ 2009-10-25 03:20 . 2009-10-25 03:20 3765248 c:\windows\Installer\1a3a82.msi
.
((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))) ))))))))
.
2003-05-06 05:09 . 2002-10-16 22:57 81920 c:\hp\drivers\keyboard\bak\PS2.EXE

2003-05-06 05:09 . 2003-02-12 02:02 61440 c:\hp\KBD\bak\KBD.EXE

2003-05-06 05:40 . 2002-11-27 00:14 131072 c:\program files\Coloreal\bak\coloreal.exe

2006-04-20 17:10 . 2006-04-20 17:10 50792 c:\program files\Common Files\AOL\1125419246\ee\bak\AOLSoftware.exe

2006-02-17 16:59 . 2006-02-17 16:59 124520 c:\program files\Common Files\AOL\IPHSend\bak\IPHSend.exe

2004-04-17 01:17 . 2005-09-17 11:21 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

2005-10-21 20:13 . 2005-10-21 20:13 163840 c:\program files\Common Files\Roxio Shared\SharedCOM8\bak\RoxWatchTray.exe

2006-06-09 00:57 . 2005-12-16 23:59 107008 c:\program files\eFax Messenger 4.1\bak\J2GDllCmd.exe

2002-10-07 04:23 . 2002-10-07 04:23 90112 c:\program files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe
2002-10-07 05:23 . 2002-10-07 05:23 90112 c:\program files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe

2002-04-18 00:42 . 2002-04-18 00:42 69632 c:\program files\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe
2002-04-17 14:42 . 2002-04-17 14:42 69632 c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

2007-09-26 18:42 . 2007-09-26 18:42 267064 c:\program files\iTunes\bak\iTunesHelper.exe
2007-11-15 18:11 . 2007-11-15 18:11 267048 c:\program files\iTunes\iTunesHelper.exe

2007-08-09 13:38 . 2007-07-12 08:00 132496 c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe

2004-09-10 02:12 . 2004-09-10 02:12 132248 c:\program files\Norton SystemWorks\bak\cfgwiz.exe

2006-10-16 13:23 . 2005-06-13 06:30 192512 c:\program files\Pinnacle\Shared Files\Programs\USBTip\bak\USBTip.exe

2007-06-29 10:24 . 2007-06-29 10:24 286720 c:\program files\QuickTime\bak\QTTask.exe
2007-11-15 04:43 . 2007-11-15 04:43 286720 c:\program files\QuickTime\QTTask.exe

2002-06-18 14:01 . 2002-06-18 14:01 155648 c:\program files\VERITAS Software\Update Manager\bak\sgtray.exe

2002-11-13 05:37 . 2004-08-04 07:56 50176 c:\windows\eHome\bak\ehtray.exe
2002-11-13 05:37 . 2008-04-14 00:12 50176 c:\windows\eHome\ehtray.exe

2003-05-06 05:41 . 2002-09-14 04:42 212992 c:\windows\SMINST\bak\RECGUARD.EXE

2007-10-04 11:50 . 2007-10-20 06:06 182 c:\windows\system\bak\hpsysdrv.DAT
2003-08-18 01:26 . 2007-10-04 09:43 188 c:\windows\system\hpsysdrv.DAT

2003-05-06 04:45 . 1998-05-07 23:04 52736 c:\windows\system\bak\hpsysdrv.exe

2003-05-21 21:14 . 2004-08-04 07:56 15360 c:\windows\system32\bak\ctfmon.exe
2003-05-21 21:14 . 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe

2004-03-11 04:26 . 2004-03-11 04:26 406016 c:\windows\system32\bak\PSDrvCheck.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-10-23 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 1460560]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [N/A]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2003-07-28 852038]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-14 50176]
"KYE_Showicon"="c:\program files\USB Storage RW\shwicon.exe" [2002-10-25 69632]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
"USB2Check"="c:\windows\system32\PCLECoInst.dl l" [2004-09-21 73728]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe " [2003-05-21 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-11-15 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"DnsUpdater"="c:\program files\Common Files\~.exe" [N/A]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]
"{7d479f20-1af3-a432-e616-0c6897a83e78}"="c:\windows\system32\{8cf4ed85-073b-2a0a-78a0-71fa9160e12d}.dll" [2008-05-26 365568]
"VF0060 STISvc"="V0060Pin.dll" - c:\windows\system32\V0060Pin.dll [2004-11-01 36864]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-05-20 28160]
"AlcxMonitor"="ALCXMNTR.EXE" [N/A]

[HKEY_CURRENT_USER\software\microsoft\windows\Curre ntversion\policies\explorer\Run]
"aiaqmimu.exe"="c:\windows\system\aiaqmimu.exe " [N/A]

c:\documents and settings\Raj\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-6-13 450560]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-9-21 811008]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-29 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\StubInstaller.exe"=
"c:\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\1125419246\\ee\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\1125419246\\ee\\aolservicehost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"=
"k:\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\wjview.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\LimeWire\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Client Software(V2.0.0)\\HcNetClient.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager .exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"2544:UDP"= 2544:UDP:Windows Media Format SDK (iexplore.exe)
"2545:UDP"= 2545:UDP:Windows Media Format SDK (iexplore.exe)
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sony pvl2.sys [3/15/2004 9:00 AM 19478]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sony pvf2.sys [3/15/2004 9:00 AM 635012]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sony pvt2.sys [3/15/2004 9:00 AM 431236]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [1/6/2006 8:09 PM 2368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/28/2008 10:30 AM 24652]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sony pvd2.sys [3/15/2004 9:00 AM 64093]
S2 mrtRate;mrtRate; [x]
S3 DCamUSBConexant;Vivicam 355 USB Video Camera;c:\windows\system32\DRIVERS\Rapvid.sys --> c:\windows\system32\DRIVERS\Rapvid.sys [?]
S3 dump_wmimmc;dump_wmimmc;\??\c:\nexon\MapleStory\Ga meGuard\dump_wmimmc.sys --> c:\nexon\MapleStory\GameGuard\dump_wmimmc.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/24/2009 5:47 PM 102448]
S3 Partizan;Partizan;c:\windows\system32\drivers\Part izan.sys [10/24/2009 1:22 PM 34760]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio. sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 UsbCmxp;Scientific Atlanta WebSTAR 2000 series Cable Modem;c:\windows\system32\drivers\sacmxp2.sys [3/24/2005 8:57 AM 14336]
S3 V0060VID;Creative WebCam Live! Ultra;c:\windows\system32\drivers\V0060Vid.sys [9/29/2005 9:18 PM 196409]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2008-02-17 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2100 series5E771253C1676EBED677BF361FDFC537825E15B81951 62030.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 05:52]

2009-10-25 c:\windows\Tasks\User_Feed_Synchronization-{886034A9-BE59-4BF8-9E09-6D79CE981D5D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.optonline.net/Home
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*Yahoo! SearchBar Home Page
uInternet Connection Wizard,ShellNext = hxxp://www.windowsdownloads.com/success.htm
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Optimum Online Cursor Search - c:\documents and settings\All Users\Application Data\Infospace\OptimumOnline\contextsearch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: go.com\*.disney
Trusted Zone: go.com\secure.disney
Trusted Zone: optimum.net\www
TCP: {C8326AE7-2F7C-425E-B772-5F759B9D491A} = 95.211.97.20,95.211.97.21,192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} - hxxps://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
DPF: {6299BA62-2020-463C-954A-512718E5A23A} - hxxp://66.155.150.10/worklist/PiViewNet.cab
DPF: {9FA45D9C-1412-4949-B735-0D73A3D20E51} - hxxp://www.gloopers.com/VFX.CAB
DPF: {AA25A56C-B654-4356-B390-DC3594B75C63} - hxxp://69.119.148.58:81/codebase/HCNetVideoActiveX.cab
FF - ProfilePath - c:\documents and settings\Raj\Application Data\Mozilla\Firefox\Profiles\x3nsn6ws.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.optimum.net/
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false.
- - - - ORPHANS REMOVED - - - -

BHO-{7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
AddRemove-DnsUpdater1 - c:\program files\Common Files\~.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Raj\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-25 08:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C 7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:93,5e,8f,c6,6a,f8,cc,bf,93,a5,25,70, b8,8b,c4,e9,38,39,93,73,54,
0a,58,e0,7c,12,ec,9d,b1,81,2f,17,98,f5,90,c5,fa,0e ,45,80,8f,23,bf,c0,e6,25,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:93,5e,8f,c6,6a,f8,cc,bf,93,a5,25,70, b8,8b,c4,e9,38,39,93,73,54,
0a,58,e0,7c,12,ec,9d,b1,81,2f,17,98,f5,90,c5,fa,0e ,45,80,8f,23,bf,c0,e6,25,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1028)
c:\windows\system32\WININET.dll
c:\windows\system32\nView.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-10-25 8:39
ComboFix-quarantined-files.txt 2009-10-25 12:39
ComboFix2.txt 2009-09-08 19:03

Pre-Run: 116,964,941,824 bytes free
Post-Run: 117,128,593,408 bytes free

- - End Of File - - 2ACD1F391B7F17FE81B7240276305496

You have a downloader trojan called Downloader.Agent.awf or Downloader.Agent.ayy. This trojan replaces legitimate files that are common on most computers with an infected file. It then moves the legitimate file to a "bak" or backup folder. Please follow the directions below to run FindAWF so we can identify the files that have been infected and the backups and then restore them.There may be 4 steps to this cleanup.
Download FindAWF.exe from HERE and save it to your desktop.
Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with the following Menu.
1. Press 1 then Enter to scan for bak folders
2. Press 2 then Enter to restore files from bak folders
3. Press 3 then Enter to remove bak folders
4. Press 4 then Enter to reset domain zones
5. Press E then Enter to EXIT
Select option 1, then press Enter
It may take a few minutes to complete so be patient.
When it is complete, it will open a text file in Notepad called AWF.txt.
Please copy and paste the contents of the AWF.txt file in your next reply.

Very sorry for the delay. Here is the AWF.txt:


Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Tue 10/27/2009
The current time is: 6:49:57.34


bak folders found
~~~~~~~~~~~


Directory of C:\HP\KBD\BAK

02/11/2003 10:02 PM 61,440 KBD.EXE
1 File(s) 61,440 bytes

Directory of C:\PROGRA~1\COLOREAL\BAK

11/26/2002 08:14 PM 131,072 coloreal.exe
1 File(s) 131,072 bytes

Directory of C:\PROGRA~1\EFAXME~1.1\BAK

12/16/2005 07:59 PM 107,008 J2GDllCmd.exe
1 File(s) 107,008 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

09/26/2007 02:42 PM 267,064 iTunesHelper.exe
1 File(s) 267,064 bytes

Directory of C:\PROGRA~1\NORTON~1\BAK

09/09/2004 10:12 PM 132,248 cfgwiz.exe
1 File(s) 132,248 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

06/29/2007 06:24 AM 286,720 QTTask.exe
1 File(s) 286,720 bytes

Directory of C:\WINDOWS\EHOME\BAK

08/04/2004 03:56 AM 50,176 ehtray.exe
1 File(s) 50,176 bytes

Directory of C:\WINDOWS\SMINST\BAK

09/14/2002 12:42 AM 212,992 RECGUARD.EXE
1 File(s) 212,992 bytes

Directory of C:\WINDOWS\SYSTEM\BAK

10/20/2007 02:06 AM 182 hpsysdrv.DAT
05/07/1998 07:04 PM 52,736 hpsysdrv.exe
2 File(s) 52,918 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 03:56 AM 15,360 ctfmon.exe
03/11/2004 12:26 AM 406,016 PSDrvCheck.exe
2 File(s) 421,376 bytes

Directory of C:\HP\DRIVERS\KEYBOARD\BAK

10/16/2002 06:57 PM 81,920 PS2.EXE
1 File(s) 81,920 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSHAR~1\BAK

04/17/2002 08:42 PM 69,632 hpgs2wnd.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\VERITA~1\UPDATE~1\BAK

06/18/2002 10:01 AM 155,648 sgtray.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\IPHSEND\BAK

02/17/2006 12:59 PM 124,520 IPHSend.exe
1 File(s) 124,520 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

09/17/2005 07:21 AM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\COMMON~1\ROXIOS~1\SHARED~2\BAK

10/21/2005 04:13 PM 163,840 RoxWatchTray.exe
1 File(s) 163,840 bytes

Directory of C:\PROGRA~1\HEWLET~1\DIGITA~1\UNLOAD\BAK

10/07/2002 12:23 AM 90,112 hpqcmon.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK

07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\112541~2\EE\BAK

04/20/2006 01:10 PM 50,792 AOLSoftware.exe
1 File(s) 50,792 bytes

Directory of C:\PROGRA~1\PINNACLE\SHARED~1\PROGRAMS\USBTIP\BAK

06/13/2005 02:30 AM 192,512 USBTip.exe
1 File(s) 192,512 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

61440 Feb 11 2003 "C:\hp\KBD\bak\KBD.EXE"
131072 Nov 26 2002 "C:\Program Files\Coloreal\bak\coloreal.exe"
107008 Dec 16 2005 "C:\Program Files\eFax Messenger 4.1\bak\J2GDllCmd.exe"
267048 Nov 15 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
267064 Sep 26 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Nov 22 2007 "C:\WINDOWS\Installer\{4F5CE18C-D97D-48FF-A510-A0D90C918294}\iTunesIco.exe"
116008 Nov 22 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
188480 May 14 2002 "C:\WINDOWS\$NtUninstallKB810217$\cfgwiz.exe"
132248 Sep 9 2004 "C:\Program Files\Norton SystemWorks\bak\cfgwiz.exe"
286720 Nov 15 2007 "C:\Program Files\QuickTime\QTTask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\QTTask.exe"
50176 Apr 13 2008 "C:\WINDOWS\eHome\ehtray.exe"
50176 Aug 4 2004 "C:\WINDOWS\eHome\bak\ehtray.exe"
212992 Sep 14 2002 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
188 Oct 4 2007 "C:\WINDOWS\system\hpsysdrv.DAT"
182 Oct 20 2007 "C:\WINDOWS\system\bak\hpsysdrv.DAT"
52736 May 7 1998 "C:\WINDOWS\system\bak\hpsysdrv.exe"
15360 Apr 13 2008 "C:\WINDOWS\system32\ctfmon.exe"
15360 Apr 13 2008 "C:\WINDOWS\ERDNT\cache\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
406016 Mar 11 2004 "C:\WINDOWS\system32\bak\PSDrvCheck.exe"
81920 Oct 16 2002 "C:\hp\drivers\keyboard\bak\PS2.EXE"
69632 Apr 17 2002 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
69632 Apr 17 2002 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe"
155648 Jun 18 2002 "C:\Program Files\VERITAS Software\Update Manager\bak\sgtray.exe"
124520 Feb 17 2006 "C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe"
180269 Sep 17 2005 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
163840 Oct 21 2005 "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\bak\RoxWatchTray.exe"
90112 Oct 7 2002 "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe"
90112 Oct 7 2002 "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe"
36975 Dec 6 2004 "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
36975 Jun 3 2005 "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 Oct 12 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
83608 Mar 14 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
75520 Aug 14 2008 "C:\Program Files\Common Files\Adobe\CS4ServiceManager\jre\bin\jusched.exe"
50792 Apr 20 2006 "C:\Program Files\Common Files\AOL\1125419246\ee\bak\AOLSoftware.exe"
192512 Jun 13 2005 "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\bak\USBTip.exe"


end of report

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\HP\KBD\BAK
C:\PROGRA~1\COLOREAL\BAK
C:\PROGRA~1\EFAXME~1.1\BAK
C:\PROGRA~1\ITUNES\BAK
C:\PROGRA~1\NORTON~1\BAK
C:\PROGRA~1\QUICKT~1\BAK
C:\WINDOWS\EHOME\BAK
C:\WINDOWS\SMINST\BAK
C:\WINDOWS\SYSTEM\BAK
C:\HP\DRIVERS\KEYBOARD\BAK
C:\PROGRA~1\COMMON~1\SYMANT~1\BAK
C:\PROGRA~1\HEWLET~1\HPSHAR~1\BAK
C:\PROGRA~1\VERITA~1\UPDATE~1\BAK
C:\PROGRA~1\COMMON~1\AOL\IPHSEND\BAK
C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
C:\PROGRA~1\COMMON~1\ROXIOS~1\SHARED~2\BAK
C:\PROGRA~1\HEWLET~1\DIGITA~1\UNLOAD\BAK
C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK
C:\PROGRA~1\COMMON~1\AOL\112541~2\EE\BAK
C:\PROGRA~1\PINNACLE\SHARED~1\PROGRAMS\USBTIP\BAK

Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
Select option 3 from the menu and press Enter.
Press any key to continue.
A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of folders to be removed.
Right click below this line and select Paste, to paste the list of folders copied to the clipboard earlier. Save and close the document.
The program will proceed to remove the bak folders and will perform another scan for bak folders.
It may take a few minutes to complete so be patient.

What should I do after this? Also I wanted to bring a small thing up, my computer is going very slow now because of the viruses. Will we be able to fix that?