Author Topic: I got a trojan (Read 2971 times)

weasel096 · « **on:** May 31, 2008, 10:34:21 PM »

can you look over my HJT log. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:58 PM, on 5/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\winself.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Documents and Settings\Ours\lsass.exe
C:\WINDOWS\TEMP\ETE9AC.EXE
C:\WINDOWS\mrofinu1188.exe
C:\windows\system32\jlwnw64p.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cfgwiz.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Â¤uÂ¨Ã£Â¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
O3 - Toolbar: Yahoo! Â¤uÂ¨Ã£Â¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Ours\lsass.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [{0B-BC-C6-60-DW}] C:\windows\system32\jlwnw64p.exe DWram
O4 - HKLM\..\Run: [{d10b2c7f-33f7-1d43-8f75-a6b3402f9956}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll" DllStart
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntmkdm.exe DWram
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [5cd0bccf] rundll32.exe "C:\WINDOWS\system32\qkhsuygq.dll",b
O4 - HKLM\..\Run: [SW CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cfgwiz.exe" /GUID {E90B1832-3097-4d1c-93D1-D5332BA287A0} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [BM5fe38f53] Rundll32.exe "C:\WINDOWS\system32\tllqamdi.dll",s
O4 - HKLM\..\RunServices: [LvHidSvc] C:\WINDOWS\system32\lvhidsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcntmkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jlwnw64p.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207005698253
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207007319156
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ajlovesweasel-1969.spaces.live.com/...ad/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O17 - HKLM\System\CS1\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lifeview HID Remote Controller Service (lvhidsvc) - Animation Technologies Inc. - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

--
End of file - 13194 bytes

guestolo · « **Reply #1 on:** May 31, 2008, 11:15:47 PM »

I can see some problems
Before we try a fix, can you do the following for me please
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back just the Whole contents of Main.txt and Extra.txt

weasel096 · « **Reply #2 on:** June 01, 2008, 09:47:07 PM »

Deckard's System Scanner v20071014.68
Run by Ours on 2008-06-01 20:39:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2008-06-02 01:40:24 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Ours.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-01 20:47:49
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\HP\KBD\kbd.exe
C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\EUBBEA.EXE
C:\Program Files\Trend Micro\OfficeScan Client\TSC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Ours\Desktop\dss.exe
C:\Program Files\Trend Micro\HijackThis\Ours.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Â¤uÂ¨Ã£Â¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: targetedbanner browser optimizer - {05fd6cbf-521c-70cc-d135-17147c23c9e7} - C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {0F452574-8D50-4E8B-923F-2045F98F69BB} - C:\WINDOWS\system32\cbXRIyxU.dll
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: {6a88b8fb-8ffe-edb8-ea74-fd3a63866678} - {87666836-a3df-47ae-8bde-eff8bf8b88a6} - C:\WINDOWS\system32\egivcram.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {9AEE7FA8-0DA7-4C8A-8B3E-FBB6B979C657} - C:\WINDOWS\system32\mlJArqqR.dll
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Yahoo! Â¤uÂ¨Ã£Â¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [5cd0bccf] rundll32.exe "C:\WINDOWS\system32\udchydlh.dll",b
O4 - HKLM\..\Run: [{d10b2c7f-33f7-1d43-8f75-a6b3402f9956}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll" DllStart
O4 - HKLM\..\Run: [BM5fe38f53] Rundll32.exe "C:\WINDOWS\system32\qaobcsdf.dll",s
O4 - HKLM\..\RunServices: [LvHidSvc] C:\WINDOWS\system32\lvhidsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207005698253
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207007319156
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ajlovesweasel-1969.spaces.live.com/...ad/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: mlJArqqR - C:\WINDOWS\system32\mlJArqqR.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: Lifeview HID Remote Controller Service (lvhidsvc) - Animation Technologies Inc. - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe

--
End of file - 15740 bytes

-- File Associations -----------------------------------------------------------

[color=\"red\"].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/color]
[color=\"red\"].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/color]

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 GBDevice - c:\windows\system32\drivers\gbdevice.sys <Not Verified; Symantec Corporation; Norton GoBack>
R0 GoBack2K - c:\windows\system32\drivers\goback2k.sys <Not Verified; Symantec Corporation; Norton GoBack>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R2 BCMNTIO - c:\program files\checkit\diagnostics\bcmntio.sys
R2 MAPMEM - c:\program files\checkit\diagnostics\mapmem.sys
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R2 TM_CFW (Common Firewall Driver) - c:\program files\trend micro\officescan client\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Micro Common Firewall Module 1.2>
R3 LVCap138 (TV Card WDM Video Capture) - c:\windows\system32\drivers\lvcap138.sys <Not Verified; Animation Technologies Inc.; Lifeview ® LR138 TV Card>
R3 lvtuner (TV Card TV Tuner) - c:\windows\system32\drivers\lvtuner.sys <Not Verified; Animation Technologies Inc.; Lifeview ® TV Card>

S2 GBFSHook - c:\windows\system32\drivers\gbfshook.sys <Not Verified; Symantec Corporation; Norton GoBack>
S3 SDdriver - c:\windows\system32\drivers\sddriver.sys <Not Verified; Symantec Corporation; Norton Speed Disk>
S3 TnIDriver - c:\docume~1\ours\locals~1\temp\tnif6.tmp (file missing)
S3 USBVSP - c:\windows\system32\drivers\usbvsp.sys <Not Verified; Atmel Corporation; Atmel USB Serial Adapter>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 lvhidsvc (Lifeview HID Remote Controller Service) - c:\windows\system32\lvhidsvc.exe <Not Verified; Animation Technologies Inc.; Lifeview ® TV Card>
R2 ntrtscan (OfficeScanNT RealTime Scan) - "c:\program files\trend micro\officescan client\ntrtscan.exe" <Not Verified; Trend Micro Inc.; Trend Micro OfficeScan>
R2 OfcPfwSvc (OfficeScanNT Personal Firewall) - "c:\program files\trend micro\officescan client\ofcpfwsvc.exe" <Not Verified; Trend Micro Inc.; Trend Micro OfficeScan>
R2 Speed Disk service - c:\progra~1\norton~1\norton~1\speedd~1\nopdb.exe <Not Verified; Symantec Corporation; Norton Speed Disk>
R2 tmlisten (OfficeScanNT Listener) - "c:\program files\trend micro\officescan client\tmlisten.exe" <Not Verified; Trend Micro Inc.; Trend Micro OfficeScan>

S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6103
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6103
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

-- Scheduled Tasks -------------------------------------------------------------

2008-06-01 17:59:28 252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-05-31 19:53:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-31 11:31:08 528 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Ours.job
2008-05-31 10:22:31 290 --a------ C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job

-- Files created between 2008-05-01 and 2008-06-01 -----------------------------

2008-06-01 17:53:23 0 d-------- C:\Program Files\SpyShredder
2008-05-31 23:03:25 95232 --a------ C:\WINDOWS\system32\udchydlh.dll
2008-05-31 23:00:26 108544 --a------ C:\WINDOWS\system32\egivcram.dll
2008-05-31 22:49:07 104448 --a------ C:\WINDOWS\system32\qaobcsdf.dll
2008-05-31 10:54:25 0 d-------- C:\Program Files\Norton AntiVirus
2008-05-31 10:37:24 2147483647 --ahs---- C:\gobackio.bin
2008-05-31 10:36:40 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-31 10:19:47 0 d-------- C:\Program Files\Norton SystemWorks
2008-05-31 10:15:12 95232 --a------ C:\WINDOWS\system32\qkhsuygq.dll
2008-05-31 10:06:20 108544 --a------ C:\WINDOWS\system32\bwwpllkk.dll
2008-05-31 10:01:05 104448 --a------ C:\WINDOWS\system32\tllqamdi.dll
2008-05-31 09:59:45 0 d-------- C:\Program Files\Symantec
2008-05-31 09:57:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-31 09:48:55 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-31 09:23:58 0 d-------- C:\Program Files\SpyMaxx
2008-05-31 09:12:39 0 --a------ C:\Documents and Settings\Ours\urlbase.bin
2008-05-31 09:12:39 0 --a------ C:\Documents and Settings\Ours\ignoredomainsbase.bin
2008-05-31 09:11:59 0 d-------- C:\Program Files\AntispyStorm
2008-05-31 09:00:11 0 d-------- C:\Program Files\CheckIt
2008-05-31 08:57:55 63488 --a------ C:\WINDOWS\system32\qoMcyVNG.dll
2008-05-31 08:55:19 15360 --a------ C:\WINDOWS\mssys.exe
2008-05-31 00:00:27 29952 --a------ C:\WINDOWS\msupdate.exe
2008-05-30 22:02:01 861 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-05-30 22:01:53 0 d-------- C:\WINDOWS\system32\vntiho18
2008-05-30 22:01:44 63488 --a------ C:\WINDOWS\system32\rqRLecyw.dll
2008-05-30 22:01:20 18176 --a------ C:\WINDOWS\y.exe
2008-05-30 22:01:20 22784 --a------ C:\WINDOWS\xplugin.dll
2008-05-30 22:01:19 10496 --a------ C:\WINDOWS\x.exe
2008-05-30 22:01:19 23808 --a------ C:\WINDOWS\winmgnt.exe
2008-05-30 22:01:19 16640 --a------ C:\WINDOWS\window.exe
2008-05-30 22:01:19 25856 --a------ C:\WINDOWS\winajbm.dll
2008-05-30 22:01:18 9984 --a------ C:\WINDOWS\win64.exe
2008-05-30 22:01:18 23552 --a------ C:\WINDOWS\win32e.exe
2008-05-30 22:01:18 30720 --a------ C:\WINDOWS\wEmail Removedexe
2008-05-30 22:01:18 19456 --a------ C:\WINDOWS\users32.exe
2008-05-30 22:01:18 28672 --a------ C:\WINDOWS\time.exe
2008-05-30 22:01:17 26624 --a------ C:\WINDOWS\systemcritical.exe
2008-05-30 22:01:17 28160 --a------ C:\WINDOWS\systeem.exe
2008-05-30 22:01:17 15104 --a------ C:\WINDOWS\svcinit.exe
2008-05-30 22:01:17 14848 --a------ C:\WINDOWS\svchost32.exe
2008-05-30 22:01:17 28160 --a------ C:\WINDOWS\sistem.exe
2008-05-30 22:01:16 27136 --a------ C:\WINDOWS\searchword.dll
2008-05-30 22:01:16 23040 --a------ C:\WINDOWS\rundll16.exe
2008-05-30 22:01:16 10496 --a------ C:\WINDOWS\quicken.exe
2008-05-30 22:01:16 10496 --a------ C:\WINDOWS\qttasks.exe
2008-05-30 22:01:16 24832 --a------ C:\WINDOWS\olehelp.exe
2008-05-30 22:01:15 22272 --a------ C:\WINDOWS\notepad32.exe
2008-05-30 22:01:15 12032 --a------ C:\WINDOWS\mtwirl32.dll
2008-05-30 22:01:15 29952 --a------ C:\WINDOWS\mswsc20.dll
2008-05-30 22:01:15 15616 --a------ C:\WINDOWS\mswsc10.dll
2008-05-30 22:01:14 18944 --a------ C:\WINDOWS\msspi.dll
2008-05-30 22:01:14 17920 --a------ C:\WINDOWS\msconfd.dll
2008-05-30 22:01:14 22784 --a------ C:\WINDOWS\loader.exe
2008-05-30 22:01:14 31232 --a------ C:\WINDOWS\internet.exe
2008-05-30 22:01:13 24064 --a------ C:\WINDOWS\inetinf.exe
2008-05-30 22:01:13 17920 --a------ C:\WINDOWS\iexplorer.exe
2008-05-30 22:01:13 28928 --a------ C:\WINDOWS\iedll.exe
2008-05-30 22:01:13 31744 --a------ C:\WINDOWS\helpcvs.exe
2008-05-30 22:01:12 15616 --a------ C:\WINDOWS\gfmnaaa.dll
2008-05-30 22:01:12 11776 --a------ C:\WINDOWS\funny.exe
2008-05-30 22:01:12 20736 --a------ C:\WINDOWS\funniest.exe
2008-05-30 22:01:12 27904 --a------ C:\WINDOWS\explorer32.exe
2008-05-30 22:01:12 31232 --a------ C:\WINDOWS\explore.exe
2008-05-30 22:01:11 14080 --a------ C:\WINDOWS\editpad.exe
2008-05-30 22:01:11 14848 --a------ C:\WINDOWS\dnsrelay.dll
2008-05-30 22:01:11 15616 --a------ C:\WINDOWS\directx32.exe
2008-05-30 22:01:11 22016 --a------ C:\WINDOWS\ctrlpan.dll
2008-05-30 22:01:11 28672 --a------ C:\WINDOWS\ctfmon32.exe
2008-05-30 22:01:11 13056 --a------ C:\WINDOWS\cpan.dll
2008-05-30 22:01:10 27136 --a------ C:\WINDOWS\clrssn.exe
2008-05-30 22:01:10 20736 --a------ C:\WINDOWS\avpcc.dll
2008-05-30 22:01:10 11776 --a------ C:\WINDOWS\accesss.exe
2008-05-30 22:00:00 401972 --a------ C:\WINDOWS\system32\g3.exe
2008-05-30 21:48:43 805368 --ahs---- C:\WINDOWS\system32\UxyIRXbc.ini2
2008-05-30 21:48:22 276480 --a------ C:\WINDOWS\system32\cbXRIyxU.dll
2008-05-30 21:45:39 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-30 21:45:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-30 21:44:08 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2008-05-30 21:44:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-05-30 21:43:59 1989 --a------ C:\WINDOWS\uninstall_nmon.vbs
2008-05-30 21:43:59 0 d--hs---- C:\WINDOWS\RGVuc3RlZHRz
2008-05-30 21:43:57 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-30 21:43:55 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-05-30 21:43:51 89049 --a------ C:\WINDOWS\system32\vbpdtvdp.exe <Not Verified; Microsoft; XML Media>
2008-05-30 21:43:51 89049 --a------ C:\WINDOWS\lfn.exe <Not Verified; Microsoft; XML Media>
2008-05-30 21:43:42 41984 --a------ C:\WINDOWS\mrofinu1000106.exe
2008-05-30 21:43:30 0 d-------- C:\WINDOWS\system32\Ucom1
2008-05-30 21:43:30 0 d-------- C:\WINDOWS\system32\sIE6
2008-05-30 21:43:30 0 d-------- C:\WINDOWS\system32\ITMP
2008-05-30 21:43:30 0 d-------- C:\WINDOWS\system32\evd2
2008-05-30 21:43:30 0 d-------- C:\WINDOWS\system32\Dev3
2008-05-30 21:43:30 0 d-------- C:\WINDOWS\system32\4026c
2008-05-30 21:43:24 41984 --a------ C:\WINDOWS\mrofinu1188.exe
2008-05-30 21:43:13 0 d-------- C:\WINDOWS\system32\vntiho05
2008-05-30 21:43:07 63488 --a------ C:\WINDOWS\system32\mlJArqqR.dll
2008-05-30 12:20:39 0 d-------- C:\Program Files\Apple Software Update
2008-05-30 12:20:31 0 d-------- C:\Program Files\QuickTime
2008-05-30 12:20:15 0 d-------- C:\Program Files\iPod
2008-05-30 12:20:12 0 d-------- C:\Program Files\iTunes
2008-05-30 07:10:18 0 d-------- C:\Documents and Settings\Ours\Application Data\VideoEgg
2008-05-30 03:34:03 0 d-------- C:\Program Files\iPod(2)
2008-05-30 03:33:54 0 d-------- C:\Program Files\iTunes(2)
2008-05-30 03:12:20 0 d-------- C:\Program Files\Apple Software Update(2)
2008-05-26 11:03:56 365056 --a------ C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll
2008-05-24 08:43:36 4194304 --a------ C:\Documents and Settings\Ours\ntuser.dat
2008-05-22 20:04:08 0 d-------- C:\WINDOWS\Prefetch
2008-05-22 19:52:16 0 d-------- C:\WINDOWS\system32\scripting
2008-05-22 19:52:15 0 d-------- C:\WINDOWS\l2schemas
2008-05-22 19:52:14 0 d-------- C:\WINDOWS\system32\en
2008-05-22 19:52:13 0 d-------- C:\WINDOWS\system32\bits
2008-05-22 19:48:06 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-22 19:39:00 0 d-------- C:\WINDOWS\EHome
2008-05-13 21:13:15 0 d-------- C:\Documents and Settings\Kids.DENSTEDTS\Application Data\Google
2008-05-13 18:25:40 0 d-------- C:\Documents and Settings\Kids.DENSTEDTS\Application Data\Apple Computer
2008-05-11 21:47:35 0 d-------- C:\Documents and Settings\Ours\Application Data\PlayFirst
2008-05-11 21:47:35 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-11 21:45:49 0 d-------- C:\Documents and Settings\Ours\Application Data\GameHouse
2008-05-11 21:45:46 0 d-------- C:\Program Files\GameHouse
2008-05-07 20:15:37 0 d-------- C:\Program Files\MyWebSearch
2008-05-07 20:14:46 0 d-------- C:\Program Files\FunWebProducts
2008-05-06 16:18:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-02 08:34:42 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-02 08:30:31 0 d-------- C:\Program Files\Windows Live Favorites

-- Find3M Report ---------------------------------------------------------------

2008-05-31 21:00:13 0 d-------- C:\Program Files\Trend Micro
2008-05-31 10:13:21 0 d-------- C:\Program Files\Common Files
2008-05-31 09:22:47 0 d-------- C:\Program Files\SpywareBlaster
2008-05-30 22:16:39 0 d-------- C:\Documents and Settings\Ours\Application Data\Lavasoft
2008-05-22 19:52:49 0 d-------- C:\Program Files\Messenger
2008-05-22 19:52:13 0 d-------- C:\Program Files\Movie Maker
2008-05-22 19:47:46 0 d-------- C:\Program Files\Windows NT
2008-05-22 17:08:33 0 d-------- C:\Documents and Settings\Ours\Application Data\GARMIN
2008-05-19 20:35:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-06 16:18:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-06 16:17:14 0 d-------- C:\Documents and Settings\Ours\Application Data\AdobeUM
2008-05-04 07:16:38 0 d-------- C:\Program Files\Windows Live
2008-05-02 08:33:08 0 d-------- C:\Program Files\Windows Live Toolbar
2008-05-01 18:13:53 0 d-------- C:\Documents and Settings\Ours\Application Data\Apple Computer
2008-04-28 19:28:35 0 d-------- C:\Documents and Settings\Ours\Application Data\Adobe
2008-04-26 09:42:50 0 d-------- C:\Program Files\Oberon Media
2008-04-22 19:17:18 0 d-------- C:\Program Files\Coupons
2008-04-19 13:06:23 0 d-------- C:\Program Files\Microsoft Works
2008-04-16 17:26:24 0 d-------- C:\Documents and Settings\Ours\Application Data\PC Suite
2008-04-16 17:26:16 0 d-------- C:\Documents and Settings\Ours\Application Data\Nokia
2008-04-16 17:26:16 1110 --a------ C:\Documents and Settings\Ours\Application Data\NMM-MetaData.db
2008-04-14 19:36:56 0 d-------- C:\Documents and Settings\Ours\Application Data\Yahoo!
2008-04-13 17:10:38 0 d-------- C:\Program Files\LimeWire
2008-04-13 17:05:25 0 d-------- C:\Program Files\Incomplete
2008-04-13 16:56:07 0 d-------- C:\Documents and Settings\Ours\Application Data\SAMSUNG
2008-04-12 08:44:52 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-11 22:34:13 0 d-------- C:\Program Files\Samsung
2008-04-11 08:50:25 0 d-------- C:\Documents and Settings\Ours\Application Data\FUJIFILM
2008-04-05 15:14:31 0 d-------- C:\Documents and Settings\Ours\Application Data\Talkback
2008-04-05 15:13:57 0 --a----c- C:\WINDOWS\nsreg.dat
2008-04-05 15:13:54 0 d-------- C:\Documents and Settings\Ours\Application Data\Mozilla
2008-04-04 17:33:17 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-04 08:38:03 0 d-------- C:\Documents and Settings\Ours\Application Data\funkitron
2008-04-04 08:22:18 0 d-------- C:\Program Files\Common Files\Real
2008-04-04 08:22:17 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2008-04-04 08:22:13 0 d-------- C:\Program Files\Real
2008-04-02 20:07:08 0 d-------- C:\Documents and Settings\Ours\Application Data\Sun
2008-04-02 18:09:18 0 d-------- C:\Documents and Settings\Ours\Application Data\InterVideo
2008-04-01 18:52:21 0 d-------- C:\Documents and Settings\Ours\Application Data\Google
2008-04-01 17:05:01 0 d-------- C:\Program Files\InterVideo Information Service
2008-04-01 17:05:01 0 d-------- C:\Program Files\Common Files\Ulead
2008-04-01 17:03:58 0 d-------- C:\Program Files\InterVideo
2008-04-01 17:03:26 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-01 16:51:05 0 d-------- C:\Program Files\Musicmatch
2008-04-01 16:50:06 0 d-------- C:\Documents and Settings\Ours\Application Data\Musicmatch
2008-04-01 16:48:41 0 d-------- C:\Program Files\Google
2008-04-01 16:41:12 0 d-------- C:\Program Files\Yahoo!
2008-04-01 16:32:57 0 d-------- C:\Program Files\Lavasoft
2008-04-01 16:32:02 0 d-------- C:\Documents and Settings\Ours\Application Data\MySpace
2008-04-01 16:31:59 0 d-------- C:\Program Files\MySpace
2008-04-01 16:29:49 0 d-------- C:\Program Files\DIFX
2008-04-01 16:29:35 0 d-------- C:\Program Files\Common Files\PCSuite
2008-04-01 16:29:31 0 d-------- C:\Program Files\Nokia
2008-04-01 16:29:31 0 d-------- C:\Program Files\Common Files\Nokia
2008-04-01 16:29:11 0 d-------- C:\Program Files\PC Connectivity Solution
2008-04-01 16:15:46 0 d-------- C:\Program Files\Java
2008-03-31 19:51:24 96577 --a----c- C:\WINDOWS\hpqins16.dat
2008-03-31 19:48:18 2064 --a----c- C:\Documents and Settings\Ours\Application Data\HPSU_48BitScanUpdate.log
2008-03-31 19:37:07 345 --a----c- C:\Documents and Settings\Ours\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
2008-03-31 19:37:05 0 --a----c- C:\Documents and Settings\Ours\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
2008-03-31 19:36:18 2799 --a----c- C:\Documents and Settings\Ours\Application Data\PatchUpdate_InstantShareJPG.log
2008-03-31 19:35:48 3596 --a----c- C:\Documents and Settings\Ours\Application Data\PatchUpdate_IZClosingDiscError.log
2008-03-31 19:34:32 137866 --a----c- C:\Documents and Settings\Ours\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-03-31 19:34:17 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
2008-03-31 19:32:01 112384 --a------ C:\WINDOWS\hpoins07.dat
2008-03-31 19:00:16 28672 --a------ C:\WINDOWS\system32\qttask.exe
2008-03-31 18:59:02 0 -rahs---- C:\MSDOS.SYS
2008-03-31 18:59:02 0 -rahs---- C:\IO.SYS
2008-03-31 18:59:02 0 --a------ C:\CONFIG.SYS
2008-03-31 18:59:02 0 --a------ C:\AUTOEXEC.BAT
2008-03-31 18:56:23 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-31 12:43:07 62 --ahs---- C:\Documents and Settings\Ours\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05fd6cbf-521c-70cc-d135-17147c23c9e7}]
05/26/2008 11:03 AM   365056   --a------   C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F452574-8D50-4E8B-923F-2045F98F69BB}]
05/30/2008 09:48 PM   276480   --a------   C:\WINDOWS\system32\cbXRIyxU.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87666836-a3df-47ae-8bde-eff8bf8b88a6}]
05/31/2008 11:00 PM   108544   --a------   C:\WINDOWS\system32\egivcram.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9AEE7FA8-0DA7-4C8A-8B3E-FBB6B979C657}]
05/30/2008 09:43 PM   63488   --a------   C:\WINDOWS\system32\mlJArqqR.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [02/07/2006 04:16 PM]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 02:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/23/2005 11:36 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/23/2005 11:31 AM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 11:32 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 05:24 PM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 05:44 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 05:34 PM]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 09:06 AM C:\WINDOWS\AGRSMMSG.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/28/2006 01:38 AM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [09/05/2006 09:22 PM]
"5cd0bccf"="C:\WINDOWS\system32\udchydlh.dll" [05/31/2008 11:03 PM]
"{d10b2c7f-33f7-1d43-8f75-a6b3402f9956}"="C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll" [05/26/2008 11:03 AM]
"BM5fe38f53"="C:\WINDOWS\system32\qaobcsdf.dll" [05/31/2008 10:49 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:12 PM]
"Windows update loader"="C:\Windows\xpupdate.exe" []
"SpyShredder"="C:\Program Files\SpyShredder\SpyShredder.exe" [06/01/2008 05:53 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"LvHidSvc"=C:\WINDOWS\system32\lvhidsvc.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"Wallpaper"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceActiveDesktopOn"=1 (0x1)
"NoActiveDesktop"=2 (0x2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9AEE7FA8-0DA7-4C8A-8B3E-FBB6B979C657}"= C:\WINDOWS\system32\mlJArqqR.dll [05/30/2008 09:43 PM 63488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJArqqR]
mlJArqqR.dll 05/30/2008 09:43 PM 63488 C:\WINDOWS\system32\mlJArqqR.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\cbXRIyxU

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton GoBack.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton GoBack.lnk
backup=C:\WINDOWS\pss\Norton GoBack.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ours^Start Menu^Programs^Startup^TVR Schedule.lnk]
path=C:\Documents and Settings\Ours\Start Menu\Programs\Startup\TVR Schedule.lnk
backup=C:\WINDOWS\pss\TVR Schedule.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5cd0bccf]
rundll32.exe "C:\WINDOWS\system32\qkhsuygq.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM5fe38f53]
Rundll32.exe "C:\WINDOWS\system32\tllqamdi.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
C:\WINDOWS\system32\mcntmkdm.exe DWram

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]
C:\Garmin\gStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{d10b2c7f-33f7-1d43-8f75-a6b3402f9956}]
C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll" DllStart

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs   eaphost
dot3svc   dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

-- End of Deckard's System Scanner: finished at 2008-06-01 21:18:39 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.93GHz
Percentage of Memory in Use: 75%
Physical Memory (total/avail): 759.48 MiB / 188.8 MiB
Pagefile Memory (total/avail): 1860.34 MiB / 1357.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1873.89 MiB

C: is Fixed (NTFS) - 74.52 GiB total, 24.57 GiB free.
D: is Removable (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is CDROM (No Media)
I: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ours\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DENSTEDTS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ours
LOGONSERVER=\\DENSTEDTS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ours\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ours\LOCALS~1\Temp
USERDOMAIN=DENSTEDTS
USERNAME=Ours
USERPROFILE=C:\Documents and Settings\Ours
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Ours (admin)
Kids.DENSTEDTS

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Advanced System Optimizer 2 --> "C:\Program Files\Advanced System Optimizer\unins000.exe"
Agere Systems PCI Soft Modem --> agrsmdel
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CheckIt Diagnostics --> C:\PROGRA~1\CheckIt\DIAGNO~1\UNWISE.EXE C:\PROGRA~1\CheckIt\DIAGNO~1\INSTALL.LOG
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Connection Keep Alive --> MsiExec.exe /I{77364F85-6219-4CB8-AAA0-6D53368D683D}
Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Deewoo Network Manager removal --> C:\WINDOWS\system32\mcntmkdm.exe -UPop
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
Enhancement Browser Tools Targetedbanner --> C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll-uninst.exe
FinePixViewer Ver.3.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{24ED4D80-8294-11D5-96CD-0040266301AD} /l1033
Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Garmin MapSource --> MsiExec.exe /X{4ACBBFC6-3F39-48DE-8D85-182736B2749B}
Garmin Training Center 3.3.2 --> MsiExec.exe /X{7834FE69-824C-4644-8107-899201C074C8}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
ImageMixer VCD for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
InterVideo WinDVD 8 --> C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java(tm) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LimeWire PRO 4.9.23 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft Compressi

guestolo · « **Reply #3 on:** June 01, 2008, 10:11:31 PM »

Can you do the following

Do a "System scan only" with Hijackthis and put a check next to these entries:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)

O2 - BHO: targetedbanner browser optimizer - {05fd6cbf-521c-70cc-d135-17147c23c9e7} - C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {0F452574-8D50-4E8B-923F-2045F98F69BB} - C:\WINDOWS\system32\cbXRIyxU.dll
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)

O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)

O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: {6a88b8fb-8ffe-edb8-ea74-fd3a63866678} - {87666836-a3df-47ae-8bde-eff8bf8b88a6} - C:\WINDOWS\system32\egivcram.dll

O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {9AEE7FA8-0DA7-4C8A-8B3E-FBB6B979C657} - C:\WINDOWS\system32\mlJArqqR.dll
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)

O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)

O4 - HKLM\..\Run: [5cd0bccf] rundll32.exe "C:\WINDOWS\system32\udchydlh.dll",b
O4 - HKLM\..\Run: [{d10b2c7f-33f7-1d43-8f75-a6b3402f9956}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll" DllStart
O4 - HKLM\..\Run: [BM5fe38f53] Rundll32.exe "C:\WINDOWS\system32\qaobcsdf.dll",s

O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1

O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab
O20 - Winlogon Notify: mlJArqqR - C:\WINDOWS\system32\mlJArqqR.dll

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Access your Add and Remove programs and try and remove the following:
Don't worry if it won't uninstall, just carry on

This includes:
Enhancement Browser Tools Targetedbanner
and
SpyShredder

Important: reboot the computer if any of the 2 were removed

Back in Windows
Download this file - Combofix.exe and save it ONLY to your desktop

Don't run it yet
Physically disconnect the internet cable connection to your computer
Temporarily disable your AntiVirus software and any Spyware realtime protections you may have running so it won't interfere with this fix

Double click on ComboFix.exe to run the program

Follow the prompts
normally this fix takes anywhere from 10 to 30 minutes

If the computer was rebooted by the fix
ComboFix will run again, then continue to create a log, this can take a few minutes
Let it run uninterrupted please
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

After ComboFix runs, and after it's log opens
Connect Internet cable, if you have no Internet connection
Simply reboot your computer
By default, the location of the combofix log is located at this location
C:\combofix.txt

Post back the log from ComboFix along with a fresh hijackthis log

weasel096 · « **Reply #4 on:** June 02, 2008, 08:38:58 PM »

here are the new log files.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:10 PM, on 6/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\TEMP\AD1A10.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\OfficeScan Client\TSC.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Â¤uÂ¨Ã£Â¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Yahoo! Â¤uÂ¨Ã£Â¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [{d10b2c7f-33f7-1d43-8f75-a6b3402f9956}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll" DllStart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [LvHidSvc] C:\WINDOWS\system32\lvhidsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: TVR Schedule.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207005698253
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207007319156
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ajlovesweasel-1969.spaces.live.com/...ad/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O17 - HKLM\System\CS1\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lifeview HID Remote Controller Service (lvhidsvc) - Animation Technologies Inc. - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

--
End of file - 14542 bytes

ComboFix 08-06-01.6 - Ours 2008-06-02 19:23:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.296 [GMT -5:00]
Running from: C:\Documents and Settings\Ours\Desktop\ComboFix.exe
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Ours\Start Menu\Programs\SpyShredder
C:\Documents and Settings\Ours\Start Menu\Programs\SpyShredder\SpyShredder.lnk
C:\Documents and Settings\Ours\Start Menu\Programs\SpyShredder\Uninstall.lnk
C:\Program Files\AntispyStorm
C:\Program Files\AntispyStorm\AntispyStorm.exe.MANIFEST
C:\Program Files\AntispyStorm\logs\05.31.08_09_15_20.log
C:\Program Files\AntispyStorm\parser_done
C:\Program Files\AntispyStorm\stat.bin
C:\Program Files\AntispyStorm\uninstall.exe
C:\Program Files\AntispyStorm\uninstall.log
C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\SpyMaxx
C:\Program Files\SpyMaxx\SpyMaxx.exe.MANIFEST
C:\Program Files\SpyMaxx\stat.bin
C:\Program Files\SpyMaxx\uninstall.exe
C:\Program Files\SpyMaxx\uninstall.log
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\vtmp2
C:\Temp\vtmp2\ktnv33.log
C:\WINDOWS\BM5fe38f53.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\default.htm
C:\WINDOWS\explore.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\lfn.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bwwpllkk.dll
C:\WINDOWS\system32\egivcram.dll
C:\WINDOWS\system32\hldyhcdu.ini
C:\WINDOWS\system32\kiilxkmr.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlJArqqR.dll
C:\WINDOWS\system32\mrijcjcl.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qaobcsdf.dll
C:\WINDOWS\system32\qgyushkq.ini
C:\WINDOWS\system32\qkhsuygq.dll
C:\WINDOWS\system32\qoMcyVNG.dll
C:\WINDOWS\system32\rmkxliik.dll
C:\WINDOWS\system32\tllqamdi.dll
C:\WINDOWS\system32\udchydlh.dll
C:\WINDOWS\system32\UxyIRXbc.ini
C:\WINDOWS\system32\UxyIRXbc.ini2
C:\WINDOWS\system32\vmtmqews.dll
C:\WINDOWS\system32\ynskocjt.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Legacy_TNIDRIVER
-------\Service_TnIDriver

((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 )))))))))))))))))))))))))))))))
.

2008-06-02 20:04 . 2008-06-02 20:09   1,853   --a------   C:\WINDOWS\default.htm
2008-06-02 20:03 . 2008-06-02 20:03   25,856   --a------   C:\WINDOWS\iexplorer.exe
2008-06-02 20:03 . 2008-06-02 20:03   9,472   --a------   C:\WINDOWS\explore.exe
2008-06-02 13:36 . 2008-06-02 13:36   41,984   -ra------   C:\WINDOWS\mrofinu1188.exe
2008-06-01 20:39 . 2008-06-01 20:39   <DIR>   d--------   C:\Deckard
2008-06-01 17:53 . 2008-06-01 17:53   <DIR>   d--------   C:\Program Files\SpyShredder
2008-05-31 10:54 . 2008-05-31 11:25   <DIR>   d--------   C:\Program Files\Norton AntiVirus
2008-05-31 10:37 . 2008-05-31 10:45   8,002,338,816   --ahs----   C:\gobackio.bin
2008-05-31 10:36 . 2008-05-31 10:36   <DIR>   d--------   C:\WINDOWS\Downloaded Installations
2008-05-31 10:19 . 2008-05-31 11:29   <DIR>   d--------   C:\Program Files\Norton SystemWorks
2008-05-31 10:09 . 2008-05-31 11:00   109,744   --a------   C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-31 10:09 . 2008-05-31 11:00   48,824   --a------   C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-31 10:09 . 2008-05-31 11:00   8,014   --a------   C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-31 10:09 . 2008-05-31 11:00   805   --a------   C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-31 09:59 . 2008-05-31 11:00   <DIR>   d--------   C:\Program Files\Symantec
2008-05-31 09:57 . 2008-05-31 11:03   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-31 09:48 . 2008-05-31 14:57   <DIR>   d--------   C:\Program Files\Common Files\Symantec Shared
2008-05-31 09:12 . 2008-05-31 09:12   0   --a------   C:\Documents and Settings\Ours\urlbase.bin
2008-05-31 09:12 . 2008-05-31 09:12   0   --a------   C:\Documents and Settings\Ours\ignoredomainsbase.bin
2008-05-31 09:00 . 2008-05-31 09:00   <DIR>   d--------   C:\Program Files\CheckIt
2008-05-31 08:55 . 2008-05-31 08:55   15,360   --a------   C:\WINDOWS\mssys.exe
2008-05-31 00:00 . 2008-05-31 00:00   29,952   --a------   C:\WINDOWS\msupdate.exe
2008-05-30 22:02 . 2008-05-30 22:02   861   --a------   C:\WINDOWS\system32\winpfz33.sys
2008-05-30 22:00 . 2008-05-30 22:00   401,972   --a------   C:\WINDOWS\system32\g3.exe
2008-05-30 21:48 . 2008-05-30 21:48   276,480   --a------   C:\WINDOWS\system32\cbXRIyxU.dll
2008-05-30 21:44 . 2008-05-30 21:44   <DIR>   d--------   C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-05-30 12:20 . 2008-05-30 12:20   <DIR>   d--------   C:\Program Files\QuickTime
2008-05-30 12:20 . 2008-05-31 21:16   <DIR>   d--------   C:\Program Files\iTunes
2008-05-30 12:20 . 2008-05-31 21:15   <DIR>   d--------   C:\Program Files\iPod
2008-05-30 12:20 . 2008-05-30 12:20   <DIR>   d--------   C:\Program Files\Apple Software Update
2008-05-30 07:10 . 2008-05-30 12:19   <DIR>   d--------   C:\Documents and Settings\Ours\Application Data\VideoEgg
2008-05-30 03:34 . 2008-05-30 12:20   <DIR>   d--------   C:\Program Files\iPod(2)
2008-05-30 03:33 . 2008-05-30 12:20   <DIR>   d--------   C:\Program Files\iTunes(2)
2008-05-30 03:12 . 2008-05-30 12:20   <DIR>   d--------   C:\Program Files\Apple Software Update(2)
2008-05-22 22:36 . 2008-05-22 22:36   268   --ah-----   C:\sqmdata19.sqm
2008-05-22 22:36 . 2008-05-22 22:36   244   --ah-----   C:\sqmnoopt19.sqm
2008-05-22 19:52 . 2008-05-22 19:52   <DIR>   d--------   C:\WINDOWS\system32\scripting
2008-05-22 19:52 . 2008-05-22 19:52   <DIR>   d--------   C:\WINDOWS\system32\en
2008-05-22 19:52 . 2008-05-22 19:52   <DIR>   d--------   C:\WINDOWS\system32\bits
2008-05-22 19:52 . 2008-05-22 19:52   <DIR>   d--------   C:\WINDOWS\l2schemas
2008-05-22 19:48 . 2008-05-22 19:52   <DIR>   d--------   C:\WINDOWS\ServicePackFiles
2008-05-22 19:39 . 2008-05-22 19:39   <DIR>   d--------   C:\WINDOWS\EHome
2008-05-22 19:27 . 2008-04-13 19:12   4,274,816   --a------   C:\WINDOWS\system32\nv4_disp.dll
2008-05-22 19:26 . 2008-04-13 19:11   1,888,992   --a------   C:\WINDOWS\system32\ati3duag.dll
2008-05-22 19:25 . 2008-04-13 19:11   136,192   --a------   C:\WINDOWS\system32\aaclient.dll
2008-05-22 19:25 . 2008-04-13 19:11   4,255   --a------   C:\WINDOWS\system32\drivers\adv01nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11   3,967   --a------   C:\WINDOWS\system32\drivers\adv02nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11   3,775   --a------   C:\WINDOWS\system32\drivers\adv11nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11   3,711   --a------   C:\WINDOWS\system32\drivers\adv09nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11   3,647   --a------   C:\WINDOWS\system32\drivers\adv07nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11   3,615   --a------   C:\WINDOWS\system32\drivers\adv05nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11   3,135   --a------   C:\WINDOWS\system32\drivers\adv08nt5.dll
2008-05-22 18:25 . 2008-05-22 18:25   268   --ah-----   C:\sqmdata18.sqm
2008-05-22 18:25 . 2008-05-22 18:25   244   --ah-----   C:\sqmnoopt18.sqm
2008-05-21 22:28 . 2008-05-21 22:28   268   --ah-----   C:\sqmdata17.sqm
2008-05-21 22:28 . 2008-05-21 22:28   244   --ah-----   C:\sqmnoopt17.sqm
2008-05-20 17:02 . 2008-05-20 17:02   268   --ah-----   C:\sqmdata16.sqm
2008-05-20 17:02 . 2008-05-20 17:02   244   --ah-----   C:\sqmnoopt16.sqm
2008-05-19 20:26 . 2008-05-19 20:26   268   --ah-----   C:\sqmdata15.sqm
2008-05-19 20:26 . 2008-05-19 20:26   244   --ah-----   C:\sqmnoopt15.sqm
2008-05-19 16:04 . 2008-05-19 16:04   268   --ah-----   C:\sqmdata14.sqm
2008-05-19 16:04 . 2008-05-19 16:04   244   --ah-----   C:\sqmnoopt14.sqm
2008-05-19 05:58 . 2008-05-19 05:58   268   --ah-----   C:\sqmdata13.sqm
2008-05-19 05:58 . 2008-05-19 05:58   244   --ah-----   C:\sqmnoopt13.sqm
2008-05-18 22:59 . 2008-05-18 22:59   268   --ah-----   C:\sqmdata12.sqm
2008-05-18 22:58 . 2008-05-18 22:58   244   --ah-----   C:\sqmnoopt12.sqm
2008-05-17 23:20 . 2008-05-30 12:25   268   --ah-----   C:\sqmdata11.sqm
2008-05-17 23:20 . 2008-05-30 12:25   244   --ah-----   C:\sqmnoopt11.sqm
2008-05-17 00:09 . 2008-05-30 12:18   268   --ah-----   C:\sqmdata10.sqm
2008-05-17 00:09 . 2008-05-30 12:18   244   --ah-----   C:\sqmnoopt10.sqm
2008-05-13 18:25 . 2008-05-13 18:25   <DIR>   d--------   C:\Documents and Settings\Kids.DENSTEDTS\Application Data\Apple Computer
2008-05-11 21:47 . 2008-05-11 21:47   <DIR>   d--------   C:\Documents and Settings\Ours\Application Data\PlayFirst
2008-05-11 21:47 . 2008-05-11 21:47   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-11 21:45 . 2008-05-11 21:45   <DIR>   d--------   C:\Program Files\GameHouse
2008-05-11 21:45 . 2008-05-11 21:45   <DIR>   d--------   C:\Documents and Settings\Ours\Application Data\GameHouse
2008-05-07 17:43 . 2004-05-14 16:53   462,848   --a------   C:\WINDOWS\system32\ltkrn13n.dll
2008-05-07 17:43 . 2004-05-14 16:53   450,560   --a------   C:\WINDOWS\system32\ltimg13n.dll
2008-05-07 17:43 . 2004-05-14 16:53   401,408   --a------   C:\WINDOWS\system32\lfcmp13n.dll
2008-05-07 17:43 . 2004-05-14 16:53   299,008   --a------   C:\WINDOWS\system32\ltdis13n.dll
2008-05-07 17:43 . 2004-01-12 02:09   206,336   --a------   C:\WINDOWS\system32\ltefx13n.dll
2008-05-07 17:43 . 2004-05-14 16:53   163,840   --a------   C:\WINDOWS\system32\ltfil13n.dll
2008-05-07 17:43 . 2003-11-04 15:10   69,632   --a------   C:\WINDOWS\system32\lfgif13n.dll
2008-05-07 17:43 . 2004-05-14 16:53   57,344   --a------   C:\WINDOWS\system32\lfbmp13n.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 02:00   ---------   d-----w   C:\Program Files\Trend Micro
2008-05-31 14:23   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-31 14:22   ---------   d-----w   C:\Program Files\SpywareBlaster
2008-05-31 03:16   ---------   d-----w   C:\Documents and Settings\Ours\Application Data\Lavasoft
2008-05-31 02:43   89,049   ----a-w   C:\WINDOWS\system32\vbpdtvdp.exe
2008-05-31 02:43   41,984   ----a-w   C:\WINDOWS\mrofinu1000106.exe
2008-05-22 22:08   ---------   d-----w   C:\Documents and Settings\Ours\Application Data\GARMIN
2008-05-20 01:35   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-06 21:18   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-05-06 21:17   ---------   d-----w   C:\Documents and Settings\Ours\Application Data\AdobeUM
2008-05-04 12:16   ---------   d-----w   C:\Program Files\Windows Live
2008-05-02 13:34   ---------   d-----w   C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-02 13:33   ---------   d-----w   C:\Program Files\Windows Live Toolbar
2008-05-02 13:30   ---------   d-----w   C:\Program Files\Windows Live Favorites
2008-05-02 13:15   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-01 23:13   ---------   d-----w   C:\Documents and Settings\Ours\Application Data\Apple Computer
2008-04-26 14:42   ---------   d-----w   C:\Program Files\Oberon Media
2008-04-25 11:52   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\PopCap
2008-04-23 00:17   ---------   d-----w   C:\Program Files\Coupons
2008-04-19 18:06   ---------   d-----w   C:\Program Files\Microsoft Works
2008-04-16 22:26   ---------   d-----w   C:\Documents and Settings\Ours\Application Data\PC Suite
2008-04-16 22:26   ---------   d-----w   C:\Documents and Settings\Ours\Application Data\Nokia
2008-04-16 22:13   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\PC Suite
2008-04-15 00:36   ---------   d-----w   C:\Documents and Settings\Ours\Application Data\Yahoo!
2008-04-14 10:42   985,088   ----a-w   C:\WINDOWS\system32\setupapi.dll
2008-04-14 10:42   11,264   ----a-w   C:\WINDOWS\system32\spnpinst.exe
2008-04-14 10:41   423,936   ----a-w   C:\WINDOWS\system32\licdll.dll
2008-04-14 00:32   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-04-14 00:25   1,804   ----a-w   C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16   329,728   ----a-w   C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13   92,424   ----a-w   C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13   87,176   ----a-w   C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13   40,840   ----a-w   C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13   21,896   ----a-w   C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13   139,656   ----a-w   C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13   12,168   ----a-w   C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13   12,040   ----a-w   C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11   997,376   ----a-w   C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10   53,279   ----a-w   C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10   4,126   ----a-w   C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10   3,584   ----a-w   C:\WINDOWS\system32\msafd.dll
2008-04-13 22:10   ---------   d-----w   C:\Program Files\LimeWire
2008-04-13 22:05   ---------   d-----w   C:\Program Files\Incomplete
2008-04-13 21:56   ---------   d-----w   C:\Documents and Settings\Ours\Application Data\SAMSUNG
2008-04-13 21:00   103,424   ----a-w   C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30   1,845,632   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28   175,744   ----a-w   C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:27   2,188,928   ----a-w   C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21   162,816   ----a-w   C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20   91,520   ----a-w   C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20   361,344   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20   182,656   ----a-w   C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19   75,264   ----a-w   C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19   51,328   ----a-w   C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19   48,384   ----a-w   C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19   146,048   ----a-w   C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19   138,112   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18   52,480   ----a-w   C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17   83,072   ----a-w   C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17   456,576   ----a-w   C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17   105,344   ----a-w   C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16   49,536   ----a-w   C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16   141,056   ----a-w   C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15   64,512   ----a-w   C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15   60,800   ----a-w   C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15   574,976   ----a-w   C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15   334,848   ----a-w   C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14   63,744   ----a-w   C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14   143,744   ----a-w   C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00   30,080   ----a-w   C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00   225,664   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00   19,072   ----a-w   C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57   41,472   ----a-w   C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57   40,576   ----a-w   C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57   34,560   ----a-w   C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57   20,864   ----a-w   C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57   152,832   ----a-w   C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57   14,336   ----a-w   C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57   10,112   ----a-w   C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56   88,320   ----a-w   C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56   69,120   ----a-w   C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56   35,072   ----a-w   C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56   34,688   ----a-w   C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56   30,592   ----a-w   C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56   30,592   ----a-w   C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56   12,800   ----a-w   C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56   12,800   ----a-w   C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56   12,288   ----a-w   C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55   202,624   ----a-w   C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55   14,592   ----a-w   C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54   11,264   ----a-w   C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53   71,552   ----a-w   C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53   40,320   ----a-w   C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53   36,608   ----a-w   C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53   264,832   ----a-w   C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51   61,824   ----a-w   C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51   60,800   ----a-w   C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51   59,904   ----a-w   C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51   55,808   ----a-w   C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51   101,120   ----a-w   C:\WINDOWS\system32\drivers\bthpan.sys
2005-07-29 21:24   472   --sha-r   C:\WINDOWS\RGVuc3RlZHRz\l3pRwal5tJlW.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{889FFD77-6071-4E87-B9C9-6C2289F74D02}]
2008-05-30 21:48   276480   --a------   C:\WINDOWS\system32\cbXRIyxU.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 15:32 8699904]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"gStart"="C:\Garmin\gStart.exe" [2007-08-23 05:58 1891416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-02-07 16:16 356352]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 11:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 11:31 126976]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 17:24 54840]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-28 01:38 107112]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 21:22 26248]
"{d10b2c7f-33f7-1d43-8f75-a6b3402f9956}"="C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-03-09 19:10 11776]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"LvHidSvc"="C:\WINDOWS\system32\lvhidsvc.exe" [2004-10-10 19:17 33280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 15:32 8699904]

C:\Documents and Settings\Ours\Start Menu\Programs\Startup\
TVR Schedule.lnk - C:\Documents and Settings\Ours\Application Data\Microsoft\Installer\{E4C3B10E-E277-4458-8440-DAE332D50BF3}\_4ae13d6c.exe [2008-03-31 19:11:12 1078]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2002-01-09 22:53:14 200704]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-09-04 17:23:00 53317]
Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe [2006-07-19 11:45:12 861872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\vbpdtvdp.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
S3 USBVSP;USBVSP;C:\WINDOWS\system32\drivers\Usbvsp.sys [2003-09-08 14:43]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-01 00:53:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-02 23:59:11 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-31 16:31:08 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Ours.job"
- C:\PROGRA~1\NORTON~2\Navw32.exeh/TASK:
"2008-05-31 15:22:31 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 20:03:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\iexplorer.exe 25856 bytes
C:\WINDOWS\explore.exe 9472 bytes
C:\WINDOWS\default.htm 1853 bytes

scan completed successfully
hidden files: 3

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\vbpdtvdp.exe
C:\WINDOWS\TEMP\AKEE37.EXE
C:\Program Files\Trend Micro\OfficeScan Client\PccNTUpd.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\TVR\TVR\RecSche.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-06-02 20:18:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-03 01:17:32

Pre-Run: 26,249,859,072 bytes free
Post-Run: 26,366,214,144 bytes free

437   --- E O F ---   2008-05-16 04:30:02

guestolo · « **Reply #5 on:** June 02, 2008, 09:24:44 PM »

One more scan please

download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

After you post that log
Also post another fresh hijackthis log

weasel096 · « **Reply #6 on:** June 03, 2008, 08:42:32 PM »

here are the logs that you requested....

Malwarebytes' Anti-Malware 1.14
Database version: 818

8:30:01 PM 6/3/2008
mbam-log-6-3-2008 (20-30-01).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 113891
Time elapsed: 1 hour(s), 3 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 28
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 10
Files Infected: 170

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sm_ie_monitor.ie_monitor (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SpyMaxx (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\vbpdtvdp.exe -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\SpyShredder (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ITMP (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\mlJArqqR.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\qkhsuygq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\qoMcyVNG.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\udchydlh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{31D302E6-FC7F-4E76-9EE5-EB368B495A2F}\RP1\A0001027.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{31D302E6-FC7F-4E76-9EE5-EB368B495A2F}\RP2\A0001040.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{31D302E6-FC7F-4E76-9EE5-EB368B495A2F}\RP2\A0001041.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{31D302E6-FC7F-4E76-9EE5-EB368B495A2F}\RP2\A0001044.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{31D302E6-FC7F-4E76-9EE5-EB368B495A2F}\RP2\A0001045.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{31D302E6-FC7F-4E76-9EE5-EB368B495A2F}\RP2\A0001048.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{31D302E6-FC7F-4E76-9EE5-EB368B495A2F}\RP2\A0001052.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{31D302E6-FC7F-4E76-9EE5-EB368B495A2F}\RP2\A0001058.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{31D302E6-FC7F-4E76-9EE5-EB368B495A2F}\RP2\A0001202.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{31D302E6-FC7F-4E76-9EE5-EB368B495A2F}\RP2\A0001204.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{31D302E6-FC7F-4E76-9EE5-EB368B495A2F}\RP2\A0003653.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu1000106.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu1188.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRLecyw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder.exe (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder.lic (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder0.ss (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder1.ss (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\Uninstall.exe (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ours\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\WINDOWS\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\y.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbpdtvdp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXRIyxU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:32 PM, on 6/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\TEMP\ZWED58.EXE
C:\Program Files\Trend Micro\OfficeScan Client\TSC.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Â¤uÂ¨Ã£Â¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Yahoo! Â¤uÂ¨Ã£Â¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [{d10b2c7f-33f7-1d43-8f75-a6b3402f9956}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll" DllStart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [LvHidSvc] C:\WINDOWS\system32\lvhidsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: TVR Schedule.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207005698253
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207007319156
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ajlovesweasel-1969.spaces.live.com/...ad/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O17 - HKLM\System\CS1\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lifeview HID Remote Controller Service (lvhidsvc) - Animation Technologies Inc. - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

--
End of file - 14257 bytes

guestolo · « **Reply #7 on:** June 03, 2008, 08:57:39 PM »

Can you delete your copy of Combofix, I want to ensure we have the most up to date copy
Download a fresh copy from here>> - Combofix.exe and save it ONLY to your desktop

Don't run it yet

Again, Temporarily disable AV and Spyware protection programs

Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)

O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)

O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)

O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)

After you have ticked the above entries, close All other open windows
Including this one>>It's important that you have all Internet Explorer windows closed at this point
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Double click to run Combofix.exe again
Follow prompts

Double click on ComboFix.exe to run the program
Follow the prompts

Post back the log from ComboFix that will open along with a fresh hijackthis log

weasel096 · « **Reply #8 on:** June 03, 2008, 09:52:36 PM »

New logs..

ComboFix 08-06-03.1 - Ours 2008-06-03 21:43:36.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.348 [GMT -5:00]
Running from: C:\Documents and Settings\Ours\Desktop\ComboFix.exe
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))
.

2008-06-03 16:15 . 2008-06-03 16:15   <DIR>   d--------   C:\Documents and Settings\Ours\Application Data\Malwarebytes
2008-06-03 16:14 . 2008-06-03 16:15   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-06-03 16:14 . 2008-06-03 16:14   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-03 16:14 . 2008-05-30 01:06   34,296   --a------   C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-03 16:14 . 2008-05-30 01:06   15,864   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-06-01 20:39 . 2008-06-01 20:39   <DIR>   d--------   C:\Deckard
2008-05-31 10:54 . 2008-05-31 11:25   <DIR>   d--------   C:\Program Files\Norton AntiVirus
2008-05-31 10:37 . 2008-05-31 10:45   8,002,338,816   --ahs----   C:\gobackio.bin
2008-05-31 10:36 . 2008-05-31 10:36   <DIR>   d--------   C:\WINDOWS\Downloaded Installations
2008-05-31 10:19 . 2008-05-31 11:29   <DIR>   d--------   C:\Program Files\Norton SystemWorks
2008-05-31 10:09 . 2008-05-31 11:00   109,744   --a------   C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-31 10:09 . 2008-05-31 11:00   48,824   --a------   C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-31 10:09 . 2008-05-31 11:00   8,014   --a------   C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-31 10:09 . 2008-05-31 11:00   805   --a------   C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-31 09:59 . 2008-05-31 11:00   <DIR>   d--------   C:\Program Files\Symantec
2008-05-31 09:57 . 2008-05-31 11:03   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-31 09:48 . 2008-06-03 21:38   <DIR>   d--------   C:\Program Files\Common Files\Symantec Shared
2008-05-31 09:12 . 2008-05-31 09:12   0   --a------   C:\Documents and Settings\Ours\urlbase.bin
2008-05-31 09:12 . 2008-05-31 09:12   0   --a------   C:\Documents and Settings\Ours\ignoredomainsbase.bin
2008-05-31 09:00 . 2008-05-31 09:00   <DIR>   d--------   C:\Program Files\CheckIt
2008-05-31 08:55 . 2008-05-31 08:55   15,360   --a------   C:\WINDOWS\mssys.exe
2008-05-31 00:00 . 2008-05-31 00:00   29,952   --a------   C:\WINDOWS\msupdate.exe
2008-05-30 22:00 . 2008-05-30 22:00   401,972   --a------   C:\WINDOWS\system32\g3.exe
2008-05-30 21:44 . 2008-05-30 21:44   <DIR>   d--------   C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-05-30 21:43 . 2008-06-02 19:43   <DIR>   d--------   C:\WINDOWS\system32\vntiho05
2008-05-30 21:43 . 2008-05-30 23:38   <DIR>   d--------   C:\WINDOWS\system32\Ucom1
2008-05-30 21:43 . 2008-05-30 21:43   <DIR>   d--------   C:\WINDOWS\system32\sIE6
2008-05-30 21:43 . 2008-06-02 19:39   <DIR>   d--------   C:\WINDOWS\system32\evd2
2008-05-30 21:43 . 2008-06-02 19:38   <DIR>   d--------   C:\WINDOWS\system32\Dev3
2008-05-30 21:43 . 2008-06-02 19:37   <DIR>   d--------   C:\WINDOWS\system32\4026c
2008-05-30 21:43 . 2008-06-03 18:03   <DIR>   d--------   C:\WINDOWS\RGVuc3RlZHRz
2008-05-30 21:43 . 2008-05-30 21:43   4   --a------   C:\WINDOWS\system32\hljwugsf.bin
2008-05-30 12:20 . 2008-05-30 12:20   <DIR>   d--------   C:\Program Files\QuickTime
2008-05-30 12:20 . 2008-05-31 21:16   <DIR>   d--------   C:\Program Files\iTunes
2008-05-30 12:20 . 2008-05-31 21:15   <DIR>   d--------   C:\Program Files\iPod
2008-05-30 12:20 . 2008-05-30 12:20   <DIR>   d--------   C:\Program Files\Apple Software Update
2008-05-30 03:34 . 2008-05-30 12:20   <DIR>   d--------   C:\Program Files\iPod(2)
2008-05-30 03:33 . 2008-05-30 12:20   <DIR>   d--------   C:\Program Files\iTunes(2)
2008-05-30 03:12 . 2008-05-30 12:20   <DIR>   d--------   C:\Program Files\Apple Software Update(2)
2008-05-22 22:36 . 2008-05-22 22:36   268   --ah-----   C:\sqmdata19.sqm
2008-05-22 22:36 . 2008-05-22 22:36   244   --ah-----   C:\sqmnoopt19.sqm
2008-05-22 19:52 . 2008-05-22 19:52   <DIR>   d--------   C:\WINDOWS\system32\scripting
2008-05-22 19:52 . 2008-05-22 19:52   <DIR>   d--------   C:\WINDOWS\system32\en
2008-05-22 19:52 . 2008-05-22 19:52   <DIR>   d--------   C:\WINDOWS\system32\bits
2008-05-22 19:52 . 2008-05-22 19:52   <DIR>   d--------   C:\WINDOWS\l2schemas
2008-05-22 19:48 . 2008-05-22 19:52   <DIR>   d--------   C:\WINDOWS\ServicePackFiles
2008-05-22 19:39 . 2008-05-22 19:39   <DIR>   d--------   C:\WINDOWS\EHome
2008-05-22 19:27 . 2008-04-13 19:12   4,274,816   --a------   C:\WINDOWS\system32\nv4_disp.dll
2008-05-22 19:26 . 2008-04-13 19:11   1,888,992   --a------   C:\WINDOWS\system32\ati3duag.dll
2008-05-22 19:25 . 2008-04-13 19:11   136,192   --a------   C:\WINDOWS\system32\aaclient.dll
2008-05-22 19:25 . 2008-04-13 19:11   4,255   --a------   C:\WINDOWS\system32\drivers\adv01nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11   3,967   --a------   C:\WINDOWS\system32\drivers\adv02nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11   3,775   --a------   C:\WINDOWS\system32\drivers\adv11nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11   3,711   --a------   C:\WINDOWS\system32\drivers\adv09nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11   3,647   --a------   C:\WINDOWS\system32\drivers\adv07nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11   3,615   --a------   C:\WINDOWS\system32\drivers\adv05nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11   3,135   --a------   C:\WINDOWS\system32\drivers\adv08nt5.dll
2008-05-22 18:25 . 2008-05-22 18:25   268   --ah-----   C:\sqmdata18.sqm
2008-05-22 18:25 . 2008-05-22 18:25   244   --ah-----   C:\sqmnoopt18.sqm
2008-05-21 22:28 . 2008-05-21 22:28   268   --ah-----   C:\sqmdata17.sqm
2008-05-21 22:28 . 2008-05-21 22:28   244   --ah-----   C:\sqmnoopt17.sqm
2008-05-20 17:02 . 2008-05-20 17:02   268   --ah-----   C:\sqmdata16.sqm
2008-05-20 17:02 . 2008-05-20 17:02   244   --ah-----   C:\sqmnoopt16.sqm
2008-05-19 20:26 . 2008-05-19 20:26   268   --ah-----   C:\sqmdata15.sqm
2008-05-19 20:26 . 2008-05-19 20:26   244   --ah-----   C:\sqmnoopt15.sqm
2008-05-19 16:04 . 2008-05-19 16:04   268   --ah-----   C:\sqmdata14.sqm
2008-05-19 16:04 . 2008-05-19 16:04   244   --ah-----   C:\sqmnoopt14.sqm
2008-05-19 05:58 . 2008-05-19 05:58   268   --ah-----   C:\sqmdata13.sqm
2008-05-19 05:58 . 2008-05-19 05:58   244   --ah-----   C:\sqmnoopt13.sqm
2008-05-18 22:59 . 2008-05-18 22:59   268   --ah-----   C:\sqmdata12.sqm
2008-05-18 22:58 . 2008-05-18 22:58   244   --ah-----   C:\sqmnoopt12.sqm
2008-05-17 23:20 . 2008-05-30 12:25   268   --ah-----   C:\sqmdata11.sqm
2008-05-17 23:20 . 2008-05-30 12:25   244   --ah-----   C:\sqmnoopt11.sqm
2008-05-17 00:09 . 2008-05-30 12:18   268   --ah-----   C:\sqmdata10.sqm
2008-05-17 00:09 . 2008-05-30 12:18   244   --ah-----   C:\sqmnoopt10.sqm
2008-05-13 18:25 . 2008-05-13 18:25   <DIR>   d--------   C:\Documents and Settings\Kids.DENSTEDTS\Application Data\Apple Computer
2008-05-11 21:47 . 2008-05-11 21:47   <DIR>   d--------   C:\Documents and Settings\Ours\Application Data\PlayFirst
2008-05-11 21:47 . 2008-05-11 21:47   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-11 21:45 . 2008-05-11 21:45   <DIR>   d--------   C:\Program Files\GameHouse
2008-05-11 21:45 . 2008-05-11 21:45   <DIR>   d--------   C:\Documents and Settings\Ours\Application Data\GameHouse
2008-05-07 17:43 . 2004-05-14 16:53   462,848   --a------   C:\WINDOWS\system32\ltkrn13n.dll
2008-05-07 17:43 . 2004-05-14 16:53   450,560   --a------   C:\WINDOWS\system32\ltimg13n.dll
2008-05-07 17:43 . 2004-05-14 16:53   401,408   --a------   C:\WINDOWS\system32\lfcmp13n.dll
2008-05-07 17:43 . 2004-05-14 16:53   299,008   --a------   C:\WINDOWS\system32\ltdis13n.dll
2008-05-07 17:43 . 2004-01-12 02:09   206,336   --a------   C:\WINDOWS\system32\ltefx13n.dll
2008-05-07 17:43 . 2004-05-14 16:53   163,840   --a------   C:\WINDOWS\system32\ltfil13n.dll
2008-05-07 17:43 . 2003-11-04 15:10   69,632   --a------   C:\WINDOWS\system32\lfgif13n.dll
2008-05-07 17:43 . 2004-05-14 16:53   57,344   --a------   C:\WINDOWS\system32\lfbmp13n.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 02:00   ---------   d-----w   C:\Program Files\Trend Micro
2008-05-31 14:23   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-31 14:22   ---------   d-----w   C:\Program Files\SpywareBlaster
2008-05-31 03:16   ---------   d-----w   C:\Documents and Settings\Ours\Application Data\Lavasoft
2008-05-22 22:08   ---------   d-----w   C:\Documents and Settings\Ours\Application Data\GARMIN
2008-05-20 01:35   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-06 21:18   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-05-06 21:17   ---------   d-----w   C:\Documents and Settings\Ours\Application Data\AdobeUM
2008-05-04 12:16   ---------   d-----w   C:\Program Files\Windows Live
2008-05-02 13:34   ---------   d-----w   C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-02 13:33   ---------   d-----w   C:\Program Files\Windows Live Toolbar
2008-05-02 13:30   ---------   d-----w   C:\Program Files\Windows Live Favorites
2008-05-02 13:15   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-01 23:13   ---------   d-----w   C:\Documents and Settings\Ours\Application Data\Apple Computer
2008-04-26 14:42   ---------   d-----w   C:\Program Files\Oberon Media
2008-04-25 11:52   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\PopCap
2008-04-23 00:17   ---------   d-----w   C:\Program Files\Coupons
2008-04-19 18:06   ---------   d-----w   C:\Program Files\Microsoft Works
2008-04-16 22:26   ---------   d-----w   C:\Documents and Settings\Ours\Application Data\PC Suite
2008-04-16 22:26   ---------   d-----w   C:\Documents and Settings\Ours\Application Data\Nokia
2008-04-16 22:13   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\PC Suite
2008-04-15 00:36   ---------   d-----w   C:\Documents and Settings\Ours\Application Data\Yahoo!
2008-04-14 10:42   985,088   ----a-w   C:\WINDOWS\system32\setupapi.dll
2008-04-14 10:42   11,264   ----a-w   C:\WINDOWS\system32\spnpinst.exe
2008-04-14 10:41   423,936   ----a-w   C:\WINDOWS\system32\licdll.dll
2008-04-14 00:32   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-04-14 00:25   1,804   ----a-w   C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16   329,728   ----a-w   C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13   92,424   ----a-w   C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13   87,176   ----a-w   C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13   40,840   ----a-w   C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13   21,896   ----a-w   C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13   139,656   ----a-w   C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13   12,168   ----a-w   C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13   12,040   ----a-w   C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11   997,376   ----a-w   C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10   53,279   ----a-w   C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10   4,126   ----a-w   C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10   3,584   ----a-w   C:\WINDOWS\system32\msafd.dll
2008-04-13 22:10   ---------   d-----w   C:\Program Files\LimeWire
2008-04-13 22:05   ---------   d-----w   C:\Program Files\Incomplete
2008-04-13 21:56   ---------   d-----w   C:\Documents and Settings\Ours\Application Data\SAMSUNG
2008-04-13 21:00   103,424   ----a-w   C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30   1,845,632   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28   175,744   ----a-w   C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:27   2,188,928   ----a-w   C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21   162,816   ----a-w   C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20   91,520   ----a-w   C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20   361,344   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20   182,656   ----a-w   C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19   75,264   ----a-w   C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19   51,328   ----a-w   C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19   48,384   ----a-w   C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19   146,048   ----a-w   C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19   138,112   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18   52,480   ----a-w   C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17   83,072   ----a-w   C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17   456,576   ----a-w   C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17   105,344   ----a-w   C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16   49,536   ----a-w   C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16   141,056   ----a-w   C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15   64,512   ----a-w   C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15   60,800   ----a-w   C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15   574,976   ----a-w   C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15   334,848   ----a-w   C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14   63,744   ----a-w   C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14   143,744   ----a-w   C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00   30,080   ----a-w   C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00   225,664   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00   19,072   ----a-w   C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57   41,472   ----a-w   C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57   40,576   ----a-w   C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57   34,560   ----a-w   C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57   20,864   ----a-w   C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57   152,832   ----a-w   C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57   14,336   ----a-w   C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57   10,112   ----a-w   C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56   88,320   ----a-w   C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56   69,120   ----a-w   C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56   35,072   ----a-w   C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56   34,688   ----a-w   C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56   30,592   ----a-w   C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56   30,592   ----a-w   C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56   12,800   ----a-w   C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56   12,800   ----a-w   C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56   12,288   ----a-w   C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55   202,624   ----a-w   C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55   14,592   ----a-w   C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54   11,264   ----a-w   C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53   71,552   ----a-w   C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53   40,320   ----a-w   C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53   36,608   ----a-w   C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53   264,832   ----a-w   C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51   61,824   ----a-w   C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51   60,800   ----a-w   C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51   59,904   ----a-w   C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51   55,808   ----a-w   C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51   101,120   ----a-w   C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:47   25,856   ----a-w   C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-13 18:45   60,160   ----a-w   C:\WINDOWS\system32\drivers\drmk.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-02_20.16.44.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-03 00:52:17   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-06-04 01:36:14   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
- 2008-05-24 13:43:35   278,528   ----a-w   C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-06-04 02:42:42   278,528   ----a-w   C:\WINDOWS\system32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-02-07 16:16 356352]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 11:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 11:31 126976]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 17:24 54840]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-28 01:38 107112]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 21:22 26248]
"{d10b2c7f-33f7-1d43-8f75-a6b3402f9956}"="C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-03-09 19:10 11776]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"LvHidSvc"="C:\WINDOWS\system32\lvhidsvc.exe" [2004-10-10 19:17 33280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 15:32 8699904]

C:\Documents and Settings\Ours\Start Menu\Programs\Startup\
TVR Schedule.lnk - C:\Documents and Settings\Ours\Application Data\Microsoft\Installer\{E4C3B10E-E277-4458-8440-DAE332D50BF3}\_4ae13d6c.exe [2008-03-31 19:11:12 1078]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2002-01-09 22:53:14 200704]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-09-04 17:23:00 53317]
Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe [2006-07-19 11:45:12 861872]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
S3 USBVSP;USBVSP;C:\WINDOWS\system32\drivers\Usbvsp.sys [2003-09-08 14:43]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-01 00:53:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-04 01:59:13 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-31 16:31:08 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Ours.job"
- C:\PROGRA~1\NORTON~2\Navw32.exeh/TASK:
"2008-05-31 15:22:31 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 21:50:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-03 21:57:07
ComboFix-quarantined-files.txt 2008-06-04 02:56:41
ComboFix2.txt 2008-06-03 01:18:11

Pre-Run: 26,302,103,552 bytes free
Post-Run: 26,290,958,336 bytes free

318   --- E O F ---   2008-05-16 04:30:02

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:42 PM, on 6/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Â¤uÂ¨Ã£Â¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Â¤uÂ¨Ã£Â¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [{d10b2c7f-33f7-1d43-8f75-a6b3402f9956}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll" DllStart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [LvHidSvc] C:\WINDOWS\system32\lvhidsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: TVR Schedule.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207005698253
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207007319156
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ajlovesweasel-1969.spaces.live.com/...ad/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O17 - HKLM\System\CS1\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lifeview HID Remote Controller Service (lvhidsvc) - Animation Technologies Inc. - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

--
End of file - 12167 bytes

guestolo · « **Reply #9 on:** June 03, 2008, 10:32:49 PM »

Access your Add and Remove programs and remove this older version of Java
J2SE Runtime Environment 5.0 Update 3

Don't reboot the computer, instead

==Open notepad
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work
[color=\"#0000FF\"]File::
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\system32\g3.exe
C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll
C:\sqmdata19.sqm
C:\sqmnoopt19.sqm
C:\sqmdata18.sqm
C:\sqmnoopt18.sqm
C:\sqmdata17.sqm
C:\sqmnoopt17.sqm
C:\sqmdata16.sqm
C:\sqmnoopt16.sqm
C:\sqmdata15.sqm
C:\sqmnoopt15.sqm
C:\sqmdata14.sqm
C:\sqmnoopt14.sqm
C:\sqmdata13.sqm
C:\sqmnoopt13.sqm
C:\sqmdata12.sqm
C:\sqmnoopt12.sqm
C:\sqmdata11.sqm
C:\sqmnoopt11.sqm
C:\sqmdata10.sqm
C:\sqmnoopt10.sqm
Folder::
C:\Program Files\Coupons
C:\WINDOWS\system32\vntiho05
C:\WINDOWS\system32\Ucom1
C:\WINDOWS\system32\sIE6
C:\WINDOWS\system32\evd2
C:\WINDOWS\system32\Dev3
C:\WINDOWS\system32\4026c
C:\WINDOWS\RGVuc3RlZHRz
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{d10b2c7f-33f7-1d43-8f75-a6b3402f9956}"=-

[/color]
Save this as txtfile on your desktop
name it:
CFScript

Again, ensure Protection software is disabled

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you with the name C:\ComboFix.txt..
I'll need to see that log

Post back all the following:

1. Post the log from ComboFix that opens
2. Post a fresh Hijackthis log

Let me know how things are running please

weasel096 · « **Reply #10 on:** June 04, 2008, 05:17:39 PM »

computer is still running slow. Takes about 25 min for it to fully start up. Opening up an internet window takes about 7 min. Now I have shadows and blurs by all letters and pics.

New logs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:24:58 PM, on 6/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Â¤uÂ¨Ã£Â¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Â¤uÂ¨Ã£Â¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\RunServices: [LvHidSvc] C:\WINDOWS\system32\lvhidsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: TVR Schedule.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207005698253
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207007319156
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ajlovesweasel-1969.spaces.live.com/...ad/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O17 - HKLM\System\CS1\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lifeview HID Remote Controller Service (lvhidsvc) - Animation Technologies Inc. - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

--
End of file - 12108 bytes

ComboFix 08-06-03.1 - Ours 2008-06-04 16:38:43.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.239 [GMT -5:00]
Running from: C:\Documents and Settings\Ours\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ours\Desktop\CFScript.txt
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll
C:\WINDOWS\system32\g3.exe
C:\WINDOWS\system32\hljwugsf.bin
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Coupons
C:\Program Files\Coupons\Coupons.com.url
C:\Program Files\Coupons\uninstall.exe
C:\Program Files\Coupons\Uninstall\IRIMG1.JPG
C:\Program Files\Coupons\Uninstall\IRIMG2.JPG
C:\Program Files\Coupons\Uninstall\IRIMG3.JPG
C:\Program Files\Coupons\Uninstall\IRIMG4.JPG
C:\Program Files\Coupons\Uninstall\IRIMG5.JPG
C:\Program Files\Coupons\Uninstall\IRIMG6.JPG
C:\Program Files\Coupons\Uninstall\IRIMG7.JPG
C:\Program Files\Coupons\Uninstall\IRIMG8.JPG
C:\Program Files\Coupons\Uninstall\uninstall.dat
C:\Program Files\Coupons\Uninstall\uninstall.xml
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmdata13.sqm
C:\sqmdata14.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt13.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\RGVuc3RlZHRz
C:\WINDOWS\RGVuc3RlZHRz\TmEncryptTemp.000
C:\WINDOWS\system32\4026c
C:\WINDOWS\system32\Dev3
C:\WINDOWS\system32\evd2
C:\WINDOWS\system32\g3.exe
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\sIE6
C:\WINDOWS\system32\sIE6\patdll190.exe
C:\WINDOWS\system32\Ucom1
C:\WINDOWS\system32\vntiho05

.
((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))
.

2008-06-03 22:11 . 2008-06-03 22:11   <DIR>   d--------   C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-03 16:15 . 2008-06-03 16:15   <DIR>   d--------   C:\Documents and Settings\Ours\Application Data\Malwarebytes
2008-06-03 16:14 . 2008-06-03 16:15   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-06-03 16:14 . 2008-06-03 16:14   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-03 16:14 . 2008-05-30 01:06   34,296   --a------   C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-03 16:14 . 2008-05-30 01:06   15,864   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-06-01 20:39 . 2008-06-01 20:39   <DIR>   d--------   C:\Deckard
2008-05-31 10:54 . 2008-05-31 11:25   <DIR>   d--------   C:\Program Files\Norton AntiVirus
2008-05-31 10:37 . 2008-05-31 10:45   8,002,338,816   --ahs----   C:\gobackio.bin
2008-05-31 10:36 . 2008-05-31 10:36   <DIR>   d--------   C:\WINDOWS\Downloaded Installations
2008-05-31 10:19 . 2008-05-31 11:29   <DIR>   d--------   C:\Program Files\Norton SystemWorks
2008-05-31 10:09 . 2008-05-31 11:00   109,744   --a------   C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-31 10:09 . 2008-05-31 11:00   48,824   --a------   C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-31 10:09 . 2008-05-31 11:00   8,014   --a------   C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-31 10:09 . 2008-05-31 11:00   805   --a------   C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-31 09:59 . 2008-05-31 11:00   <DIR>   d--------   C:\Program Files\Symantec
2008-05-31 09:57 . 2008-05-31 11:03   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-31 09:48 . 2008-06-04 16:12   <DIR>   d--------   C:\Program Files\Common Files\Symantec Shared
2008-05-31 09:12 . 2008-05-31 09:12   0   --a------   C:\Documents and Settings\Ours\urlbase.bin
2008-05-31 09:12 . 2008-05-31 09:12   0   --a------   C:\Documents and Settings\Ours\ignoredomainsbase.bin
2008-05-31 09:00 . 2008-05-31 09:00   <DIR>   d--------   C:\Program Files\CheckIt
2008-05-30 21:44 . 2008-05-30 21:44   <DIR>   d--------   C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-05-30 12:20 . 2008-05-30 12:20   <DIR>   d--------   C:\Program Files\QuickTime
2008-05-30 12:20 . 2008-05-31 21:16   <DIR>   d--------   C:\Program Files\iTunes
2008-05-30 12:20 . 2008-05-31 21:15   <DIR>   d--------   C:\Program Files\iPod
2008-05-30 12:20 . 2008-05-30 12:20   <DIR>   d--------   C:\Program Files\Apple Software Update
2008-05-30 03:34 . 2008-05-30 12:20   <DIR>   d--------   C:\Program Files\iPod(2)
2008-05-30 03:33 . 2008-05-30 12:20   <DIR>   d--------   C:\Program Files\iTunes(2)
2008-05-30 03:12 . 2008-05-30 12:20   <DIR>   d--------   C:\Program Files\Apple Software Update(2)
2008-05-22 19:52 . 2008-05-22 19:52   <DIR>   d--------   C:\WINDOWS\system32\scripting
2008-05-22 19:52 . 2008-05-22 19:52   <DIR>   d--------   C:\WINDOWS\system32\en
2008-05-22 19:52 . 2008-05-22 19:52   <DIR>   d--------   C:\WINDOWS\system32\bits
2008-05-22 19:52 . 2008-05-22 19:52   <DIR>   d--------   C:\WINDOWS\l2schemas
2008-05-22 19:48 . 2008-05-22 19:52   <DIR>   d--------   C:\WINDOWS\ServicePackFiles
2008-05-22 19:39 . 2008-05-22 19:39   <DIR>   d--------   C:\WINDOWS\EHome
2008-05-22 19:27 . 2008-04-13 19:12   4,274,816   --a------   C:\WINDOWS\system32\nv4_disp.dll
2008-05-22 19:26 . 2008-04-13 19:11   1,888,992   --a------   C:\WINDOWS\system32\ati3duag.dll
2008-05-22 19:25 . 2008-04-13 19:11   136,192   --a------   C:\WINDOWS\system32\aaclient.dll
2008-05-22 19:25 . 2008-04-13 19:11   4,255   --a------   C:\WINDOWS\system32\drivers\adv01nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11   3,967   --a------   C:\WINDOWS\system32\drivers\adv02nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11   3,775   --a------   C:\WINDOWS\system32\drivers\adv11nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11   3,711   --a------   C:\WINDOWS\system32\drivers\adv09nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11   3,647   --a------   C:\WINDOWS\system32\drivers\adv07nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11   3,615   --a------   C:\WINDOWS\system32\drivers\adv05nt5.dll
2008-05-22 19:25 . 2008-04-13 19:11   3,135   --a------   C:\WINDOWS\system32\drivers\adv08nt5.dll
2008-05-13 18:25 . 2008-05-13 18:25   <DIR>   d--------   C:\Documents and Settings\Kids.DENSTEDTS\Application Data\Apple Computer
2008-05-11 21:47 . 2008-05-11 21:47   <DIR>   d--------   C:\Documents and Settings\Ours\Application Data\PlayFirst
2008-05-11 21:47 . 2008-05-11 21:47   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-11 21:45 . 2008-05-11 21:45   <DIR>   d--------   C:\Program Files\GameHouse
2008-05-11 21:45 . 2008-05-11 21:45   <DIR>   d--------   C:\Documents and Settings\Ours\Application Data\GameHouse
2008-05-07 17:43 . 2004-05-14 16:53   462,848   --a------   C:\WINDOWS\system32\ltkrn13n.dll
2008-05-07 17:43 . 2004-05-14 16:53   450,560   --a------   C:\WINDOWS\system32\ltimg13n.dll
2008-05-07 17:43 . 2004-05-14 16:53   401,408   --a------   C:\WINDOWS\system32\lfcmp13n.dll
2008-05-07 17:43 . 2004-05-14 16:53   299,008   --a------   C:\WINDOWS\system32\ltdis13n.dll
2008-05-07 17:43 . 2004-01-12 02:09   206,336   --a------   C:\WINDOWS\system32\ltefx13n.dll
2008-05-07 17:43 . 2004-05-14 16:53   163,840   --a------   C:\WINDOWS\system32\ltfil13n.dll
2008-05-07 17:43 . 2003-11-04 15:10   69,632   --a------   C:\WINDOWS\system32\lfgif13n.dll
2008-05-07 17:43 . 2004-05-14 16:53   57,344   --a------   C:\WINDOWS\system32\lfbmp13n.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 21:28   ---------   d-----w   C:\Program Files\Java
2008-06-01 02:00   ---------   d-----w   C:\Program Files\Trend Micro
2008-05-31 14:23   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-31 14:22   ---------   d-----w   C:\Program Files\SpywareBlaster
2008-05-31 03:16   ---------   d-----w   C:\Documents and Settings\Ours\Application Data\Lavasoft
2008-05-22 22:08   ---------   d-----w   C:\Documents and Settings\Ours\Application Data\GARMIN
2008-05-20 01:35   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-06 21:18   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-05-06 21:17   ---------   d-----w   C:\Documents and Settings\Ours\Application Data\AdobeUM
2008-05-04 12:16   ---------   d-----w   C:\Program Files\Windows Live
2008-05-02 13:34   ---------   d-----w   C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-02 13:33   ---------   d-----w   C:\Program Files\Windows Live Toolbar
2008-05-02 13:30   ---------   d-----w   C:\Program Files\Windows Live Favorites
2008-05-02 13:15   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-01 23:13   ---------   d-----w   C:\Documents and Settings\Ours\Application Data\Apple Computer
2008-04-26 14:42   ---------   d-----w   C:\Program Files\Oberon Media
2008-04-25 11:52   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\PopCap
2008-04-19 18:06   ---------   d-----w   C:\Program Files\Microsoft Works
2008-04-16 22:26   ---------   d-----w   C:\Documents and Settings\Ours\Application Data\PC Suite
2008-04-16 22:26   ---------   d-----w   C:\Documents and Settings\Ours\Application Data\Nokia
2008-04-16 22:13   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\PC Suite
2008-04-15 00:36   ---------   d-----w   C:\Documents and Settings\Ours\Application Data\Yahoo!
2008-04-14 10:42   985,088   ----a-w   C:\WINDOWS\system32\setupapi.dll
2008-04-14 10:42   11,264   ----a-w   C:\WINDOWS\system32\spnpinst.exe
2008-04-14 10:41   423,936   ----a-w   C:\WINDOWS\system32\licdll.dll
2008-04-14 00:32   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-04-14 00:25   1,804   ----a-w   C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16   329,728   ----a-w   C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13   92,424   ----a-w   C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13   87,176   ----a-w   C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13   40,840   ----a-w   C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13   21,896   ----a-w   C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13   139,656   ----a-w   C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13   12,168   ----a-w   C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13   12,040   ----a-w   C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11   997,376   ----a-w   C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10   53,279   ----a-w   C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10   4,126   ----a-w   C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10   3,584   ----a-w   C:\WINDOWS\system32\msafd.dll
2008-04-13 22:10   ---------   d-----w   C:\Program Files\LimeWire
2008-04-13 22:05   ---------   d-----w   C:\Program Files\Incomplete
2008-04-13 21:56   ---------   d-----w   C:\Documents and Settings\Ours\Application Data\SAMSUNG
2008-04-13 21:00   103,424   ----a-w   C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30   1,845,632   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28   175,744   ----a-w   C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:27   2,188,928   ----a-w   C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21   162,816   ----a-w   C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20   91,520   ----a-w   C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20   361,344   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20   182,656   ----a-w   C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19   75,264   ----a-w   C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19   51,328   ----a-w   C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19   48,384   ----a-w   C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19   146,048   ----a-w   C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19   138,112   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18   52,480   ----a-w   C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17   83,072   ----a-w   C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17   456,576   ----a-w   C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17   105,344   ----a-w   C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16   49,536   ----a-w   C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16   141,056   ----a-w   C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15   64,512   ----a-w   C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15   60,800   ----a-w   C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15   574,976   ----a-w   C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15   334,848   ----a-w   C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14   63,744   ----a-w   C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14   143,744   ----a-w   C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00   30,080   ----a-w   C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00   225,664   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00   19,072   ----a-w   C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57   41,472   ----a-w   C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57   40,576   ----a-w   C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57   34,560   ----a-w   C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57   20,864   ----a-w   C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57   152,832   ----a-w   C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57   14,336   ----a-w   C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57   10,112   ----a-w   C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56   88,320   ----a-w   C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56   69,120   ----a-w   C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56   35,072   ----a-w   C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56   34,688   ----a-w   C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56   30,592   ----a-w   C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56   30,592   ----a-w   C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56   12,800   ----a-w   C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56   12,800   ----a-w   C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56   12,288   ----a-w   C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55   202,624   ----a-w   C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55   14,592   ----a-w   C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54   11,264   ----a-w   C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53   71,552   ----a-w   C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53   40,320   ----a-w   C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53   36,608   ----a-w   C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53   264,832   ----a-w   C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51   61,824   ----a-w   C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51   60,800   ----a-w   C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51   59,904   ----a-w   C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51   55,808   ----a-w   C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51   101,120   ----a-w   C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:47   25,856   ----a-w   C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-13 18:45   60,160   ----a-w   C:\WINDOWS\system32\drivers\drmk.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-02_20.16.44.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-03 00:52:17   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-06-04 20:58:42   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
- 2008-05-24 13:43:35   278,528   ----a-w   C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-06-04 02:42:42   278,528   ----a-w   C:\WINDOWS\system32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-02-07 16:16 356352]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 11:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 11:31 126976]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 17:24 54840]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-28 01:38 107112]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 21:22 26248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-03-09 19:10 11776]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"LvHidSvc"="C:\WINDOWS\system32\lvhidsvc.exe" [2004-10-10 19:17 33280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 15:32 8699904]

C:\Documents and Settings\Ours\Start Menu\Programs\Startup\
TVR Schedule.lnk - C:\Documents and Settings\Ours\Application Data\Microsoft\Installer\{E4C3B10E-E277-4458-8440-DAE332D50BF3}\_4ae13d6c.exe [2008-03-31 19:11:12 1078]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2002-01-09 22:53:14 200704]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [1999-09-04 17:23:00 53317]
Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe [2006-07-19 11:45:12 861872]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
S3 USBVSP;USBVSP;C:\WINDOWS\system32\drivers\Usbvsp.sys [2003-09-08 14:43]

*Newly Created Service* - APPMGMT
.
Contents of the 'Scheduled Tasks' folder
"2008-06-01 00:53:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-04 21:59:10 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-31 16:31:08 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Ours.job"
- C:\PROGRA~1\NORTON~2\Navw32.exeh/TASK:
"2008-05-31 15:22:31 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 16:59:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-04 17:14:12
ComboFix-quarantined-files.txt 2008-06-04 22:13:41
ComboFix2.txt 2008-06-04 02:57:09
ComboFix3.txt 2008-06-03 01:18:11

Pre-Run: 26,206,150,656 bytes free
Post-Run: 26,200,821,760 bytes free

364   --- E O F ---   2008-06-04 03:11:49

guestolo · « **Reply #11 on:** June 04, 2008, 05:36:21 PM »

I do notice you have possibly 2 AntiVirus software and 2 Software Firewalls installed
Symantec's and Trend Micro
Having more than one can cause system instabilities and slowness

Sometimes it's not enough to try and just disable one and use the other
Uninstalling one may be the best course

Try removing one Security suite you have installed then reboot afterwards
Come back
Run dss.exe from desktop again, post the new log from Main.txt that opens

weasel096 · « **Reply #12 on:** June 04, 2008, 07:05:02 PM »

I took out an av and its abit faster. no more popups. much better. anything else?

Deckard's System Scanner v20071014.68
Run by Ours on 2008-06-04 19:06:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Ours.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:02 PM, on 6/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Documents and Settings\Ours\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ours.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Â¤uÂ¨Ã£Â¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Â¤uÂ¨Ã£Â¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\RunServices: [LvHidSvc] C:\WINDOWS\system32\lvhidsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: TVR Schedule.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207005698253
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207007319156
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ajlovesweasel-1969.spaces.live.com/...ad/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O17 - HKLM\System\CS1\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lifeview HID Remote Controller Service (lvhidsvc) - Animation Technologies Inc. - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11527 bytes

-- Files created between 2008-05-04 and 2008-06-04 -----------------------------

2008-06-03 22:11:47 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-03 16:15:36 0 d-------- C:\Documents and Settings\Ours\Application Data\Malwarebytes
2008-06-03 16:14:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-03 16:14:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 19:19:27 68096 --a------ C:\WINDOWS\zip.exe
2008-06-02 19:19:27 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-02 19:19:27 80412 --a------ C:\WINDOWS\grep.exe
2008-06-02 19:19:26 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-02 19:19:26 98816 --a------ C:\WINDOWS\sed.exe
2008-06-02 19:19:26 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-02 19:19:25 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-02 19:19:25 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-31 10:54:25 0 d-------- C:\Program Files\Norton AntiVirus
2008-05-31 10:37:24 2147483647 --ahs---- C:\gobackio.bin
2008-05-31 10:36:40 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-31 10:19:47 0 d-------- C:\Program Files\Norton SystemWorks
2008-05-31 09:59:45 0 d-------- C:\Program Files\Symantec
2008-05-31 09:57:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-31 09:48:55 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-31 09:12:39 0 --a------ C:\Documents and Settings\Ours\urlbase.bin
2008-05-31 09:12:39 0 --a------ C:\Documents and Settings\Ours\ignoredomainsbase.bin
2008-05-31 09:00:11 0 d-------- C:\Program Files\CheckIt
2008-05-30 22:01:53 0 d-------- C:\WINDOWS\system32\vntiho18
2008-05-30 22:01:20 22784 --a------ C:\WINDOWS\xplugin.dll
2008-05-30 22:01:19 23808 --a------ C:\WINDOWS\winmgnt.exe
2008-05-30 22:01:19 16640 --a------ C:\WINDOWS\window.exe
2008-05-30 22:01:19 25856 --a------ C:\WINDOWS\winajbm.dll
2008-05-30 22:01:18 9984 --a------ C:\WINDOWS\win64.exe
2008-05-30 22:01:18 23552 --a------ C:\WINDOWS\win32e.exe
2008-05-30 22:01:18 30720 --a------ C:\WINDOWS\wEmail Removedexe
2008-05-30 22:01:18 19456 --a------ C:\WINDOWS\users32.exe
2008-05-30 22:01:18 28672 --a------ C:\WINDOWS\time.exe
2008-05-30 22:01:17 26624 --a------ C:\WINDOWS\systemcritical.exe
2008-05-30 22:01:17 28160 --a------ C:\WINDOWS\systeem.exe
2008-05-30 22:01:17 15104 --a------ C:\WINDOWS\svcinit.exe
2008-05-30 22:01:17 28160 --a------ C:\WINDOWS\sistem.exe
2008-05-30 22:01:16 27136 --a------ C:\WINDOWS\searchword.dll
2008-05-30 22:01:16 23040 --a------ C:\WINDOWS\rundll16.exe
2008-05-30 22:01:16 10496 --a------ C:\WINDOWS\quicken.exe
2008-05-30 22:01:16 10496 --a------ C:\WINDOWS\qttasks.exe
2008-05-30 22:01:16 24832 --a------ C:\WINDOWS\olehelp.exe
2008-05-30 22:01:15 22272 --a------ C:\WINDOWS\notepad32.exe
2008-05-30 22:01:15 12032 --a------ C:\WINDOWS\mtwirl32.dll
2008-05-30 22:01:15 29952 --a------ C:\WINDOWS\mswsc20.dll
2008-05-30 22:01:15 15616 --a------ C:\WINDOWS\mswsc10.dll
2008-05-30 22:01:14 18944 --a------ C:\WINDOWS\msspi.dll
2008-05-30 22:01:14 17920 --a------ C:\WINDOWS\msconfd.dll
2008-05-30 22:01:13 24064 --a------ C:\WINDOWS\inetinf.exe
2008-05-30 22:01:13 28928 --a------ C:\WINDOWS\iedll.exe
2008-05-30 22:01:13 31744 --a------ C:\WINDOWS\helpcvs.exe
2008-05-30 22:01:12 15616 --a------ C:\WINDOWS\gfmnaaa.dll
2008-05-30 22:01:12 11776 --a------ C:\WINDOWS\funny.exe
2008-05-30 22:01:12 20736 --a------ C:\WINDOWS\funniest.exe
2008-05-30 22:01:12 27904 --a------ C:\WINDOWS\explorer32.exe
2008-05-30 22:01:11 14080 --a------ C:\WINDOWS\editpad.exe
2008-05-30 22:01:11 14848 --a------ C:\WINDOWS\dnsrelay.dll
2008-05-30 22:01:11 15616 --a------ C:\WINDOWS\directx32.exe
2008-05-30 22:01:11 22016 --a------ C:\WINDOWS\ctrlpan.dll
2008-05-30 22:01:11 28672 --a------ C:\WINDOWS\ctfmon32.exe
2008-05-30 22:01:11 13056 --a------ C:\WINDOWS\cpan.dll
2008-05-30 22:01:10 27136 --a------ C:\WINDOWS\clrssn.exe
2008-05-30 22:01:10 20736 --a------ C:\WINDOWS\avpcc.dll
2008-05-30 22:01:10 11776 --a------ C:\WINDOWS\accesss.exe
2008-05-30 21:45:39 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-30 21:45:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-30 21:44:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-05-30 21:43:57 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-30 12:20:39 0 d-------- C:\Program Files\Apple Software Update
2008-05-30 12:20:31 0 d-------- C:\Program Files\QuickTime
2008-05-30 12:20:15 0 d-------- C:\Program Files\iPod
2008-05-30 12:20:12 0 d-------- C:\Program Files\iTunes
2008-05-30 03:34:03 0 d-------- C:\Program Files\iPod(2)
2008-05-30 03:33:54 0 d-------- C:\Program Files\iTunes(2)
2008-05-30 03:12:20 0 d-------- C:\Program Files\Apple Software Update(2)
2008-05-24 08:43:36 4194304 --a------ C:\Documents and Settings\Ours\ntuser.dat
2008-05-22 20:04:08 0 d-------- C:\WINDOWS\Prefetch
2008-05-22 19:52:16 0 d-------- C:\WINDOWS\system32\scripting
2008-05-22 19:52:15 0 d-------- C:\WINDOWS\l2schemas
2008-05-22 19:52:14 0 d-------- C:\WINDOWS\system32\en
2008-05-22 19:52:13 0 d-------- C:\WINDOWS\system32\bits
2008-05-22 19:48:06 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-22 19:39:00 0 d-------- C:\WINDOWS\EHome
2008-05-13 21:13:15 0 d-------- C:\Documents and Settings\Kids.DENSTEDTS\Application Data\Google
2008-05-13 18:25:40 0 d-------- C:\Documents and Settings\Kids.DENSTEDTS\Application Data\Apple Computer
2008-05-11 21:47:35 0 d-------- C:\Documents and Settings\Ours\Application Data\PlayFirst
2008-05-11 21:47:35 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-11 21:45:49 0 d-------- C:\Documents and Settings\Ours\Application Data\GameHouse
2008-05-11 21:45:46 0 d-------- C:\Program Files\GameHouse
2008-05-06 16:18:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe

-- Find3M Report ---------------------------------------------------------------

2008-06-04 18:37:48 0 d-------- C:\Program Files\Trend Micro
2008-06-04 16:28:25 0 d-------- C:\Program Files\Java
2008-05-31 10:13:21 0 d-------- C:\Program Files\Common Files
2008-05-31 09:22:47 0 d-------- C:\Program Files\SpywareBlaster
2008-05-30 22:16:39 0 d-------- C:\Documents and Settings\Ours\Application Data\Lavasoft
2008-05-22 19:52:49 0 d-------- C:\Program Files\Messenger
2008-05-22 19:52:13 0 d-------- C:\Program Files\Movie Maker
2008-05-22 19:47:46 0 d-------- C:\Program Files\Windows NT
2008-05-22 17:08:33 0 d-------- C:\Documents and Settings\Ours\Application Data\GARMIN
2008-05-19 20:35:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-06 16:18:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-06 16:17:14 0 d-------- C:\Documents and Settings\Ours\Application Data\AdobeUM
2008-05-04 07:16:38 0 d-------- C:\Program Files\Windows Live
2008-05-02 08:34:42 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-02 08:33:08 0 d-------- C:\Program Files\Windows Live Toolbar
2008-05-02 08:30:32 0 d-------- C:\Program Files\Windows Live Favorites
2008-05-01 18:13:53 0 d-------- C:\Documents and Settings\Ours\Application Data\Apple Computer
2008-04-28 19:28:35 0 d-------- C:\Documents and Settings\Ours\Application Data\Adobe
2008-04-26 09:42:50 0 d-------- C:\Program Files\Oberon Media
2008-04-19 13:06:23 0 d-------- C:\Program Files\Microsoft Works
2008-04-16 17:26:24 0 d-------- C:\Documents and Settings\Ours\Application Data\PC Suite
2008-04-16 17:26:16 0 d-------- C:\Documents and Settings\Ours\Application Data\Nokia
2008-04-16 17:26:16 1110 --a------ C:\Documents and Settings\Ours\Application Data\NMM-MetaData.db
2008-04-14 19:36:56 0 d-------- C:\Documents and Settings\Ours\Application Data\Yahoo!
2008-04-13 17:10:38 0 d-------- C:\Program Files\LimeWire
2008-04-13 17:05:25 0 d-------- C:\Program Files\Incomplete
2008-04-13 16:56:07 0 d-------- C:\Documents and Settings\Ours\Application Data\SAMSUNG
2008-04-12 08:44:52 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-11 22:34:13 0 d-------- C:\Program Files\Samsung
2008-04-11 08:50:25 0 d-------- C:\Documents and Settings\Ours\Application Data\FUJIFILM
2008-04-05 15:14:31 0 d-------- C:\Documents and Settings\Ours\Application Data\Talkback
2008-04-05 15:13:57 0 --a----c- C:\WINDOWS\nsreg.dat
2008-04-05 15:13:54 0 d-------- C:\Documents and Settings\Ours\Application Data\Mozilla
2008-04-04 17:33:17 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-04 08:38:03 0 d-------- C:\Documents and Settings\Ours\Application Data\funkitron
2008-04-04 08:22:18 0 d-------- C:\Program Files\Common Files\Real
2008-04-04 08:22:17 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2008-04-04 08:22:13 0 d-------- C:\Program Files\Real
2008-03-31 19:51:24 96577 --a----c- C:\WINDOWS\hpqins16.dat
2008-03-31 19:48:18 2064 --a----c- C:\Documents and Settings\Ours\Application Data\HPSU_48BitScanUpdate.log
2008-03-31 19:37:07 345 --a----c- C:\Documents and Settings\Ours\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
2008-03-31 19:37:05 0 --a----c- C:\Documents and Settings\Ours\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
2008-03-31 19:36:18 2799 --a----c- C:\Documents and Settings\Ours\Application Data\PatchUpdate_InstantShareJPG.log
2008-03-31 19:35:48 3596 --a----c- C:\Documents and Settings\Ours\Application Data\PatchUpdate_IZClosingDiscError.log
2008-03-31 19:34:32 137866 --a----c- C:\Documents and Settings\Ours\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-03-31 19:34:17 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
2008-03-31 19:32:01 112384 --a------ C:\WINDOWS\hpoins07.dat
2008-03-31 19:00:16 28672 --a------ C:\WINDOWS\system32\qttask.exe
2008-03-31 18:59:02 0 -rahs---- C:\MSDOS.SYS
2008-03-31 18:59:02 0 -rahs---- C:\IO.SYS
2008-03-31 18:59:02 0 --a------ C:\CONFIG.SYS
2008-03-31 18:59:02 0 --a------ C:\AUTOEXEC.BAT
2008-03-31 18:56:23 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-31 12:43:07 62 --ahs---- C:\Documents and Settings\Ours\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 02:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/23/2005 11:36 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/23/2005 11:31 AM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 11:32 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 05:24 PM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 05:44 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 05:34 PM]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 09:06 AM C:\WINDOWS\AGRSMMSG.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/28/2006 01:38 AM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [09/05/2006 09:22 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [03/23/2007 01:20 PM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [03/09/2005 07:10 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:12 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"LvHidSvc"=C:\WINDOWS\system32\lvhidsvc.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Ours\Start Menu\Programs\Startup\
TVR Schedule.lnk - C:\Documents and Settings\Ours\Application Data\Microsoft\Installer\{E4C3B10E-E277-4458-8440-DAE332D50BF3}\_4ae13d6c.exe [3/31/2008 7:11:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [1/9/2002 10:53:14 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 12:23:26 AM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [5/12/2005 1:49:24 AM]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [9/4/1999 5:23:00 PM]
Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe [7/19/2006 11:45:12 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

-- End of Deckard's System Scanner: finished at 2008-06-04 19:10:06 ------------

guestolo · « **Reply #13 on:** June 04, 2008, 07:22:48 PM »

If you happen to have a version of Smitfraudfix, delete it
Do the following
Download [color=\"red\"]SmitfraudFix[/color][/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.
We'll need this later

Print these set of instructions, or save them to a text file on desktop for reference

Reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In safe mode

Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't
Reboot back to Normal Windows
I'll need to see the log it generates later, by default it is located at
C:\rapport.txt
============================================
Post back the following:

1. Post the report from Smitfraudfix>>C:\Rapport.txt
2. Again, run dss.exe and post a fresh log from Main.txt

weasel096 · « **Reply #14 on:** June 04, 2008, 08:50:02 PM »

new logs for ya.

SmitFraudFix v2.323

Scan done at 20:38:37.50, Wed 06/04/2008
Run from C:\Documents and Settings\Ours\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Killing process

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» hosts

127.0.0.1 localhost

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Generic Renos Fix

GenericRenosFix by S!Ri

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Deleting infected files

C:\WINDOWS\accesss.exe Deleted
C:\WINDOWS\astctl32.ocx Deleted
C:\WINDOWS\avpcc.dll Deleted
C:\WINDOWS\clrssn.exe Deleted
C:\WINDOWS\cpan.dll Deleted
C:\WINDOWS\mtwirl32.dll Deleted
C:\WINDOWS\notepad32.exe Deleted
C:\WINDOWS\olehelp.exe Deleted
C:\WINDOWS\systeem.exe Deleted
C:\WINDOWS\systemcritical.exe Deleted
C:\WINDOWS\time.exe Deleted
C:\WINDOWS\users32.exe Deleted
C:\WINDOWS\wEmail Removedexe Deleted
C:\WINDOWS\win32e.exe Deleted
C:\WINDOWS\win64.exe Deleted
C:\WINDOWS\winajbm.dll Deleted
C:\WINDOWS\window.exe Deleted
C:\WINDOWS\winmgnt.exe Deleted
C:\WINDOWS\xplugin.dll Deleted

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer=208.38.65.37,208.38.65.35
HKLM\SYSTEM\CS1\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer=208.38.65.37,208.38.65.35
HKLM\SYSTEM\CS3\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer=208.38.65.37,208.38.65.35

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Deleting Temp Files

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Registry Cleaning

Registry Cleaning done.

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» End

Deckard's System Scanner v20071014.68
Run by Ours on 2008-06-04 20:52:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Ours.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:53:23, on 6/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Documents and Settings\Ours\Desktop\dss.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ours.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Â¤uÂ¨Ã£Â¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Â¤uÂ¨Ã£Â¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\RunServices: [LvHidSvc] C:\WINDOWS\system32\lvhidsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: TVR Schedule.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207005698253
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207007319156
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ajlovesweasel-1969.spaces.live.com/...ad/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O17 - HKLM\System\CS1\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lifeview HID Remote Controller Service (lvhidsvc) - Animation Technologies Inc. - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11049 bytes

-- Files created between 2008-05-04 and 2008-06-04 -----------------------------

2008-06-04 20:38:49 3010 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-03 22:11:47 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-03 16:15:36 0 d-------- C:\Documents and Settings\Ours\Application Data\Malwarebytes
2008-06-03 16:14:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-03 16:14:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 19:19:27 68096 --a------ C:\WINDOWS\zip.exe
2008-06-02 19:19:27 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-02 19:19:27 80412 --a------ C:\WINDOWS\grep.exe
2008-06-02 19:19:26 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-02 19:19:26 98816 --a------ C:\WINDOWS\sed.exe
2008-06-02 19:19:26 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-02 19:19:25 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-02 19:19:25 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-31 10:54:25 0 d-------- C:\Program Files\Norton AntiVirus
2008-05-31 10:37:24 2147483647 --ahs---- C:\gobackio.bin
2008-05-31 10:36:40 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-31 10:19:47 0 d-------- C:\Program Files\Norton SystemWorks
2008-05-31 09:59:45 0 d-------- C:\Program Files\Symantec
2008-05-31 09:57:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-31 09:48:55 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-31 09:12:39 0 --a------ C:\Documents and Settings\Ours\urlbase.bin
2008-05-31 09:12:39 0 --a------ C:\Documents and Settings\Ours\ignoredomainsbase.bin
2008-05-31 09:00:11 0 d-------- C:\Program Files\CheckIt
2008-05-30 22:01:53 0 d-------- C:\WINDOWS\system32\vntiho18
2008-05-30 22:01:17 15104 --a------ C:\WINDOWS\svcinit.exe
2008-05-30 22:01:17 28160 --a------ C:\WINDOWS\sistem.exe
2008-05-30 22:01:16 27136 --a------ C:\WINDOWS\searchword.dll
2008-05-30 22:01:16 23040 --a------ C:\WINDOWS\rundll16.exe
2008-05-30 22:01:16 10496 --a------ C:\WINDOWS\quicken.exe
2008-05-30 22:01:16 10496 --a------ C:\WINDOWS\qttasks.exe
2008-05-30 22:01:15 29952 --a------ C:\WINDOWS\mswsc20.dll
2008-05-30 22:01:15 15616 --a------ C:\WINDOWS\mswsc10.dll
2008-05-30 22:01:14 18944 --a------ C:\WINDOWS\msspi.dll
2008-05-30 22:01:14 17920 --a------ C:\WINDOWS\msconfd.dll
2008-05-30 22:01:13 24064 --a------ C:\WINDOWS\inetinf.exe
2008-05-30 22:01:13 28928 --a------ C:\WINDOWS\iedll.exe
2008-05-30 22:01:13 31744 --a------ C:\WINDOWS\helpcvs.exe
2008-05-30 22:01:12 15616 --a------ C:\WINDOWS\gfmnaaa.dll
2008-05-30 22:01:12 11776 --a------ C:\WINDOWS\funny.exe
2008-05-30 22:01:12 20736 --a------ C:\WINDOWS\funniest.exe
2008-05-30 22:01:12 27904 --a------ C:\WINDOWS\explorer32.exe
2008-05-30 22:01:11 14080 --a------ C:\WINDOWS\editpad.exe
2008-05-30 22:01:11 14848 --a------ C:\WINDOWS\dnsrelay.dll
2008-05-30 22:01:11 15616 --a------ C:\WINDOWS\directx32.exe
2008-05-30 22:01:11 22016 --a------ C:\WINDOWS\ctrlpan.dll
2008-05-30 22:01:11 28672 --a------ C:\WINDOWS\ctfmon32.exe
2008-05-30 21:45:39 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-30 21:45:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-30 21:44:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-05-30 21:43:57 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-30 12:20:39 0 d-------- C:\Program Files\Apple Software Update
2008-05-30 12:20:31 0 d-------- C:\Program Files\QuickTime
2008-05-30 12:20:15 0 d-------- C:\Program Files\iPod
2008-05-30 12:20:12 0 d-------- C:\Program Files\iTunes
2008-05-30 03:34:03 0 d-------- C:\Program Files\iPod(2)
2008-05-30 03:33:54 0 d-------- C:\Program Files\iTunes(2)
2008-05-30 03:12:20 0 d-------- C:\Program Files\Apple Software Update(2)
2008-05-24 08:43:36 4194304 --a------ C:\Documents and Settings\Ours\ntuser.dat
2008-05-22 20:04:08 0 d-------- C:\WINDOWS\Prefetch
2008-05-22 19:52:16 0 d-------- C:\WINDOWS\system32\scripting
2008-05-22 19:52:15 0 d-------- C:\WINDOWS\l2schemas
2008-05-22 19:52:14 0 d-------- C:\WINDOWS\system32\en
2008-05-22 19:52:13 0 d-------- C:\WINDOWS\system32\bits
2008-05-22 19:48:06 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-22 19:39:00 0 d-------- C:\WINDOWS\EHome
2008-05-13 21:13:15 0 d-------- C:\Documents and Settings\Kids.DENSTEDTS\Application Data\Google
2008-05-13 18:25:40 0 d-------- C:\Documents and Settings\Kids.DENSTEDTS\Application Data\Apple Computer
2008-05-11 21:47:35 0 d-------- C:\Documents and Settings\Ours\Application Data\PlayFirst
2008-05-11 21:47:35 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-11 21:45:49 0 d-------- C:\Documents and Settings\Ours\Application Data\GameHouse
2008-05-11 21:45:46 0 d-------- C:\Program Files\GameHouse
2008-05-06 16:18:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe

-- Find3M Report ---------------------------------------------------------------

2008-06-04 18:37:48 0 d-------- C:\Program Files\Trend Micro
2008-06-04 16:28:25 0 d-------- C:\Program Files\Java
2008-05-31 10:13:21 0 d-------- C:\Program Files\Common Files
2008-05-31 09:22:47 0 d-------- C:\Program Files\SpywareBlaster
2008-05-30 22:16:39 0 d-------- C:\Documents and Settings\Ours\Application Data\Lavasoft
2008-05-22 19:52:49 0 d-------- C:\Program Files\Messenger
2008-05-22 19:52:13 0 d-------- C:\Program Files\Movie Maker
2008-05-22 19:47:46 0 d-------- C:\Program Files\Windows NT
2008-05-22 17:08:33 0 d-------- C:\Documents and Settings\Ours\Application Data\GARMIN
2008-05-19 20:35:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-06 16:18:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-06 16:17:14 0 d-------- C:\Documents and Settings\Ours\Application Data\AdobeUM
2008-05-04 07:16:38 0 d-------- C:\Program Files\Windows Live
2008-05-02 08:34:42 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-02 08:33:08 0 d-------- C:\Program Files\Windows Live Toolbar
2008-05-02 08:30:32 0 d-------- C:\Program Files\Windows Live Favorites
2008-05-01 18:13:53 0 d-------- C:\Documents and Settings\Ours\Application Data\Apple Computer
2008-04-28 19:28:35 0 d-------- C:\Documents and Settings\Ours\Application Data\Adobe
2008-04-26 09:42:50 0 d-------- C:\Program Files\Oberon Media
2008-04-19 13:06:23 0 d-------- C:\Program Files\Microsoft Works
2008-04-16 17:26:24 0 d-------- C:\Documents and Settings\Ours\Application Data\PC Suite
2008-04-16 17:26:16 0 d-------- C:\Documents and Settings\Ours\Application Data\Nokia
2008-04-16 17:26:16 1110 --a------ C:\Documents and Settings\Ours\Application Data\NMM-MetaData.db
2008-04-14 19:36:56 0 d-------- C:\Documents and Settings\Ours\Application Data\Yahoo!
2008-04-13 17:10:38 0 d-------- C:\Program Files\LimeWire
2008-04-13 17:05:25 0 d-------- C:\Program Files\Incomplete
2008-04-13 16:56:07 0 d-------- C:\Documents and Settings\Ours\Application Data\SAMSUNG
2008-04-12 08:44:52 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-11 22:34:13 0 d-------- C:\Program Files\Samsung
2008-04-11 08:50:25 0 d-------- C:\Documents and Settings\Ours\Application Data\FUJIFILM
2008-04-05 15:14:31 0 d-------- C:\Documents and Settings\Ours\Application Data\Talkback
2008-04-05 15:13:57 0 --a----c- C:\WINDOWS\nsreg.dat
2008-04-05 15:13:54 0 d-------- C:\Documents and Settings\Ours\Application Data\Mozilla
2008-04-04 17:33:17 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-04 08:38:03 0 d-------- C:\Documents and Settings\Ours\Application Data\funkitron
2008-04-04 08:22:18 0 d-------- C:\Program Files\Common Files\Real
2008-04-04 08:22:17 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2008-04-04 08:22:13 0 d-------- C:\Program Files\Real
2008-03-31 19:51:24 96577 --a----c- C:\WINDOWS\hpqins16.dat
2008-03-31 19:48:18 2064 --a----c- C:\Documents and Settings\Ours\Application Data\HPSU_48BitScanUpdate.log
2008-03-31 19:37:07 345 --a----c- C:\Documents and Settings\Ours\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
2008-03-31 19:37:05 0 --a----c- C:\Documents and Settings\Ours\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
2008-03-31 19:36:18 2799 --a----c- C:\Documents and Settings\Ours\Application Data\PatchUpdate_InstantShareJPG.log
2008-03-31 19:35:48 3596 --a----c- C:\Documents and Settings\Ours\Application Data\PatchUpdate_IZClosingDiscError.log
2008-03-31 19:34:32 137866 --a----c- C:\Documents and Settings\Ours\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-03-31 19:34:17 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
2008-03-31 19:32:01 112384 --a------ C:\WINDOWS\hpoins07.dat
2008-03-31 19:00:16 28672 --a------ C:\WINDOWS\system32\qttask.exe
2008-03-31 18:59:02 0 -rahs---- C:\MSDOS.SYS
2008-03-31 18:59:02 0 -rahs---- C:\IO.SYS
2008-03-31 18:59:02 0 --a------ C:\CONFIG.SYS
2008-03-31 18:59:02 0 --a------ C:\AUTOEXEC.BAT
2008-03-31 18:56:23 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-31 12:43:07 62 --ahs---- C:\Documents and Settings\Ours\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 14:47 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/23/2005 11:36]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/23/2005 11:31]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 23:32]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 17:24]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 17:44]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 17:34]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 09:06 C:\WINDOWS\AGRSMMSG.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/28/2006 01:38]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [09/05/2006 21:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 00:13]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [03/23/2007 13:20]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [03/09/2005 19:10]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 13:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 19:12]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 17:43]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"LvHidSvc"=C:\WINDOWS\system32\lvhidsvc.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Ours\Start Menu\Programs\Startup\
TVR Schedule.lnk - C:\Documents and Settings\Ours\Application Data\Microsoft\Installer\{E4C3B10E-E277-4458-8440-DAE332D50BF3}\_4ae13d6c.exe [3/31/2008 7:11:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [1/9/2002 10:53:14 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 12:23:26 AM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [5/12/2005 1:49:24 AM]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [9/4/1999 5:23:00 PM]
Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe [7/19/2006 11:45:12 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

-- End of Deckard's System Scanner: finished at 2008-06-04 20:56:26 ------------

guestolo · « **Reply #15 on:** June 04, 2008, 09:45:47 PM »

Download [color=\"blue\"]OTMoveIt2.exe[/color] by OldTimer:

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.
Copy the entries below in [color=\"#0000FF\"]Blue[/color] to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"):

================================================

[color=\"#0000FF\"]C:\WINDOWS\system32\vntiho18
C:\WINDOWS\svcinit.exe
C:\WINDOWS\sistem.exe
C:\WINDOWS\searchword.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\msconfd.dll
C:\WINDOWS\inetinf.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\funny.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\editpad.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\directx32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\ctfmon32.exe[/color]

======================================================
Return to OTMoveIt2, right-click on the "Paste List of Files/Folders to be Moved" window and choose "Paste".
Click the red "[color=\"red\"]MoveIt![/color]" button.
Close OTMoveIt when it has completed.

[color=\"red\"]Note[/color]: If an entry cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

OTMoveIt would of created a log at this location
C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log <-indicates date_time of log

Post that log from OTMoveit
And once again, double click on dss.exe, post the New log that opens

Also, keep me informed how things are running

weasel096 · « **Reply #16 on:** June 05, 2008, 04:09:21 PM »

Computer is getting much better. My clock is on military time.

Here are the logs.

C:\WINDOWS\system32\vntiho18 moved successfully.
C:\WINDOWS\svcinit.exe moved successfully.
C:\WINDOWS\sistem.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\searchword.dll
C:\WINDOWS\searchword.dll NOT unregistered.
C:\WINDOWS\searchword.dll moved successfully.
C:\WINDOWS\rundll16.exe moved successfully.
C:\WINDOWS\quicken.exe moved successfully.
C:\WINDOWS\qttasks.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mswsc20.dll NOT unregistered.
C:\WINDOWS\mswsc20.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc10.dll NOT unregistered.
C:\WINDOWS\mswsc10.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\msspi.dll
C:\WINDOWS\msspi.dll NOT unregistered.
C:\WINDOWS\msspi.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\msconfd.dll
C:\WINDOWS\msconfd.dll NOT unregistered.
C:\WINDOWS\msconfd.dll moved successfully.
C:\WINDOWS\inetinf.exe moved successfully.
C:\WINDOWS\iedll.exe moved successfully.
C:\WINDOWS\helpcvs.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\gfmnaaa.dll NOT unregistered.
C:\WINDOWS\gfmnaaa.dll moved successfully.
C:\WINDOWS\funny.exe moved successfully.
C:\WINDOWS\funniest.exe moved successfully.
C:\WINDOWS\explorer32.exe moved successfully.
C:\WINDOWS\editpad.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\dnsrelay.dll NOT unregistered.
C:\WINDOWS\dnsrelay.dll moved successfully.
C:\WINDOWS\directx32.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\ctrlpan.dll NOT unregistered.
C:\WINDOWS\ctrlpan.dll moved successfully.
C:\WINDOWS\ctfmon32.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06052008_161001

Deckard's System Scanner v20071014.68
Run by Ours on 2008-06-05 16:12:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Ours.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:34, on 6/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Ours\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ours.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Â¤uÂ¨Ã£Â¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Â¤uÂ¨Ã£Â¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\RunServices: [LvHidSvc] C:\WINDOWS\system32\lvhidsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: TVR Schedule.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207005698253
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207007319156
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ajlovesweasel-1969.spaces.live.com/...ad/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O17 - HKLM\System\CS1\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lifeview HID Remote Controller Service (lvhidsvc) - Animation Technologies Inc. - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11059 bytes

-- Files created between 2008-05-05 and 2008-06-05 -----------------------------

2008-06-04 22:15:43 0 d--h----- C:\WINDOWS\PIF
2008-06-04 20:38:49 3010 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-03 22:11:47 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-03 16:15:36 0 d-------- C:\Documents and Settings\Ours\Application Data\Malwarebytes
2008-06-03 16:14:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-03 16:14:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-02 19:19:27 68096 --a------ C:\WINDOWS\zip.exe
2008-06-02 19:19:27 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-02 19:19:27 80412 --a------ C:\WINDOWS\grep.exe
2008-06-02 19:19:26 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-02 19:19:26 98816 --a------ C:\WINDOWS\sed.exe
2008-06-02 19:19:26 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-02 19:19:25 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-02 19:19:25 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-31 10:54:25 0 d-------- C:\Program Files\Norton AntiVirus
2008-05-31 10:37:24 2147483647 --ahs---- C:\gobackio.bin
2008-05-31 10:36:40 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-31 10:19:47 0 d-------- C:\Program Files\Norton SystemWorks
2008-05-31 09:59:45 0 d-------- C:\Program Files\Symantec
2008-05-31 09:57:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-31 09:48:55 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-31 09:12:39 0 --a------ C:\Documents and Settings\Ours\urlbase.bin
2008-05-31 09:12:39 0 --a------ C:\Documents and Settings\Ours\ignoredomainsbase.bin
2008-05-31 09:00:11 0 d-------- C:\Program Files\CheckIt
2008-05-30 21:45:39 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-30 21:45:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-30 21:44:01 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-05-30 21:43:57 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-30 12:20:39 0 d-------- C:\Program Files\Apple Software Update
2008-05-30 12:20:31 0 d-------- C:\Program Files\QuickTime
2008-05-30 12:20:15 0 d-------- C:\Program Files\iPod
2008-05-30 12:20:12 0 d-------- C:\Program Files\iTunes
2008-05-30 03:34:03 0 d-------- C:\Program Files\iPod(2)
2008-05-30 03:33:54 0 d-------- C:\Program Files\iTunes(2)
2008-05-30 03:12:20 0 d-------- C:\Program Files\Apple Software Update(2)
2008-05-24 08:43:36 4194304 --a------ C:\Documents and Settings\Ours\ntuser.dat
2008-05-22 20:04:08 0 d-------- C:\WINDOWS\Prefetch
2008-05-22 19:52:16 0 d-------- C:\WINDOWS\system32\scripting
2008-05-22 19:52:15 0 d-------- C:\WINDOWS\l2schemas
2008-05-22 19:52:14 0 d-------- C:\WINDOWS\system32\en
2008-05-22 19:52:13 0 d-------- C:\WINDOWS\system32\bits
2008-05-22 19:48:06 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-22 19:39:00 0 d-------- C:\WINDOWS\EHome
2008-05-13 21:13:15 0 d-------- C:\Documents and Settings\Kids.DENSTEDTS\Application Data\Google
2008-05-13 18:25:40 0 d-------- C:\Documents and Settings\Kids.DENSTEDTS\Application Data\Apple Computer
2008-05-11 21:47:35 0 d-------- C:\Documents and Settings\Ours\Application Data\PlayFirst
2008-05-11 21:47:35 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-11 21:45:49 0 d-------- C:\Documents and Settings\Ours\Application Data\GameHouse
2008-05-11 21:45:46 0 d-------- C:\Program Files\GameHouse
2008-05-06 16:18:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe

-- Find3M Report ---------------------------------------------------------------

2008-06-04 18:37:48 0 d-------- C:\Program Files\Trend Micro
2008-06-04 16:28:25 0 d-------- C:\Program Files\Java
2008-05-31 10:13:21 0 d-------- C:\Program Files\Common Files
2008-05-31 09:22:47 0 d-------- C:\Program Files\SpywareBlaster
2008-05-30 22:16:39 0 d-------- C:\Documents and Settings\Ours\Application Data\Lavasoft
2008-05-22 19:52:49 0 d-------- C:\Program Files\Messenger
2008-05-22 19:52:13 0 d-------- C:\Program Files\Movie Maker
2008-05-22 19:47:46 0 d-------- C:\Program Files\Windows NT
2008-05-22 17:08:33 0 d-------- C:\Documents and Settings\Ours\Application Data\GARMIN
2008-05-19 20:35:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-06 16:18:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-06 16:17:14 0 d-------- C:\Documents and Settings\Ours\Application Data\AdobeUM
2008-05-04 07:16:38 0 d-------- C:\Program Files\Windows Live
2008-05-02 08:34:42 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-02 08:33:08 0 d-------- C:\Program Files\Windows Live Toolbar
2008-05-02 08:30:32 0 d-------- C:\Program Files\Windows Live Favorites
2008-05-01 18:13:53 0 d-------- C:\Documents and Settings\Ours\Application Data\Apple Computer
2008-04-28 19:28:35 0 d-------- C:\Documents and Settings\Ours\Application Data\Adobe
2008-04-26 09:42:50 0 d-------- C:\Program Files\Oberon Media
2008-04-19 13:06:23 0 d-------- C:\Program Files\Microsoft Works
2008-04-16 17:26:24 0 d-------- C:\Documents and Settings\Ours\Application Data\PC Suite
2008-04-16 17:26:16 0 d-------- C:\Documents and Settings\Ours\Application Data\Nokia
2008-04-16 17:26:16 1110 --a------ C:\Documents and Settings\Ours\Application Data\NMM-MetaData.db
2008-04-14 19:36:56 0 d-------- C:\Documents and Settings\Ours\Application Data\Yahoo!
2008-04-13 17:10:38 0 d-------- C:\Program Files\LimeWire
2008-04-13 17:05:25 0 d-------- C:\Program Files\Incomplete
2008-04-13 16:56:07 0 d-------- C:\Documents and Settings\Ours\Application Data\SAMSUNG
2008-04-12 08:44:52 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-11 22:34:13 0 d-------- C:\Program Files\Samsung
2008-04-11 08:50:25 0 d-------- C:\Documents and Settings\Ours\Application Data\FUJIFILM
2008-04-05 15:14:31 0 d-------- C:\Documents and Settings\Ours\Application Data\Talkback
2008-04-05 15:13:57 0 --a----c- C:\WINDOWS\nsreg.dat
2008-04-05 15:13:54 0 d-------- C:\Documents and Settings\Ours\Application Data\Mozilla
2008-04-04 08:22:17 774144 --a------ C:\Program Files\RngInterstitial.dll <Not Verified; RealNetworks, Inc.; RealNetworks, Inc. RngInterstitial>
2008-03-31 19:51:24 96577 --a----c- C:\WINDOWS\hpqins16.dat
2008-03-31 19:48:18 2064 --a----c- C:\Documents and Settings\Ours\Application Data\HPSU_48BitScanUpdate.log
2008-03-31 19:37:07 345 --a----c- C:\Documents and Settings\Ours\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
2008-03-31 19:37:05 0 --a----c- C:\Documents and Settings\Ours\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
2008-03-31 19:36:18 2799 --a----c- C:\Documents and Settings\Ours\Application Data\PatchUpdate_InstantShareJPG.log
2008-03-31 19:35:48 3596 --a----c- C:\Documents and Settings\Ours\Application Data\PatchUpdate_IZClosingDiscError.log
2008-03-31 19:34:32 137866 --a----c- C:\Documents and Settings\Ours\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-03-31 19:34:17 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
2008-03-31 19:32:01 112384 --a------ C:\WINDOWS\hpoins07.dat
2008-03-31 19:00:16 28672 --a------ C:\WINDOWS\system32\qttask.exe
2008-03-31 18:59:02 0 -rahs---- C:\MSDOS.SYS
2008-03-31 18:59:02 0 -rahs---- C:\IO.SYS
2008-03-31 18:59:02 0 --a------ C:\CONFIG.SYS
2008-03-31 18:59:02 0 --a------ C:\AUTOEXEC.BAT
2008-03-31 18:56:23 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-31 12:43:07 62 --ahs---- C:\Documents and Settings\Ours\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 14:47 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/23/2005 11:36]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/23/2005 11:31]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 23:32]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 17:24]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 17:44]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 17:34]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 09:06 C:\WINDOWS\AGRSMMSG.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/28/2006 01:38]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [09/05/2006 21:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 00:13]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [03/23/2007 13:20]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [03/09/2005 19:10]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 13:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 19:12]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 17:43]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"LvHidSvc"=C:\WINDOWS\system32\lvhidsvc.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Ours\Start Menu\Programs\Startup\
TVR Schedule.lnk - C:\Documents and Settings\Ours\Application Data\Microsoft\Installer\{E4C3B10E-E277-4458-8440-DAE332D50BF3}\_4ae13d6c.exe [3/31/2008 7:11:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [1/9/2002 10:53:14 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 12:23:26 AM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [5/12/2005 1:49:24 AM]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [9/4/1999 5:23:00 PM]
Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe [7/19/2006 11:45:12 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

-- End of Deckard's System Scanner: finished at 2008-06-05 16:15:13 ------------

guestolo · « **Reply #17 on:** June 06, 2008, 09:00:32 AM »

Can you do the following
Ensure that dss.exe is on your desktop
Go to START>>RUN>>Copy and paste the next command in bold

"%userprofile%\desktop\dss.exe" /daft

Then press Enter

* Click on the Scan button.
* Select everything it is displaying there
* Click the Fix button.
* Then rescan with DAFT again - it should say now that "All associations are OK"
* Close DAFT if you receive that message. This means that it is fixed now.

Can you do the following for me, although legit
Can you open taskmanager and let me know what CPU Useage is like
I'm curious about the following entry
lvhidsvc.exe
Does it use much CPU?

Just checking, it appears to be related to Lifeview HID Remote Controller
Some users reported high useage with it, others have no problems
How is it on your end?

Don't worry about the military time right now, we'll fix that in a bit

weasel096 · « **Reply #18 on:** June 06, 2008, 04:15:35 PM »

Did the scan you wanted done.

as for "lvhidsvc.exe" From the time Puter was started till you asked me to check it, it has been 25 min and there is no cpu used at all in that time frame.

The only prob that I am having is my screen looks smudged. Its like everything slid over and left smeered tracks.

guestolo · « **Reply #19 on:** June 06, 2008, 05:14:00 PM »

It could be your display drivers got corrupt
Have you checked your display properties to ensure everything looks ok

Can you do the following also
download [color=\"#0000FF\"]OTScanIt.exe[/color] to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

[color=\"#800080\"]Note: You must be logged on to the system with an account that has Administrator privileges to run this program.[/color]

Close ALL OTHER PROGRAMS.
Open the OTScanIt folder and double-click on OTScanIt.exe to start the program
In the Drivers section click on Non-Microsoft.
Under Additional Scans click the checkboxes in front of the following items to select them:
[color=\"#A0522D\"]Reg - BotCheck
Reg - Software Policy Settings[/color]
Copy/Paste the text in the codebox below into the Custom Scans box:

Code: [Select]

HKEY_CURRENT_USER\Control Panel\International
HKEY_CURRENT_USER\Control Panel\Desktop

Do not change any other settings.
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Save the file to your desktop or other location where you can find it.

Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).

News:

Author Topic: I got a trojan (Read 2971 times)