Blue screen!!!!!!!!!

[weasel096]

Had a blue screen come on telling me that there was a problem and it was needing to restart. Been having slow puter lately.

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:46 PM, on 8/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CbEvtSvc.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks\osCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207005698253
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207007319156
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ajlovesweasel-1969.spaces.live.com/...ad/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CbEvtSvc - Unknown owner - C:\WINDOWS\System32\CbEvtSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11282 bytes

[guestolo]

Can you do the following please
Let's see if anything shows up
 
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.

Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

[color=\"#FF0000\"]"%userprofile%\desktop\dss.exe" /config[/color]

When the DSS Configuration display opens click the "Check All" button (if the "Uncheck All" button shows, click that, then click "Check All"). Next, Under Main Log, uncheck the following:
System Restore
Temp Cleanup

Then under Options, place a check next to the following:
Backup Registry Hives
Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back the Whole contents of Main.txt and Extra.txt

[weasel096]

Deckard's System Scanner v20071014.68
Run by Ours on 2008-08-11 19:16:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.



-- HijackThis (run as Ours.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:35 PM, on 8/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CbEvtSvc.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Ours\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ours.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks\osCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207005698253
O16 - DPF: {644e432f-49d3-41a1-8dd5-e099162eeec5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207007319156
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ajlovesweasel-1969.spaces.live.com/...ad/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CbEvtSvc - Unknown owner - C:\WINDOWS\System32\CbEvtSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11630 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080602-181830-217 O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
backup-20080602-181830-280 O4 - HKLM\..\Run: [5cd0bccf] rundll32.exe "C:\WINDOWS\system32\udchydlh.dll",b
backup-20080602-181830-455 O4 - HKLM\..\Run: [{d10b2c7f-33f7-1d43-8f75-a6b3402f9956}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{6f9e1a15-0180-d974-96f8-28400f250b1a}.dll" DllStart
backup-20080602-181830-484 O4 - HKCU\..\Run: [SpyShredder] C:\Program Files\SpyShredder\SpyShredder.exe
backup-20080602-181830-683 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
backup-20080602-181830-832 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
backup-20080602-181830-863 O4 - HKLM\..\Run: [BM5fe38f53] Rundll32.exe "C:\WINDOWS\system32\qaobcsdf.dll",s
backup-20080602-181836-606 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cab
backup-20080602-203102-771 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\vbpdtvdp.exe,
backup-20080602-203103-117 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
backup-20080602-203103-151 O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
backup-20080602-203103-261 O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
backup-20080602-203103-292 O2 - BHO: (no name) - {889FFD77-6071-4E87-B9C9-6C2289F74D02} - C:\WINDOWS\system32\cbXRIyxU.dll
backup-20080602-203103-303 O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
backup-20080602-203103-309 O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
backup-20080602-203103-316 O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
backup-20080602-203103-319 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
backup-20080602-203103-398 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
backup-20080602-203103-411 O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
backup-20080602-203103-496 O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
backup-20080602-203103-507 O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
backup-20080602-203103-509 O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
backup-20080602-203103-516 O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
backup-20080602-203103-517 O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
backup-20080602-203103-528 O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
backup-20080602-203103-564 O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
backup-20080602-203103-602 O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
backup-20080602-203103-664 O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
backup-20080602-203103-713 O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
backup-20080602-203103-734 O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
backup-20080602-203103-755 O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
backup-20080602-203103-782 O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
backup-20080602-203103-795 O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
backup-20080602-203103-847 O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
backup-20080602-203103-871 O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
backup-20080602-203103-913 O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
backup-20080602-203103-957 O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
backup-20080603-214041-111 O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
backup-20080603-214041-129 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
backup-20080603-214041-130 O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
backup-20080603-214041-188 O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
backup-20080603-214041-225 O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
backup-20080603-214041-247 O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
backup-20080603-214041-269 O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
backup-20080603-214041-364 O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
backup-20080603-214041-390 O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
backup-20080603-214041-414 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
backup-20080603-214041-511 O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
backup-20080603-214041-523 O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
backup-20080603-214041-534 O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
backup-20080603-214041-543 O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
backup-20080603-214041-545 O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
backup-20080603-214041-551 O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
backup-20080603-214041-613 O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
backup-20080603-214041-771 O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
backup-20080603-214041-791 O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
backup-20080603-214041-806 O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
backup-20080603-214041-862 O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
backup-20080603-214041-931 O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
backup-20080603-214041-935 O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)

-- File Associations -----------------------------------------------------------

[color=\"red\"].reg - regfile - shell\open\command - regedit.exe "%1" %*[/color]
[color=\"red\"].scr - scrfile - shell\open\command - "%1" %*[/color]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 GBDevice - c:\windows\system32\drivers\gbdevice.sys <Not Verified; Symantec Corporation; Norton GoBack>
R0 GoBack2K - c:\windows\system32\drivers\goback2k.sys <Not Verified; Symantec Corporation; Norton GoBack>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R2 BCMNTIO - c:\program files\checkit\diagnostics\bcmntio.sys
R2 MAPMEM - c:\program files\checkit\diagnostics\mapmem.sys
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R3 LVCap138 (TV Card WDM Video Capture) - c:\windows\system32\drivers\lvcap138.sys <Not Verified; Animation Technologies Inc.; Lifeview ® LR138 TV Card>
R3 lvtuner (TV Card TV Tuner) - c:\windows\system32\drivers\lvtuner.sys <Not Verified; Animation Technologies Inc.; Lifeview ® TV Card>

S2 GBFSHook - c:\windows\system32\drivers\gbfshook.sys <Not Verified; Symantec Corporation; Norton GoBack>
S3 SDdriver - c:\windows\system32\drivers\sddriver.sys <Not Verified; Symantec Corporation; Norton Speed Disk>
S3 USBVSP - c:\windows\system32\drivers\usbvsp.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CbEvtSvc - c:\windows\system32\cbevtsvc.exe -k netsvcs
R2 Speed Disk service - c:\progra~1\norton~1\norton~1\speedd~1\nopdb.exe <Not Verified; Symantec Corporation; Norton Speed Disk>

S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Motorola SM56 Speakerphone Modem
Device ID: ROOT\MODEM\0001
Manufacturer: Motorola Inc
Name: Motorola SM56 Speakerphone Modem
PNP Device ID: ROOT\MODEM\0001
Service: Modem

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6103
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6103
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Process Modules -------------------------------------------------------------

All modules okay.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-11 18:59:00       252 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-08-11 12:00:10       290 --a------ C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
2008-08-09 19:53:00       284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-08-08 22:08:47       528 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Ours.job


-- Files created between 2008-07-11 and 2008-08-11 -----------------------------

2008-08-11 18:12:44         0 d-------- C:\Documents and Settings\Ours\.housecall6.6
2008-08-11 17:03:05         0 d-------- C:\Documents and Settings\Ours\Application Data\rhc77vj0e1de
2008-08-11 16:41:38     94208 --a------ C:\WINDOWS\system32\pphc37vj0e1de.exe
2008-08-11 16:41:38         0 d-------- C:\Documents and Settings\LocalService\Application Data\rhc77vj0e1de
2008-08-11 16:41:30         0 d-------- C:\Program Files\rhc77vj0e1de
2008-08-11 16:20:26    109762 --a------ C:\WINDOWS\system32\drivers\d5912742.sys
2008-08-11 16:20:21     34816 --a------ C:\Documents and Settings\LocalService\Application Data\521632863.exe
2008-08-11 16:19:54     60928 --a------ C:\WINDOWS\system32\blphc37vj0e1de.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-08-11 16:19:43    130048 --a------ C:\WINDOWS\system32\lphc37vj0e1de.exe
2008-08-11 16:17:38     74752 --a------ C:\WINDOWS\system32\CbEvtSvc.exe
2008-08-10 11:01:30         0 d-------- C:\Program Files\LiveUpdate
2008-08-10 10:59:32         0 d-------- C:\Program Files\mobile PhoneTools
2008-08-03 09:23:37         0 d-------- C:\Documents and Settings\Ours\Application Data\ieSpell
2008-07-31 20:27:15         0 d-------- C:\WINDOWS\Motorola
2008-07-25 19:18:14     40960 --a------ C:\WINDOWS\system32\Ulead Photo Express ScreenSaver.scr <Not Verified; Ulead Systems, Inc.; Ulead Photo Express>
2008-07-25 19:18:13    114688 -----n--- C:\WINDOWS\system32\UPSCR.Scr
2008-07-25 18:44:46         0 d-------- C:\Documents and Settings\Ours\Application Data\Help
2008-07-25 18:40:11         0 d-------- C:\Program Files\ffvfw
2008-07-25 16:12:21         0 d-------- C:\Program Files\Windows Media Components
2008-07-25 16:11:55         0 d-------- C:\Program Files\Ulead Systems
2008-07-25 16:11:55         0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-07-25 16:11:55         0 d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-07-25 16:10:38    139264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-07-25 16:10:38    524288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-07-25 16:09:47         0 d-------- C:\WINDOWS\Options
2008-07-25 16:09:47         0 d-------- C:\Program Files\Digital Video
2008-07-19 16:28:50   1933312 --a------ C:\WINDOWS\system32\Tropix.scr
2008-07-18 13:34:32    586240 --a------ C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Photo Gallery>
2008-07-13 13:02:01         0 d-------- C:\Program Files\ieSpell
2008-07-12 09:33:55         0 d--hs---- C:\WINDOWS\ftpcache


-- Find3M Report ---------------------------------------------------------------

2008-08-11 17:35:43         0 d-------- C:\Program Files\Common Files
2008-08-10 11:01:30         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-29 21:40:20         0 d-------- C:\Program Files\Oberon Media
2008-07-19 16:28:51         0 d-------- C:\Program Files\GameHouse
2008-07-15 18:44:51         0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-03 16:06:51         0 d-------- C:\Program Files\Norton SystemWorks
2008-06-30 17:25:22         0 d-------- C:\Documents and Settings\Ours\Application Data\Adobe
2008-06-30 17:25:19         0 d-------- C:\Documents and Settings\Ours\Application Data\Macromedia
2008-06-30 17:24:09         0 d-------- C:\Program Files\Google
2008-06-16 19:41:28         0 d-------- C:\Program Files\Coupons
2008-05-31 10:45:51 2147483647 --ahs---- C:\gobackio.bin


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 02:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [06/21/2005 04:48 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [06/21/2005 04:44 PM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 11:32 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 05:24 PM]
"KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 05:44 PM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 05:34 PM]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 09:06 AM C:\WINDOWS\AGRSMMSG.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/28/2006 01:38 AM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [09/05/2006 09:22 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
"NSWosCheck"="C:\Program Files\Norton SystemWorks\osCheck.exe" [12/03/2007 01:41 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 05:38 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:12 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe [7/19/2006 11:45:12 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ours^Start Menu^Programs^Startup^TVR Schedule.lnk]
path=C:\Documents and Settings\Ours\Start Menu\Programs\Startup\TVR Schedule.lnk
backup=C:\WINDOWS\pss\TVR Schedule.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphc37vj0e1de]
C:\WINDOWS\system32\lphc37vj0e1de.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smrhc77vj0e1de]
C:\Program Files\rhc77vj0e1de\rhc77vj0e1de.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ulead photo express calendar checker]
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs   eaphost
dot3svc   dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-08-11 19:19:07 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.93GHz
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 759.48 MiB / 291.29 MiB
Pagefile Memory (total/avail): 1860.28 MiB / 1476.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1884.77 MiB

C: is Fixed (NTFS) - 74.52 GiB total, 18.58 GiB free.
D: is Removable (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is CDROM (No Media)
I: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 1 partition
  \PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ours\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DENSTEDTS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ours
LOGONSERVER=\\DENSTEDTS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\Common Files\Ulead Systems\MPEG
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ours\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ours\LOCALS~1\Temp
USERDOMAIN=DENSTEDTS
USERNAME=Ours
USERPROFILE=C:\Documents and Settings\Ours
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Ours (admin)
Kids.DENSTEDTS


-- Add/Remove Programs ---------------------------------------------------------

 --> "C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
 --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Advanced System Optimizer 2 --> "C:\Program Files\Advanced System Optimizer\unins000.exe"
Agere Systems PCI Soft Modem --> agrsmdel
AntivirXP08 --> "C:\Program Files\rhc77vj0e1de\uninstall.exe"
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CheckIt Diagnostics --> C:\PROGRA~1\CheckIt\DIAGNO~1\UNWISE.EXE C:\PROGRA~1\CheckIt\DIAGNO~1\INSTALL.LOG
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Connection Keep Alive --> MsiExec.exe /I{77364F85-6219-4CB8-AAA0-6D53368D683D}
Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Digital Video --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4A71E27C-07D2-4CB8-ACA9-165242416758}\Setup.exe" -l0x9
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
ffvfw (uninstall only) --> "C:\Program Files\ffvfw\uninstall.exe"
FinePixViewer Ver.3.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{24ED4D80-8294-11D5-96CD-0040266301AD} /l1033
Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Garmin MapSource --> MsiExec.exe /X{4ACBBFC6-3F39-48DE-8D85-182736B2749B}
Garmin Training Center 3.3.2 --> MsiExec.exe /X{7834FE69-824C-4644-8107-899201C074C8}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9  -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9  -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
ieSpell --> "C:\Program Files\ieSpell\uninst.exe"
ImageMixer VCD for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
InterVideo WinDVD 8 --> C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java(tm) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LimeWire PRO 4.9.23 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate BVRP Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works 2000 --> MsiExec.exe /I{56364334-9530-11D2-BFFC-00C04FA329AA}
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
mobile PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9  -uninst
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_5_89\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Cleanup --> MsiExec.exe /I{CA31120D-2101-484D-9FF1-195DE96FE346}
Norton GoBack 4.2 --> MsiExec.exe /I{1F76ACFA-22FE-49F6-BC05-F4EC835F48CC}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Norton SystemWorks --> MsiExec.exe /I{71E7B3F5-CFAF-4C1E-B494-528E28707937}
Norton SystemWorks --> MsiExec.exe /I{9E23C48E-5483-4971-BA50-089F2FABCD66}
Norton SystemWorks (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{71E7B3F5-CFAF-4C1E-B494-528E28707937}\{71E7B3F5-CFAF-4C1E-B494-528E28707937}.exe" /X
Norton Utilities --> MsiExec.exe /I{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{DF821FC5-C198-452B-A0D4-82433EFEAE9B}
PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{117CD9C0-0F15-4633-93D7-F957B50535A5}
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 --> "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shop for HP Supplies --> C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Ulead Photo Express 5 SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}\Setup.exe" -l0x9
Ulead VideoStudio 8.0 SE DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F1DA6BF-3614-48A1-9970-9E90F646789E}\Setup.exe" -l0x9
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{A40D6757-B145-4FE7-B694-89180A9F3F64}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XVID Codec Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{534C6D59-D6E3-48A6-AD0B-747799019960}\Setup.exe" -l0x9
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! ¤u¨ã¦C --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE


-- Application Event Log -------------------------------------------------------

Event Record #/Type3314 / Warning
Event Submitted/Written: 08/10/2008 11:18:31 AM
Event ID/Source: 2002 / LoadPerf
Event Description:
The MOF file created for the Outlook service could not be loaded. The
error code returned by the MOF Compiler is contained in the Record Data.
Before the performance counters of this service can be collected by WMI
the MOF file will need to be loaded manually. Contact the vendor of this
service for additional information.

Event Record #/Type3212 / Error
Event Submitted/Written: 08/08/2008 06:44:07 PM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D

Event Record #/Type3170 / Error
Event Submitted/Written: 08/07/2008 07:25:41 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16674, faulting module unknown, version 0.0.0.0, fault address 0x033e6377.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type2957 / Error
Event Submitted/Written: 07/31/2008 09:31:10 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application mmcenter.exe, version 1.0.0.1, faulting module videoeditor.dll, version 1.1.0.0, fault address 0x000435f3.
Processing media-specific event for [mmcenter.exe!ws!]

Event Record #/Type2886 / Error
Event Submitted/Written: 07/29/2008 04:02:04 PM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type9078 / Error
Event Submitted/Written: 08/11/2008 05:57:11 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type9077 / Error
Event Submitted/Written: 08/11/2008 05:57:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Event Record #/Type9076 / Error
Event Submitted/Written: 08/11/2008 05:55:56 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
eeCtrl
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SRTSPX
StarOpen
SYMTDI
Tcpip

Event Record #/Type9075 / Error
Event Submitted/Written: 08/11/2008 05:55:56 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Event Record #/Type9074 / Error
Event Submitted/Written: 08/11/2008 05:55:56 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-08-11 19:19:07 ------------

[guestolo]

Can you temporarily Disable Norton's Auto Protect

Then Please run a free online scan with the [color=\"blue\"]ESET Online Scanner[/color][/url]
Note: You will need to use Internet Explorer for this scan[/i].[list=1]

• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the ActiveX control to install
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan
  Wait for the scan to finish
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

[weasel096]

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3347 (20080811)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=423ae180988e93479bb7bce349147adf
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-08-12 01:51:40
# local_time=2008-08-11 08:51:40 (-0600, Central Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=309118
# found=8
# scan_time=4082
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HWYA7WAN\install[1].exe   Win32/Rustock.NFW trojan (unable to clean - deleted)   00000000000000000000000000000000
C:\Documents and Settings\Ours\Application Data\Sun\Java\Deployment\cache\6.0\51\25d09bb3-1451b405   Java/TrojanDownloader.OpenStream.NAC trojan (unable to clean - deleted)   00000000000000000000000000000000
C:\Documents and Settings\Ours\Application Data\Sun\Java\Deployment\cache\6.0\57\538bb179-23f89acc   Java/TrojanDownloader.OpenStream.NAB trojan (deleted)   00000000000000000000000000000000
C:\Documents and Settings\Ours\Application Data\Sun\Java\Deployment\cache\6.0\57\538bb179-23f89acc »ZIP »OP.class   Java/TrojanDownloader.OpenStream.NAB trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object)   00000000000000000000000000000000
C:\Program Files\rhc77vj0e1de\rhc77vj0e1de.exe   Win32/Adware.Antivirus2008 application (unable to clean - deleted)   00000000000000000000000000000000
C:\RECYCLER\NPROTECT\00058590.EXE   Win32/Adware.Antivirus2008 application (unable to clean - deleted)   00000000000000000000000000000000
C:\WINDOWS\system32\phc37vj0e1de.bmp   Win32/TrojanDownloader.FakeAlert.DJ trojan (unable to clean - deleted)   00000000000000000000000000000000
C:\WINDOWS\system32\pphc37vj0e1de.exe   Win32/TrojanDownloader.FakeAlert.FK trojan (unable to clean - deleted)   00000000000000000000000000000000

[guestolo]

That cleared a bit

Can you also do the following

If you have an older version of ComboFix, delete it as we will need an updated copy

Download a copy of ComboFix from [color=\"#FF0000\"]> HERE <[/color][/url]
Save it ONLY to your desktop

Double click on ComboFix.exe to run it
Follow the prompts

NOTE:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Normally this fix takes 10 to 30 minutes

When finished, it shall produce a log for you  with the  name C:\ComboFix.txt..
If the system is rebooted, the log will be produced after a few minutes after rebooting


Post the ComboFix log
Afterwards:

You still have  Malwarebytes' Anti-Malware installed
Can you run the program

When the main windows opens, click on the UPDATE tab
Then click the Check for Updates button

• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
     
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
     
  
• Make sure that everything is checked, and click Remove Selected.
      * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
     
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Note: You can either edit your reply to include the log, or Add a new reply to include this report

[weasel096]

ComboFix 08-08-12.01 - Ours 2008-08-12 18:09:03.4 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.374 [GMT -5:00]
Running from: C:\Documents and Settings\Ours\Desktop\ComboFix.exe
 * Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\Kids.DENSTEDTS\Application Data\macromedia\Flash Player\#SharedObjects\NAFW7BDB\interclick.com
C:\Documents and Settings\Kids.DENSTEDTS\Application Data\macromedia\Flash Player\#SharedObjects\NAFW7BDB\interclick.com\ud.sol
C:\Documents and Settings\Kids.DENSTEDTS\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Kids.DENSTEDTS\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\LocalService\Application Data\521632863.exe
C:\Documents and Settings\LocalService\Application Data\633968421.exe
C:\Documents and Settings\LocalService\Application Data\rhc77vj0e1de
C:\Documents and Settings\Ours\Application Data\macromedia\Flash Player\#SharedObjects\2KXERG9R\interclick.com
C:\Documents and Settings\Ours\Application Data\macromedia\Flash Player\#SharedObjects\2KXERG9R\interclick.com\ud.sol
C:\Documents and Settings\Ours\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Ours\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Ours\Application Data\rhc77vj0e1de
C:\Program Files\Internet Explorer\setupapi.dll
C:\Program Files\rhc77vj0e1de
C:\WINDOWS\BM5fe38f53.txt
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\system32\blphc37vj0e1de.scr
C:\WINDOWS\system32\CbEvtSvc.exe
C:\WINDOWS\system32\lphc37vj0e1de.exe
C:\WINDOWS\system32\phc37vj0e1de.bmp
C:\WINDOWS\system32\pphc37vj0e1de.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CBEVTSVC
-------\Service_CbEvtSvc


(((((((((((((((((((((((((   Files Created from 2008-07-12 to 2008-08-12  )))))))))))))))))))))))))))))))
.

2008-08-11 19:39 . 2008-08-11 20:51   <DIR>   d--------   C:\Program Files\EsetOnlineScanner
2008-08-11 19:14 . 2008-08-11 19:14   <DIR>   d--------   C:\Deckard
2008-08-11 18:13 . 2008-08-11 18:13   102,664   --a------   C:\WINDOWS\system32\drivers\tmcomm.sys
2008-08-11 18:12 . 2008-08-11 18:29   <DIR>   d--------   C:\Documents and Settings\Ours\.housecall6.6
2008-08-11 16:20 . 2008-08-12 18:18   109,762   --a------   C:\WINDOWS\system32\drivers\d5912742.sys
2008-08-10 11:01 . 2008-08-10 11:01   <DIR>   d--------   C:\Program Files\LiveUpdate
2008-08-10 10:59 . 2008-08-10 11:01   <DIR>   d--------   C:\Program Files\mobile PhoneTools
2008-08-03 09:23 . 2008-08-03 09:23   <DIR>   d--------   C:\Documents and Settings\Ours\Application Data\ieSpell
2008-07-31 20:27 . 2008-07-31 20:27   <DIR>   d--------   C:\WINDOWS\Motorola
2008-07-31 20:27 . 2001-08-17 13:57   16,128   --a------   C:\WINDOWS\system32\drivers\MODEMCSA.sys
2008-07-31 20:27 . 2001-08-17 13:57   16,128   --a--c---   C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-07-25 19:18 . 2003-09-11 10:49   114,688   ---------   C:\WINDOWS\system32\UPSCR.Scr
2008-07-25 19:18 . 2004-03-18 15:56   40,960   --a------   C:\WINDOWS\system32\Ulead Photo Express ScreenSaver.scr
2008-07-25 18:40 . 2008-07-25 18:40   <DIR>   d--------   C:\Program Files\ffvfw
2008-07-25 16:12 . 2008-07-25 16:12   <DIR>   d--------   C:\Program Files\Windows Media Components
2008-07-25 16:11 . 2008-07-25 19:14   <DIR>   d--------   C:\Program Files\Ulead Systems
2008-07-25 16:11 . 2008-07-25 16:12   <DIR>   d--------   C:\Program Files\Common Files\Ulead Systems
2008-07-25 16:11 . 2008-07-25 19:18   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-07-25 16:10 . 2004-07-12 04:25   524,288   --a------   C:\WINDOWS\system32\xvidcore.dll
2008-07-25 16:10 . 2004-07-12 22:47   139,264   --a------   C:\WINDOWS\system32\xvidvfw.dll
2008-07-25 16:10 . 2004-07-12 22:44   53,248   --a------   C:\WINDOWS\system32\xvid.ax
2008-07-25 16:09 . 2008-07-25 16:09   <DIR>   d--------   C:\WINDOWS\Options
2008-07-25 16:09 . 2008-07-25 16:09   <DIR>   d--------   C:\Program Files\Digital Video
2008-07-19 16:28 . 2006-05-05 23:31   1,933,312   --a------   C:\WINDOWS\system32\Tropix.scr
2008-07-18 13:34 . 2008-07-18 13:34   586,240   --a------   C:\WINDOWS\WLXPGSS.SCR
2008-07-13 13:02 . 2008-07-13 13:02   <DIR>   d--------   C:\Program Files\ieSpell
2008-07-12 09:33 . 2008-07-12 09:33   <DIR>   d--hs----   C:\WINDOWS\ftpcache

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-10 16:10   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-08-10 16:01   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-08-04 21:04   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-30 22:42   23,888   ----a-w   C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 22:28   706   ----a-w   C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 22:28   10,537   ----a-w   C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-07-30 02:40   ---------   d-----w   C:\Program Files\Oberon Media
2008-07-30 02:39   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-19 21:28   ---------   d-----w   C:\Program Files\GameHouse
2008-07-15 23:44   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
2008-07-03 21:06   ---------   d-----w   C:\Program Files\Norton SystemWorks
2008-06-30 22:24   ---------   d-----w   C:\Program Files\Google
2008-06-20 11:51   361,600   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40   138,496   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08   225,856   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 00:41   ---------   d-----w   C:\Program Files\Coupons
2008-06-13 11:05   272,128   ----a-w   C:\WINDOWS\system32\drivers\bthport.sys
2008-05-31 15:45   8,002,338,816   --sha-w   C:\gobackio.bin
2008-05-31 14:12   0   ----a-w   C:\Documents and Settings\Ours\urlbase.bin
2008-05-31 14:12   0   ----a-w   C:\Documents and Settings\Ours\ignoredomainsbase.bin
2008-04-04 13:22   774,144   ----a-w   C:\Program Files\RngInterstitial.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 23:32 53248]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 17:24 54840]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-28 01:38 107112]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 21:22 26248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"NSWosCheck"="C:\Program Files\Norton SystemWorks\osCheck.exe" [2007-12-03 01:41 25472]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 15:32 8699904]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe [2006-07-19 11:45:12 861872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"vidc.fvfw"= ffvfw.dll
"msacm.avis"= ffvfw.dll
"msacm.mpegacm "= mpegacm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ours^Start Menu^Programs^Startup^TVR Schedule.lnk]
path=C:\Documents and Settings\Ours\Start Menu\Programs\Startup\TVR Schedule.lnk
backup=C:\WINDOWS\pss\TVR Schedule.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a--c--- 2005-03-09 19:10 11776 C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-07-23 16:33 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ulead photo express calendar checker]
--a------ 2004-01-12 20:40 69632 C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
S3 USBVSP;USBVSP;C:\WINDOWS\system32\drivers\Usbvsp.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-08-10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]

2008-08-12 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-08-09 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Ours.job
- C:\PROGRA~1\NORTON~2\Navw32.exe [2006-09-07 01:38]

2008-08-11 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
- C:\Program Files\Norton SystemWorks\OBC.exe [2007-12-03 01:41]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-lphc37vj0e1de - C:\WINDOWS\system32\lphc37vj0e1de.exe
HKLM-Run-SMrhc77vj0e1de - C:\Program Files\rhc77vj0e1de\rhc77vj0e1de.exe
MSConfigStartUp-lphc37vj0e1de - C:\WINDOWS\system32\lphc37vj0e1de.exe
MSConfigStartUp-PCSuiteTrayApplication - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
MSConfigStartUp-smrhc77vj0e1de - C:\Program Files\rhc77vj0e1de\rhc77vj0e1de.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Ours\Application Data\Mozilla\Firefox\Profiles\cxuduomu.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 18:17:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\d5912742]
"ImagePath"="\SystemRoot\System32\drivers\d5912742.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\System32\CSCDLL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2008-08-12 18:27:59 - machine was rebooted
ComboFix-quarantined-files.txt  2008-08-12 23:27:54

Pre-Run: 19,799,511,040 bytes free
Post-Run: 20,186,079,232 bytes free

259   --- E O F ---   2008-08-08 23:53:07

[weasel096]

Malwarebytes' Anti-Malware 1.24
Database version: 1045
Windows 5.1.2600 Service Pack 3

6:41:11 PM 8/12/2008
mbam-log-8-12-2008 (18-41-11).txt

Scan type: Quick Scan
Objects scanned: 44120
Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc77vj0e1de (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc77vj0e1de (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\d5912742.sys (Trojan.Rustock) -> Delete on reboot.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

[guestolo]

Can you post a fresh hijackthis log please and let me know now how everythings running

[weasel096]

When i fired up my puter today and yesterday i got some email alerts poping up saying the email couldnot be sent.  These were symantec alerts.

Also, for the last month or so when i start it up, svchost.exe takes 100% cpu for 4-5min.  If i end task through task manager I have no sound.

Symantec keeps poping up in the lower right corner while I am typing this that says "A recent attempt to attack your computer was blocked."

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:09:28 PM, on 8/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks\osCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762dec-6b0d-4ab4-a8ad-989993b5d08b} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207005698253
O16 - DPF: {644e432f-49d3-41a1-8dd5-e099162eeec5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207007319156
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ajlovesweasel-1969.spaces.live.com/...ad/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12016 bytes

[guestolo]

When i fired up my puter today and yesterday i got some email alerts poping up saying the email couldnot be sent. These were symantec alerts.

What email client are you using?
Eg.. Outlook Express, have you gone thru Outlook and ensured the Sent folder is emptied

Also, for the last month or so when i start it up, svchost.exe takes 100% cpu for 4-5min. If i end task through task manager I have no sound.

I have a feeling this may be due to an entry in your log
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
Slyware file used surreptitiously monitor one's actions. It is not a sinister one like remote control programs but it is being used by Realtek to gather data about customers

We'll deal with that entry in a bit

Symantec keeps poping up in the lower right corner while I am typing this that says "A recent attempt to attack your computer was blocked."

This appears more informative
Read this thread and see if it's identical
http://www.tek-tips.com/viewthread.cfm?qid...3309&page=2

Can you next do the following, I want to ensure a service and file are gone
Delete your copy of ComboFix on desktop,
then redownload a fresh copy from [color=\"#FF0000\"]> HERE <[/color][/url]
Save it ONLY to your desktop

NEXT:
==Open notepad
Click START>>RUN>>type in notepad
Hit OK
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]
KillAll::
Driver::
d5912742
File::
C:\WINDOWS\system32\drivers\d5912742.sys
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\d5912742]
[/color]
Save this as txtfile on your desktop
CFScript
We'll need it in a bit

With your browser windows closed
Access your Add and Remove Programs and Remove
Javaâ„¢ 6 Update 5
we'll update this in a bit

Temporarily Disable your AntiVirus software so as it won't interfere with the next step
Then

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you  with the same name C:\ComboFix.txt..

I'll need to see that log
But first
 
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
[color=\"blue\"]Updating Java:[/color]

• Download the latest version of  Java Runtime Environment (JRE) 6.
  
• Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7".
  
• Click the "Download" button to the right.
  
• In the Window that opens, select Windows, >>Check the "agree" box and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Then from your desktop double-click on jre-6u7-windows-i586-p.exe that you downloaded to install the newest version.
  

Post back the log from ComboFix afterwards
Also run a fresh scan save logfile with Hijackthis and post it's log too

[weasel096]

I have outlook but never use it.


http://www.tek-tips.com/viewthread.cfm?qid...3309&page=2
yes this is what its doing.



ComboFix 08-08-13.02 - Ours 2008-08-14 16:09:53.5 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.425 [GMT -5:00]
Running from: C:\Documents and Settings\Ours\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ours\Desktop\CFScript.txt
 * Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\WINDOWS\system32\drivers\d5912742.sys
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\d5912742.sys

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_d5912742


(((((((((((((((((((((((((   Files Created from 2008-07-14 to 2008-08-14  )))))))))))))))))))))))))))))))
.

2008-08-13 21:26 . 2008-08-13 21:28   <DIR>   d--------   C:\Program Files\Virtual Earth 3D
2008-08-12 18:31 . 2008-07-30 20:07   38,472   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-11 19:39 . 2008-08-11 20:51   <DIR>   d--------   C:\Program Files\EsetOnlineScanner
2008-08-11 19:14 . 2008-08-11 19:14   <DIR>   d--------   C:\Deckard
2008-08-11 18:13 . 2008-08-11 18:13   102,664   --a------   C:\WINDOWS\system32\drivers\tmcomm.sys
2008-08-11 18:12 . 2008-08-11 18:29   <DIR>   d--------   C:\Documents and Settings\Ours\.housecall6.6
2008-08-10 11:01 . 2008-08-10 11:01   <DIR>   d--------   C:\Program Files\LiveUpdate
2008-08-10 10:59 . 2008-08-10 11:01   <DIR>   d--------   C:\Program Files\mobile PhoneTools
2008-08-03 09:23 . 2008-08-03 09:23   <DIR>   d--------   C:\Documents and Settings\Ours\Application Data\ieSpell
2008-07-31 20:27 . 2008-07-31 20:27   <DIR>   d--------   C:\WINDOWS\Motorola
2008-07-31 20:27 . 2001-08-17 13:57   16,128   --a------   C:\WINDOWS\system32\drivers\MODEMCSA.sys
2008-07-31 20:27 . 2001-08-17 13:57   16,128   --a--c---   C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-07-25 19:18 . 2003-09-11 10:49   114,688   ---------   C:\WINDOWS\system32\UPSCR.Scr
2008-07-25 19:18 . 2004-03-18 15:56   40,960   --a------   C:\WINDOWS\system32\Ulead Photo Express ScreenSaver.scr
2008-07-25 18:40 . 2008-07-25 18:40   <DIR>   d--------   C:\Program Files\ffvfw
2008-07-25 16:12 . 2008-07-25 16:12   <DIR>   d--------   C:\Program Files\Windows Media Components
2008-07-25 16:11 . 2008-07-25 19:14   <DIR>   d--------   C:\Program Files\Ulead Systems
2008-07-25 16:11 . 2008-07-25 16:12   <DIR>   d--------   C:\Program Files\Common Files\Ulead Systems
2008-07-25 16:11 . 2008-07-25 19:18   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-07-25 16:10 . 2004-07-12 04:25   524,288   --a------   C:\WINDOWS\system32\xvidcore.dll
2008-07-25 16:10 . 2004-07-12 22:47   139,264   --a------   C:\WINDOWS\system32\xvidvfw.dll
2008-07-25 16:10 . 2004-07-12 22:44   53,248   --a------   C:\WINDOWS\system32\xvid.ax
2008-07-25 16:09 . 2008-07-25 16:09   <DIR>   d--------   C:\WINDOWS\Options
2008-07-25 16:09 . 2008-07-25 16:09   <DIR>   d--------   C:\Program Files\Digital Video
2008-07-19 16:28 . 2006-05-05 23:31   1,933,312   --a------   C:\WINDOWS\system32\Tropix.scr
2008-07-18 13:34 . 2008-07-18 13:34   586,240   --a------   C:\WINDOWS\WLXPGSS.SCR

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 21:05   ---------   d-----w   C:\Program Files\Java
2008-08-12 23:31   ---------   d-----w   C:\Program Files\Malwarebytes' Anti-Malware
2008-08-10 16:10   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-08-10 16:01   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-08-04 21:04   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-31 01:07   17,144   ----a-w   C:\WINDOWS\system32\drivers\mbam.sys
2008-07-30 22:42   23,888   ----a-w   C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 22:28   706   ----a-w   C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 22:28   10,537   ----a-w   C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-07-30 02:40   ---------   d-----w   C:\Program Files\Oberon Media
2008-07-30 02:39   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-19 21:28   ---------   d-----w   C:\Program Files\GameHouse
2008-07-15 23:44   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
2008-07-03 21:06   ---------   d-----w   C:\Program Files\Norton SystemWorks
2008-06-30 22:24   ---------   d-----w   C:\Program Files\Google
2008-06-20 11:51   361,600   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40   138,496   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08   225,856   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 00:41   ---------   d-----w   C:\Program Files\Coupons
2008-05-31 15:45   8,002,338,816   --sha-w   C:\gobackio.bin
2008-05-31 14:12   0   ----a-w   C:\Documents and Settings\Ours\urlbase.bin
2008-05-31 14:12   0   ----a-w   C:\Documents and Settings\Ours\ignoredomainsbase.bin
2008-04-04 13:22   774,144   ----a-w   C:\Program Files\RngInterstitial.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-08-12_18.27.28.07   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-14 02:28:52   880,640   ----a-w   C:\WINDOWS\assembly\GAC_32\Microsoft.MapPoint.GraphicsAPI\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.GraphicsAPI.dll
+ 2008-08-14 02:28:51   33,808   ----a-w   C:\WINDOWS\assembly\GAC_MSIL\GeoCommunityCommon\2.0.0.0__31bf3856ad364e35\GeoCommunityCommon.dll
+ 2008-08-14 02:28:47   163,840   ----a-w   C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Data.CompactMapFile\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Data.CompactMapFile.dll
+ 2008-08-14 02:28:47   151,552   ----a-w   C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Data.VirtualEarthTileDataSource\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Data.VirtualEarthTileDataSource.dll
+ 2008-08-14 02:28:47   376,832   ----a-w   C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Data\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Data.dll
+ 2008-08-14 02:28:51   65,536   ----a-w   C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.GeoCommunities.COM\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.GeoCommunities.COM.dll
+ 2008-08-14 02:28:51   356,352   ----a-w   C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.GeoCommunities.resources\2.5.0.0_fr-CA_31bf3856ad364e35\Microsoft.MapPoint.GeoCommunities.resources.dll
+ 2008-08-14 02:28:51   356,352   ----a-w   C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.GeoCommunities.resources\2.5.0.0_fr_31bf3856ad364e35\Microsoft.MapPoint.GeoCommunities.resources.dll
+ 2008-08-14 02:28:50   819,200   ----a-w   C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.GeoCommunities\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.GeoCommunities.dll
+ 2008-08-14 02:28:47   208,896   ----a-w   C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Geometry\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Geometry.dll
+ 2008-08-14 02:28:48   540,672   ----a-w   C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Graphics3D\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Graphics3D.dll
+ 2008-08-14 02:28:47   143,360   ----a-w   C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.MapControl3D\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.MapControl3D.dll
+ 2008-08-14 02:28:51   270,336   ----a-w   C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Modeling\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Modeling.dll
+ 2008-08-14 02:28:49   77,824   ----a-w   C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Network\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Network.dll
+ 2008-08-14 02:28:48   73,728   ----a-w   C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\2.5.0.0_es_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-08-14 02:28:48   69,632   ----a-w   C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\2.5.0.0_fr-CA_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-08-14 02:28:48   69,632   ----a-w   C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\2.5.0.0_fr_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-08-14 02:28:48   73,728   ----a-w   C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\2.5.0.0_it_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-08-14 02:28:49   73,728   ----a-w   C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.resources\2.5.0.0_ja_31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Resources.dll
+ 2008-08-14 02:28:50   131,072   ----a-w   C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.Utility\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.Utility.dll
+ 2008-08-14 02:28:50   245,760   ----a-w   C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D.WorldMemoryDataSource\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.WorldMemoryDataSource.dll
+ 2008-08-14 02:28:48   770,048   ----a-w   C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Rendering3D\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Rendering3D.dll
+ 2008-08-14 02:28:49   94,208   ----a-w   C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.Utility\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.Utility.dll
+ 2008-08-14 02:28:49   61,440   ----a-w   C:\WINDOWS\assembly\GAC_MSIL\Microsoft.MapPoint.UtilityPartialTrust\2.5.0.0__31bf3856ad364e35\Microsoft.MapPoint.UtilityPartialTrust.dll
+ 2008-08-14 02:28:51   106,496   ----a-w   C:\WINDOWS\assembly\GAC_MSIL\Microsoft.WindowsLive.Id.Client.resources\2.5.0.0_fr_31bf3856ad364e35\Microsoft.WindowsLive.Id.Client.resources.dll
+ 2008-08-14 02:28:51   200,704   ----a-w   C:\WINDOWS\assembly\GAC_MSIL\Microsoft.WindowsLive.Id.Client\2.5.0.0__31bf3856ad364e35\Microsoft.WindowsLive.Id.Client.dll
+ 2008-08-14 21:15:28   376,832   ----a-w   C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MapPoint.#\907e6c4d94b32d15862f281e81c5f1ce\Microsoft.MapPoint.MapControl3D.ni.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44 126976]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 23:32 53248]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 17:24 54840]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-28 01:38 107112]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 21:22 26248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"NSWosCheck"="C:\Program Files\Norton SystemWorks\osCheck.exe" [2007-12-03 01:41 25472]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 15:32 8699904]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe [2006-07-19 11:45:12 861872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"vidc.fvfw"= ffvfw.dll
"msacm.avis"= ffvfw.dll
"msacm.mpegacm "= mpegacm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ours^Start Menu^Programs^Startup^TVR Schedule.lnk]
path=C:\Documents and Settings\Ours\Start Menu\Programs\Startup\TVR Schedule.lnk
backup=C:\WINDOWS\pss\TVR Schedule.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a--c--- 2005-03-09 19:10 11776 C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-07-23 16:33 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ulead photo express calendar checker]
--a------ 2004-01-12 20:40 69632 C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
S3 USBVSP;USBVSP;C:\WINDOWS\system32\drivers\Usbvsp.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-08-10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]

2008-08-14 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-08-09 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Ours.job
- C:\PROGRA~1\NORTON~2\Navw32.exe [2006-09-07 01:38]

2008-08-11 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
- C:\Program Files\Norton SystemWorks\OBC.exe [2007-12-03 01:41]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 16:17:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
.
**************************************************************************
.
Completion time: 2008-08-14 16:28:08 - machine was rebooted
ComboFix-quarantined-files.txt  2008-08-14 21:28:00
ComboFix2.txt  2008-08-12 23:28:00

Pre-Run: 20,116,385,792 bytes free
Post-Run: 20,179,894,272 bytes free

252   --- E O F ---   2008-08-08 23:53:07





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:36:54 PM, on 8/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify...ef1&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks\osCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.Email Removed.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762dec-6b0d-4ab4-a8ad-989993b5d08b} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207005698253
O16 - DPF: {644e432f-49d3-41a1-8dd5-e099162eeec5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207007319156
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ajlovesweasel-1969.spaces.live.com/...ad/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{600C79F4-1F00-4A7D-A8F5-4080020751EF}: NameServer = 208.38.65.37,208.38.65.35
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11671 bytes

[guestolo]

http://www.tek-tips.com/viewthread.cfm?qid...3309&page=2
yes this is what its doing.

So did you try any of the suggestions in the link I supplied?

What version of Norton's do you have installed?
Is it kept right up to date?
Program updates and Virus definitions

[weasel096]

So did you try any of the suggestions in the link I supplied?
Not yet.  Was waiting for your responce b4 I did anything.

What version of Norton's do you have installed?
Norton SystemWorks 2007

Is it kept right up to date?
Program updates and Virus definitions
Yes but subscription is expired.

I am wondering what you would suggest for a free antivirus program other than AVG?

[guestolo]

You can uninstall Nod32 Eset scanner from Add and REmove programs

Go to START>>RUN
Copy and Paste the following to the open field

ComboFix /u

Then hit OK
The above procedure will:

Delete the following:
   

• ComboFix and its associated files and folders.
• VundoFix backups, if present
• The C:\Deckard folder, if present
• The C:\_OtMoveIt folder, if present
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Reset System Restore.

Manually delete Dss.exe from desktop

your versions of SpywareBlaster is outdated
I suggest that you
First download the installer
SpywareBlaster  by JavaCool

Don't install it yet
Instead, Open SpywareBlaster
"Disable All Protections"
Close SpywareBlaster
Access your Add and Remove Programs and first remove
SpywareBlaster 4.0

Reboot the computer
Back in Windows
Go ahead and install the latest version of SpywareBlaster

After installation, Check for updates
After updating, select "Protection Status" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
or again, click on Protection Startus>>enable all protection

Yes but subscription is expired.

I am wondering what you would suggest for a free antivirus program other than AVG?

Back in June, I mentioned a couple, you didn't come back to me on that
If Symantec's is expired, you may want to replace both the AntiVirus and Firewall
Is that what you want?

[weasel096]

I did all you said to do.  

Still getting 100% cpu usage from svchost.exe.

Yes i would like to replace antivirus and firewall.

[guestolo]

I can only make a suggestion, but why not try a combination of free Zone Alarm and Free AntiVir
AntiVir doesn't include an email scanner in the free version
But if you do try and open an infected attachment, it will prompt you to quarantine/delete, etc
However, Zone Alarm does include an Email Mailsafe
As described in this link
http://forums.zonelabs.com/zonelabs/board/...;message.id=504
Edit>>Free version will scan .vbs files only, but Avira should not allow you to open a bad attachment of other file extenstions

Before installing both, I would suggest that you do the following
Save both the installers to desktop
First, Go here and download your Free version of Avira AntiVir
http://www.download.com/Avira-AntiVir-Pers...cdlpid=10322935
Save the installer to desktop, but do not install it yet

NEXT:
Go to the following link
http://www.zonealarm.com/store/content/cat...=US&lang=en

At the link click on the Download Now button on the right hand side
You will be directed to another page

Click on ZoneAlarm Firewall button on the right hand side

Save the installer to desktop
This is a downloader
Double click on zaSetup_en.exe to run it
Ensure proper Operating system is selected and click Next
The next step is IMPORTANT!
Select the Radio button to Download ONLY
Click Browse and choose to save the installer to Desktop the click Save
and then choose Next
Wait for the download to complete
Don't install it yet

Afterwards: I would like to see if Windows updates is what's spiking svchost.exe
Go to START>>Control Panel>>Automatic Updates
Select "Turn Off Automatic Updates"
Apply and OK it
Close the Windows Security Alert balloon for now
We'll readjust this later

Next:
Go ahead and uninstall Norton components from Add and Remove programs
Including Firewall and AntiVirus
Note: If you have problems removing any of the above
It's best to run the Norton Removal Tool
after rebooting the computer
I suggest you run this anyways, but it may also remove Norton Go Back, which you would have to reinstall, your option

When all is removed
Double click on zaZA_Setup_en.exe and Run it
Do not confuse this with the first ZA installer, this is the downloaded software installer

UNTICK "Include ZoneAlarm Spy Blocker...."
Then click Next
ZoneAlarm registration is optional, up to you to leave the options ticked or remove them
I prefer to untick them
Click Next
Tick the "I accept the terms...
Click Install

Follow the prompts
Allow to Scan your computer

Reboot when prompted

After that:
Install Avira AntiVir from desktop
Ensure that you have it check for Updates
The first time it updates may take awhile, but allow it time

NOTE: Avira will display a single big Ad on your computer
Don't be alarmed, just click OK at the bottom of the Ad to close it

A scan of your System should then start
If a scan does not start after updating, double click on the Avira icon by the clock (the red/white umbrella)
and select "Scan system now"

Quarantine or delete everything it finds
When the scan is finished
Reboot the computer

Back to the svchost.exe issue
Is it still running at 100% constantly after the computer has been running for a bit?
Can you go back to Automatic Updates in Control Panel
and reset back to "Automatic" >>Apply and OK it

Post a fresh Hijackthis log afterwards, keep me informed how things are running

[weasel096]

Un able to turn off auto updates.

[guestolo]

[quote name=\'weasel096\' post=\'440331\' date=\'Aug 16 2008, 01:25 PM\']Un able to turn off auto updates.[/quote]

Why? Can you explain
Was there an error message or something?

[weasel096]

none of the buttons are able to be ticked.  the one that is checked says  "download updates for me, but let me choose when to install them.  cant change that setting.