Author Topic: For guestolo (Read 2968 times)

omal · « **on:** November 04, 2008, 11:50:56 PM »

My HiJackthis log:

I expect it to be full of crap ^^

-----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:52 PM, on 11/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Plaxo\3.16.0.49\PlaxoHelper_en.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\SoftwareDistribution\Download\a09af09928e177cd9ba61ead21886d9e\update\update.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.wowway.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wowway.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CF46468-AC82-9EC5-5B79-008AA7762D88} - C:\Program Files\Ziztmutr\cgilvgjh.dll (file missing)
O2 - BHO: (no name) - {158A95B4-1F79-3B06-78BF-0424CDB17C2E} - C:\Program Files\Ztqacway\ddikgary.dll (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {261C35B4-9283-6344-C5C0-005CF873D624} - C:\Program Files\Kihxksmy\meghaajp.dll (file missing)
O2 - BHO: (no name) - {2BAD0253-E6F1-0EB1-50C6-08D1DF0D4119} - C:\Program Files\Dljdirmz\tcfjcmjk.dll (file missing)
O2 - BHO: (no name) - {39C6B6C8-E01E-3175-B583-04FDA1EE088B} - C:\Program Files\Cunzkvux\zruxevfi.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {62780D18-D103-03D3-323A-01F43008B839} - C:\Program Files\Zmdzdabd\bwbgrxmn.dll (file missing)
O2 - BHO: (no name) - {65FF10BB-F36A-68E9-AA35-02257E958C1F} - C:\Program Files\Esjocaup\goncrdzw.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {CC358019-D328-40B4-8E2D-818CE142616C} - C:\WINDOWS\system32\rqrspqq.dll (file missing)
O2 - BHO: PersonalWebBHO - {D35980CB-66DF-477B-BF63-64EB8F48CB3A} - C:\Program Files\Claria\PersonalWeb\PersonalWebIE_v1108.dll
O2 - BHO: (no name) - {D5FD0C23-8963-4741-BF49-EC79463ABF08} - C:\WINDOWS\system32\geedc.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [PkIifOLC9] C:\WINDOWS\prabjnbr.exe
O4 - HKLM\..\Run: [Â¢â€°Â¸K0Â¨4W
}Ã¯ÃzÃ®[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\prabjnbr.exe
O4 - HKLM\..\Run: [Â¢â€°Â¸K0Â¨4W
}Ã¯ÃzÃ®Å¾igÃC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\prabjnbr.exe
O4 - HKLM\..\Run: [Â¢â€°Â¸K0Ã¦quot;@Ã¦quot;ÃÃ]Â§Ãº"Ã¼â€°Ã¼Å¾iC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\prabjnbr.exe
O4 - HKLM\..\Run: [Â¢â€°Â¸K0Ã¦quot;@Ã¦quot;ÃÃ]Â§Ãº"Ã¼â€°Â¸K0C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\prabjnbr.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Â¢â€°Â¸K0Ã¦quot;ÃÃ]Â§Ãº"Ã¼â€°Ã¼Å¾igÃC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\prabjnbr.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [PersonalWeb] "C:\Program Files\Claria\PersonalWeb\PersonalWeb.exe"
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\system32\tqtgcydh.dll",sitypnow
O4 - HKLM\..\Run: [durmvufi] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\durmvufi.dll"
O4 - HKLM\..\Run: [lolyboho] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\lolyboho.dll"
O4 - HKLM\..\Run: [dsbgrora] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\dsbgrora.dll"
O4 - HKLM\..\Run: [bideberg] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\bideberg.dll"
O4 - HKLM\..\Run: [ejkhupqb] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ejkhupqb.dll"
O4 - HKLM\..\Run: [tefovmzc] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\tefovmzc.dll"
O4 - HKLM\..\Run: [ubcnurin] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ubcnurin.dll"
O4 - HKLM\..\Run: [kvilmxah] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\kvilmxah.dll"
O4 - HKLM\..\Run: [evcpodwp] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\evcpodwp.dll"
O4 - HKLM\..\Run: [cbqjefur] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\cbqjefur.dll"
O4 - HKLM\..\Run: [qrgnwjut] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\qrgnwjut.dll"
O4 - HKLM\..\Run: [otepcjgz] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\otepcjgz.dll"
O4 - HKLM\..\Run: [yhipebkr] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\yhipebkr.dll"
O4 - HKLM\..\Run: [lsxahobc] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\lsxahobc.dll"
O4 - HKLM\..\Run: [dejuvqhq] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\dejuvqhq.dll"
O4 - HKLM\..\Run: [gzivqhgh] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\gzivqhgh.dll"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.16.0.49\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.16.0.49\PlaxoSysTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKLM\..\Policies\Explorer\Run: [aAFgPd1P3X] rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: download.adobe.com
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: www.agesanctuary.com
O15 - Trusted Zone: *.agesanctuary.com
O15 - Trusted Zone: http://www.airsoftforum.com
O15 - Trusted Zone: http://www.wireless.att.com
O15 - Trusted Zone: http://www.azlyrics.com
O15 - Trusted Zone: http://www.cbs.com
O15 - Trusted Zone: dl.cdn-downloads.com
O15 - Trusted Zone: http://www.comedycentral.com
O15 - Trusted Zone: http://monopoly.corsis.com
O15 - Trusted Zone: http://www.dodge.com
O15 - Trusted Zone: www.dvdzip.org
O15 - Trusted Zone: http://dnama.dyndns.org
O15 - Trusted Zone: http://www.exoticcarrental.com
O15 - Trusted Zone: http://www.eyeslipsface.com
O15 - Trusted Zone: http://halo2.filefront.com
O15 - Trusted Zone: http://*.findmeatune.com
O15 - Trusted Zone: http://www.forbes.com
O15 - Trusted Zone: http://www.fox.com
O15 - Trusted Zone: http://www.fraps.com
O15 - Trusted Zone: http://www.freedownloadscenter.com
O15 - Trusted Zone: www.games.com
O15 - Trusted Zone: http://www.games.com
O15 - Trusted Zone: download2.gamespot.com
O15 - Trusted Zone: www.heatwolephoto.com
O15 - Trusted Zone: http://aom.heavengames.com
O15 - Trusted Zone: http://www.hobbytron.com
O15 - Trusted Zone: www.igzones.com
O15 - Trusted Zone: www.igzones.net
O15 - Trusted Zone: downloadmirror.intel.com
O15 - Trusted Zone: http://www.macomb.k12.mi.us
O15 - Trusted Zone: http://www.limewire.com
O15 - Trusted Zone: http://www.liveperson.com
O15 - Trusted Zone: cnn-4.vo.llnwd.net
O15 - Trusted Zone: http://classifieds.macombdaily.com
O15 - Trusted Zone: fpdownload.macromedia.com
O15 - Trusted Zone: http://www.maidmarian.com
O15 - Trusted Zone: http://www.mapquest.com
O15 - Trusted Zone: http://*.megavideo.com
O15 - Trusted Zone: www.micro-sys.dk
O15 - Trusted Zone: http://www.mileyworld.com
O15 - Trusted Zone: http://bb.misd.net
O15 - Trusted Zone: rsddownload.motorola.com
O15 - Trusted Zone: http://www.mozilla.com
O15 - Trusted Zone: http://download.mozilla.org
O15 - Trusted Zone: http://www.mypyramid.gov
O15 - Trusted Zone: http://users.bigpond.net.au
O15 - Trusted Zone: tucows.netnitco.net
O15 - Trusted Zone: ftp-mozilla.netscape.com
O15 - Trusted Zone: http://www.nfl.com
O15 - Trusted Zone: http://www.nick.com
O15 - Trusted Zone: http://www.nintendo.com
O15 - Trusted Zone: www.oxygenxml.com
O15 - Trusted Zone: http://www.pearsonsuccessnet.com
O15 - Trusted Zone: http://www.phunland.com
O15 - Trusted Zone: www.piettes.com
O15 - Trusted Zone: download.piratesonline.com
O15 - Trusted Zone: http://www.playnet.com
O15 - Trusted Zone: http://www.profootballhof.com
O15 - Trusted Zone: http://*.qvc.com
O15 - Trusted Zone: www.readyroom.org
O15 - Trusted Zone: software-dl.real.com
O15 - Trusted Zone: http://www.rivals.com
O15 - Trusted Zone: http://www.roman-empire.net
O15 - Trusted Zone: http://www.rottentomatoes.com
O15 - Trusted Zone: mp3support.sandisk.com
O15 - Trusted Zone: http://www.sega.com
O15 - Trusted Zone: www.sharewareguide.net
O15 - Trusted Zone: http://*.sourceforge.net
O15 - Trusted Zone: http://www.southparkzone.com
O15 - Trusted Zone: *.symantec product downloads
O15 - Trusted Zone: lcsitemain.symantec.com
O15 - Trusted Zone: lcsitemain.symantyc.com
O15 - Trusted Zone: http://mail.tenibac.com
O15 - Trusted Zone: http://*.thefuntimesguide.com
O15 - Trusted Zone: http://www.totalwar.com
O15 - Trusted Zone: www.transformersgame.com
O15 - Trusted Zone: www.trendsecure.com
O15 - Trusted Zone: http://www.verizonwireless.com
O15 - Trusted Zone: www.vob-converter.com
O15 - Trusted Zone: http://upload.wikimedia.org
O15 - Trusted Zone: http://en.wikipedia.org
O15 - Trusted Zone: http://portal.wowway.net
O15 - Trusted Zone: download.yimg.com
O15 - Trusted Zone: http://*.youtube.com
O15 - Trusted Zone: *.zango.com
O15 - Trusted Zone: *.zangocash.com
O15 - Trusted Zone: www.zelda.com
O16 - DPF: {00000005-0000-0000-0000-100011000004} - http://c.imputati.com/l/6cdf283501374c8c07...86362523_35.exe
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/w...en/AMClient.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://download2.citrix.com/FILES/en/produ...rent/ica32t.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.shopathomeselect.com/ward...tall_wm1001.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_2.ocx
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126907207156
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX28.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...rCabInstall.cab
O20 - Winlogon Notify: geedc - C:\WINDOWS\system32\geedc.dll (file missing)
O20 - Winlogon Notify: rqrspqq - rqrspqq.dll (file missing)
O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.wildgames.com/ECS/ECSData/DP/wt..._pack_large.gif
O24 - Desktop Component 1: (no name) - http://portal.wowway.com/templates/maya/im...els_date_bg.gif

--
End of file - 21353 bytes

guestolo · « **Reply #1 on:** November 04, 2008, 11:57:40 PM »

Quote

I expect it to be full of crap

Yes it is
Can you do the following

Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< and save it to your desktop.

Double click on RSIT.exe to launch program.
Click Continue at the disclaimer screen.
Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
Once it has finished, two logs will open: log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].

Can you post Both those logs please

omal · « **Reply #2 on:** November 05, 2008, 12:39:08 AM »

log.txt :-------------------------------------------------------------------------------------------------[size="2"]Logfile of random's system information tool 1.04 (written by random/random)Run by Owner at 2008-11-05 00:33:48Microsoft Windows XP Home Edition Service Pack 2System drive C: has 60 GB (55%) free of 109 GBTotal RAM: 504 MB (31% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:34:00 AM, on 11/05/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\System32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exeC:\Program Files\Softex\OmniPass\Omniserv.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\wanmpsvc.exeC:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\ps2.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exeC:\Program Files\WildTangent\Apps\GameChannel.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exeC:\WINDOWS\system32\igfxtray.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\LTMSG.exeC:\Program Files\WildTangent\Apps\CDA\GameDrvr.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Plaxo\3.16.0.49\PlaxoHelper_en.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exeC:\Program Files\interMute\SpamSubtract\SpamSubtract.exeC:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exeC:\Program Files\Java\jre1.6.0_02\bin\jucheck.exeC:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exeC:\Program Files\Softex\OmniPass\OPXPApp.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\System32\taskmgr.exeC:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\O5I3SLYB\RSIT[1].exeC:\Program Files\Trend Micro\HijackThis\Owner.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.wowway.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wowway.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {0CF46468-AC82-9EC5-5B79-008AA7762D88} - C:\Program Files\Ziztmutr\cgilvgjh.dll (file missing)O2 - BHO: (no name) - {158A95B4-1F79-3B06-78BF-0424CDB17C2E} - C:\Program Files\Ztqacway\ddikgary.dll (file missing)O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dllO2 - BHO: (no name) - {261C35B4-9283-6344-C5C0-005CF873D624} - C:\Program Files\Kihxksmy\meghaajp.dll (file missing)O2 - BHO: (no name) - {2BAD0253-E6F1-0EB1-50C6-08D1DF0D4119} - C:\Program Files\Dljdirmz\tcfjcmjk.dll (file missing)O2 - BHO: (no name) - {39C6B6C8-E01E-3175-B583-04FDA1EE088B} - C:\Program Files\Cunzkvux\zruxevfi.dll (file missing)O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: (no name) - {62780D18-D103-03D3-323A-01F43008B839} - C:\Program Files\Zmdzdabd\bwbgrxmn.dll (file missing)O2 - BHO: (no name) - {65FF10BB-F36A-68E9-AA35-02257E958C1F} - C:\Program Files\Esjocaup\goncrdzw.dll (file missing)O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dllO2 - BHO: (no name) - {CC358019-D328-40B4-8E2D-818CE142616C} - C:\WINDOWS\system32\rqrspqq.dll (file missing)O2 - BHO: PersonalWebBHO - {D35980CB-66DF-477B-BF63-64EB8F48CB3A} - C:\Program Files\Claria\PersonalWeb\PersonalWebIE_v1108.dllO2 - BHO: (no name) - {D5FD0C23-8963-4741-BF49-EC79463ABF08} - C:\WINDOWS\system32\geedc.dll (file missing)O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetectO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exeO4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exeO4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"O4 - HKLM\..\Run: [PkIifOLC9] C:\WINDOWS\prabjnbr.exeO4 - HKLM\..\Run: [Â¢â€°Â¸K0Â¨4W}Ã¯ÃzÃ®[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\prabjnbr.exeO4 - HKLM\..\Run: [Â¢â€°Â¸K0Â¨4W}Ã¯ÃzÃ®Å¾igÃC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\prabjnbr.exeO4 - HKLM\..\Run: [Â¢â€°Â¸K0Ã¦quot;@Ã¦quot;ÃÃ]Â§Ãº"Ã¼â€°Ã¼Å¾iC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\prabjnbr.exeO4 - HKLM\..\Run: [Â¢â€°Â¸K0Ã¦quot;@Ã¦quot;ÃÃ]Â§Ãº"Ã¼â€°Â¸K0C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\prabjnbr.exeO4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exeO4 - HKLM\..\Run: [Â¢â€°Â¸K0Ã¦quot;ÃÃ]Â§Ãº"Ã¼â€°Ã¼Å¾igÃC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\prabjnbr.exeO4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXEO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startupO4 - HKLM\..\Run: [PersonalWeb] "C:\Program Files\Claria\PersonalWeb\PersonalWeb.exe"O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osbootO4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exeO4 - HKLM\..\Run: [smgr] mgrs.exeO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exeO4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\system32\tqtgcydh.dll",sitypnowO4 - HKLM\..\Run: [durmvufi] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\durmvufi.dll"O4 - HKLM\..\Run: [lolyboho] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\lolyboho.dll"O4 - HKLM\..\Run: [dsbgrora] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\dsbgrora.dll"O4 - HKLM\..\Run: [bideberg] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\bideberg.dll"O4 - HKLM\..\Run: [ejkhupqb] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ejkhupqb.dll"O4 - HKLM\..\Run: [tefovmzc] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\tefovmzc.dll"O4 - HKLM\..\Run: [ubcnurin] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ubcnurin.dll"O4 - HKLM\..\Run: [kvilmxah] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\kvilmxah.dll"O4 - HKLM\..\Run: [evcpodwp] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\evcpodwp.dll"O4 - HKLM\..\Run: [cbqjefur] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\cbqjefur.dll"O4 - HKLM\..\Run: [qrgnwjut] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\qrgnwjut.dll"O4 - HKLM\..\Run: [otepcjgz] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\otepcjgz.dll"O4 - HKLM\..\Run: [yhipebkr] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\yhipebkr.dll"O4 - HKLM\..\Run: [lsxahobc] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\lsxahobc.dll"O4 - HKLM\..\Run: [dejuvqhq] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\dejuvqhq.dll"O4 - HKLM\..\Run: [gzivqhgh] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\gzivqhgh.dll"O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHookO4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.16.0.49\PlaxoHelper_en.exe -aO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINIO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.16.0.49\PlaxoSysTray.exeO4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - HKLM\..\Policies\Explorer\Run: [aAFgPd1P3X] rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServerO4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exeO4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exeO4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exeO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO15 - Trusted Zone: download.adobe.comO15 - Trusted Zone: http://www.adobe.comO15 - Trusted Zone: www.agesanctuary.comO15 - Trusted Zone: *.agesanctuary.comO15 - Trusted Zone: http://www.airsoftforum.comO15 - Trusted Zone: http://www.wireless.att.comO15 - Trusted Zone: http://www.azlyrics.comO15 - Trusted Zone: http://www.cbs.comO15 - Trusted Zone: dl.cdn-downloads.comO15 - Trusted Zone: http://www.comedycentral.comO15 - Trusted Zone: http://monopoly.corsis.comO15 - Trusted Zone: http://www.dodge.comO15 - Trusted Zone: www.dvdzip.orgO15 - Trusted Zone: http://dnama.dyndns.orgO15 - Trusted Zone: http://www.exoticcarrental.comO15 - Trusted Zone: http://www.eyeslipsface.comO15 - Trusted Zone: http://halo2.filefront.comO15 - Trusted Zone: http://*.findmeatune.comO15 - Trusted Zone: http://www.forbes.comO15 - Trusted Zone: http://www.fox.comO15 - Trusted Zone: http://www.fraps.comO15 - Trusted Zone: http://www.freedownloadscenter.comO15 - Trusted Zone: www.games.comO15 - Trusted Zone: http://www.games.comO15 - Trusted Zone: download2.gamespot.comO15 - Trusted Zone: www.heatwolephoto.comO15 - Trusted Zone: http://aom.heavengames.comO15 - Trusted Zone: http://www.hobbytron.comO15 - Trusted Zone: www.igzones.comO15 - Trusted Zone: www.igzones.netO15 - Trusted Zone: downloadmirror.intel.comO15 - Trusted Zone: http://www.macomb.k12.mi.usO15 - Trusted Zone: http://www.limewire.comO15 - Trusted Zone: http://www.liveperson.comO15 - Trusted Zone: cnn-4.vo.llnwd.netO15 - Trusted Zone: http://classifieds.macombdaily.comO15 - Trusted Zone: fpdownload.macromedia.comO15 - Trusted Zone: http://www.maidmarian.comO15 - Trusted Zone: images.malwareremoval.comO15 - Trusted Zone: http://www.mapquest.comO15 - Trusted Zone: http://*.megavideo.comO15 - Trusted Zone: www.micro-sys.dkO15 - Trusted Zone: http://www.mileyworld.comO15 - Trusted Zone: http://bb.misd.netO15 - Trusted Zone: rsddownload.motorola.comO15 - Trusted Zone: http://www.mozilla.comO15 - Trusted Zone: http://download.mozilla.orgO15 - Trusted Zone: http://www.mypyramid.govO15 - Trusted Zone: http://users.bigpond.net.auO15 - Trusted Zone: tucows.netnitco.netO15 - Trusted Zone: ftp-mozilla.netscape.comO15 - Trusted Zone: http://www.nfl.comO15 - Trusted Zone: http://www.nick.comO15 - Trusted Zone: http://www.nintendo.comO15 - Trusted Zone: www.oxygenxml.comO15 - Trusted Zone: http://www.pearsonsuccessnet.comO15 - Trusted Zone: http://www.phunland.comO15 - Trusted Zone: www.piettes.comO15 - Trusted Zone: download.piratesonline.comO15 - Trusted Zone: http://www.playnet.comO15 - Trusted Zone: http://www.profootballhof.comO15 - Trusted Zone: http://*.qvc.comO15 - Trusted Zone: www.readyroom.orgO15 - Trusted Zone: software-dl.real.comO15 - Trusted Zone: http://www.rivals.comO15 - Trusted Zone: http://www.roman-empire.netO15 - Trusted Zone: http://www.rottentomatoes.comO15 - Trusted Zone: mp3support.sandisk.comO15 - Trusted Zone: http://www.sega.comO15 - Trusted Zone: www.sharewareguide.netO15 - Trusted Zone: http://*.sourceforge.netO15 - Trusted Zone: http://www.southparkzone.comO15 - Trusted Zone: *.symantec product downloadsO15 - Trusted Zone: lcsitemain.symantec.comO15 - Trusted Zone: lcsitemain.symantyc.comO15 - Trusted Zone: http://mail.tenibac.comO15 - Trusted Zone: http://*.thefuntimesguide.comO15 - Trusted Zone: http://www.totalwar.comO15 - Trusted Zone: www.transformersgame.comO15 - Trusted Zone: www.trendsecure.comO15 - Trusted Zone: http://www.verizonwireless.comO15 - Trusted Zone: www.vob-converter.comO15 - Trusted Zone: http://upload.wikimedia.orgO15 - Trusted Zone: http://en.wikipedia.orgO15 - Trusted Zone: http://portal.wowway.netO15 - Trusted Zone: download.yimg.comO15 - Trusted Zone: http://*.youtube.comO15 - Trusted Zone: *.zango.comO15 - Trusted Zone: *.zangocash.comO15 - Trusted Zone: www.zelda.comO16 - DPF: {00000005-0000-0000-0000-100011000004} - http://c.imputati.com/l/6cdf283501374c8c07...86362523_35.exeO16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/w...en/AMClient.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://download2.citrix.com/FILES/en/produ...rent/ica32t.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.shopathomeselect.com/ward...tall_wm1001.cabO16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cabO16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_2.ocxO16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126907207156O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cabO16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX28.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cabO16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exeO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exeO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cabO16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cabO16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...rCabInstall.cabO20 - Winlogon Notify: geedc - C:\WINDOWS\system32\geedc.dll (file missing)O20 - Winlogon Notify: rqrspqq - rqrspqq.dll (file missing)O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing)O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exeO24 - Desktop Component 0: (no name) - http://www.wildgames.com/ECS/ECSData/DP/wt..._pack_large.gifO24 - Desktop Component 1: (no name) - http://portal.wowway.com/templates/maya/im...els_date_bg.gif--End of file - 21408 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\MP Scheduled Scan.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-05-15 817936][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CF46468-AC82-9EC5-5B79-008AA7762D88}]C:\Program Files\Ziztmutr\cgilvgjh.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{158A95B4-1F79-3B06-78BF-0424CDB17C2E}]C:\Program Files\Ztqacway\ddikgary.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}]C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 163906][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{261C35B4-9283-6344-C5C0-005CF873D624}]C:\Program Files\Kihxksmy\meghaajp.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2BAD0253-E6F1-0EB1-50C6-08D1DF0D4119}]C:\Program Files\Dljdirmz\tcfjcmjk.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39C6B6C8-E01E-3175-B583-04FDA1EE088B}]C:\Program Files\Cunzkvux\zruxevfi.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62780D18-D103-03D3-323A-01F43008B839}]C:\Program Files\Zmdzdabd\bwbgrxmn.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65FF10BB-F36A-68E9-AA35-02257E958C1F}]C:\Program Files\Esjocaup\goncrdzw.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL [2008-10-15 107896][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-05-31 2554944][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-22 652784][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC358019-D328-40B4-8E2D-818CE142616C}]C:\WINDOWS\system32\rqrspqq.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D35980CB-66DF-477B-BF63-64EB8F48CB3A}]PersonalWebBHO - C:\Program Files\Claria\PersonalWeb\PersonalWebIE_v1108.dll [2006-05-30 601600][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FD0C23-8963-4741-BF49-EC79463ABF08}]C:\WINDOWS\system32\geedc.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-05-15 817936]{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-05-31 2554944][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-21 126976]"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-05-03 4640768]"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect []"PS2"=C:\WINDOWS\system32\ps2.exe [2002-07-31 81920]"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe [2003-03-27 172032]"WT GameChannel"=C:\Program Files\WildTangent\Apps\GameChannel.exe [2003-04-30 184784]"QuickFinder Scheduler"=c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE [2003-03-07 77887]"PkIifOLC9"=C:\WINDOWS\prabjnbr.exe []"Â¢â€°Â¸K0Â¨4W}Ã¯ÃzÃ®[8C:\Program Files\ISTsvc\istsvc.exe"=C:\WINDOWS\prabjnbr.exe []"Â¢â€°Â¸K0Â¨4W}Ã¯ÃzÃ®Å¾igÃC:\Program Files\ISTsvc\istsvc.exe"=C:\WINDOWS\prabjnbr.exe []"Â¢â€°Â¸K0Ã¦quot;@Ã¦quot;ÃÃ]Â§Ãº"Ã¼â€°Ã¼Å¾iC:\Program Files\ISTsvc\istsvc.exe"=C:\WINDOWS\prabjnbr.exe []"Â¢â€°Â¸K0Ã¦quot;@Ã¦quot;ÃÃ]Â§Ãº"Ã¼â€°Â¸K0C:\Program Files\ISTsvc\istsvc.exe"=C:\WINDOWS\prabjnbr.exe []"mmtask"=C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [2004-09-22 53248]"Â¢â€°Â¸K0Ã¦quot;ÃÃ]Â§Ãº"Ã¼â€°Ã¼Å¾igÃC:\Program Files\ISTsvc\istsvc.exe"=C:\WINDOWS\prabjnbr.exe []"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-21 155648]"Spam Blocker for Outlook Express"=C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe []"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]"LTMSG"=LTMSG.exe 7 []"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]"SpySpotter System Defender"=C:\Program Files\SpySpotter3\Defender.exe -startup []"PersonalWeb"=C:\Program Files\Claria\PersonalWeb\PersonalWeb.exe []"MsgCenterExe"=C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe -osboot []"avp"=C:\WINDOWS\avp.exe []"smgr"=mgrs.exe []"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2006-11-17 77824]"MSOffice"=C:\WINDOWS\system32\tqtgcydh.dll []"durmvufi"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\durmvufi.dll []"lolyboho"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\lolyboho.dll []"dsbgrora"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\dsbgrora.dll []"bideberg"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\bideberg.dll []"ejkhupqb"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\ejkhupqb.dll []"tefovmzc"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\tefovmzc.dll []"ubcnurin"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\ubcnurin.dll []"kvilmxah"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\kvilmxah.dll []"evcpodwp"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\evcpodwp.dll []"cbqjefur"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\cbqjefur.dll []"qrgnwjut"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\qrgnwjut.dll []"otepcjgz"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\otepcjgz.dll []"yhipebkr"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\yhipebkr.dll []"lsxahobc"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\lsxahobc.dll []"dejuvqhq"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\dejuvqhq.dll []"gzivqhgh"=regsvr32 /u C:\Documents and Settings\All Users\Application Data\gzivqhgh.dll [][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]"aAFgPd1P3X"=C:\WINDOWS\system32\ndaTqsVqrX.dll [][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"NVIEW"=C:\WINDOWS\System32\nview.dll [2003-05-03 835654]"MoneyAgent"=C:\Program Files\Microsoft Money\System\mnyexpr.exe [2002-07-17 200767]"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []"PlaxoUpdate"=C:\Program Files\Plaxo\3.16.0.49\PlaxoHelper_en.exe [2008-10-04 369223]"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-04-06 68856]"SpeedItUpEX"=C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI []"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]"PlaxoSysTray"=C:\Program Files\Plaxo\3.16.0.49\PlaxoSysTray.exe [2008-10-04 20480]"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]C:\Documents and Settings\All Users\Start Menu\Programs\StartupAdobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeCompaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exePI Monitor.lnk - C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exeQuicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exeC:\Documents and Settings\Owner\Start Menu\Programs\StartupAdobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exespamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\geedc]C:\WINDOWS\system32\geedc.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]C:\WINDOWS\System32\igfxsrvc.dll [2005-06-21 348160][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina]C:\Program Files\Softex\OmniPass\opxpgina.dll [2003-02-21 40960][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrspqq]rqrspqq.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]C:\WINDOWS\System32\WgaLogon.dll [2007-03-15 236928][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winccf32]winccf32.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{CC358019-D328-40B4-8E2D-818CE142616C}"=C:\WINDOWS\system32\rqrspqq.dll []"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224][HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=145[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe"="C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe:*:Disabled:BackWeb-1940576""C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk""C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger""C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader""C:\Program Files\Common Files\AOL\1155267434\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1155267434\ee\aolsoftware.exe:*:Enabled:AOL Services""C:\Program Files\Common Files\AOL\1155267434\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1155267434\ee\aim6.exe:*:Enabled:AIM""C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire""C:\Program Files\SwiftSwitch\SwiftSwitch.exe"="C:\Program Files\SwiftSwitch\SwiftSwitch.exe:*:Enabled:SwiftSwitch""C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer""C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)""C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe"="C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion""C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper""C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE"="C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome""C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II""C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OXUBST63\aimexpress.aol[1].com"="C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OXUBST63\aimexpress.aol[1].com:*:Enabled:aimexpress.aol[1]""C:\Program Files\Microsoft Games\Age of Empires\EMPIRES.EXE"="C:\Program Files\Microsoft Games\Age of Empires\EMPIRES.EXE:*:Enabled:Age of Empires""C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YJKKX5NI\Office_Space.avi-downloader[1].exe"="C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YJKKX5NI\Office_Space.avi-downloader[1].exe:*:Enabled:Blizzard Downloader""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3""C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer""C:\Program Files\Common Files\aolshare\sysinfo\sinf.exe"="C:\Program Files\Common Files\aolshare\sysinfo\sinf.exe:*:Enabled:AOL System Information""C:\Program Files\Online Services\AOL80US\InstallEmail Removedexe"="C:\Program Files\Online Services\AOL80US\InstallEmail Removedexe:*:Enabled:America Online""C:\Program Files\America Online 8.0\Email Removedexe"="C:\Program Files\America Online 8.0\Email Removedexe:*:Enabled:America Online 8.0""C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe"="C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe:*:Enabled:Acrobat Reader 5.0""C:\Program Files\Hexacto Games\Lemonade Tycoon\Lemonade.exe"="C:\Program Files\Hexacto Games\Lemonade Tycoon\Lemonade.exe:*:Enabled:Lemonade""C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1""C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)""C:\Program Files\The Creative Assembly\Rome - Total War\RomeTW.exe"="C:\Program Files\The Creative Assembly\Rome - Total War\RomeTW.exe:*:Enabled:Rome: Total War""C:\Program Files\Microsoft Games\Halo Trial\halo.exe"="C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Enabled:Halo""C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade""C:\Program Files\Microsoft Games\Age of Mythology\aom.exe"="C:\Program Files\Microsoft Games\Age of Mythology\aom.exe:*:Enabled:Age of Mythology""C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger""C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server""C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server""C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1""C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]shell\AutoRun\command - G:\LaunchU3.exe -a ======File associations======.reg - open - "regedit.exe" "%1"======List of files/folders created in the last 1 months======2008-11-05 00:33:48 ----D---- C:\rsit2008-11-04 23:41:29 ----D---- C:\Program Files\Trend Micro2008-11-03 20:46:49 ----D---- C:\Documents and Settings\Owner\Application Data\U32008-10-23 21:04:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$2008-10-16 02:05:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$2008-10-16 02:05:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$2008-10-16 02:05:31 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$2008-10-16 02:05:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$2008-10-16 02:04:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$2008-10-16 02:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$2008-10-15 06:40:15 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL2008-10-15 06:40:13 ----D---- C:\Program Files\Symantec2008-10-15 06:38:57 ----D---- C:\Program Files\Norton AntiVirus2008-10-15 06:24:19 ----D---- C:\Documents and Settings\All Users\Application Data\PCSettings2008-10-15 06:24:12 ----D---- C:\Documents and Settings\All Users\Application Data\Norton2008-10-15 06:23:56 ----D---- C:\Program Files\NortonInstaller2008-10-15 06:23:56 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller======List of files/folders modified in the last 1 months======2008-11-05 00:32:12 ----D---- C:\Documents and Settings2008-11-05 00:31:18 ----D---- C:\WINDOWS\system32\CatRoot_bak2008-11-05 00:31:18 ----D---- C:\WINDOWS\system32\CatRoot2008-11-05 00:31:17 ----D---- C:\WINDOWS\system32\CatRoot22008-11-05 00:29:33 ----HD---- C:\WINDOWS\inf2008-11-05 00:26:32 ----D---- C:\WINDOWS\Temp2008-11-04 23:58:35 ----SHD---- C:\WINDOWS\Installer2008-11-04 23:58:22 ----A---- C:\WINDOWS\OEWABLog.txt2008-11-04 23:41:29 ----D---- C:\Program Files2008-11-04 23:29:08 ----D---- C:\Program Files\Plaxo2008-11-04 23:27:59 ----SD---- C:\WINDOWS\Tasks2008-11-04 01:23:57 ----A---- C:\WINDOWS\SchedLgU.Txt2008-11-03 17:12:40 ----D---- C:\WINDOWS\system322008-11-03 16:28:29 ----D---- C:\Program Files\Phun2008-11-03 16:26:05 ----D---- C:\Program Files\Google2008-11-03 16:18:42 ----D---- C:\WINDOWS\Prefetch2008-11-03 16:07:14 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater2008-11-02 09:56:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI2008-10-27 23:54:23 ----D---- C:\Program Files\Mozilla Firefox2008-10-25 23:03:04 ----D---- C:\WINDOWS2008-10-23 21:04:25 ----RSHDC---- C:\WINDOWS\system32\dllcache2008-10-23 21:03:50 ----HD---- C:\WINDOWS\$hf_mig$2008-10-17 00:26:27 ----D---- C:\WINDOWS\.mpr_file_store_322008-10-16 02:05:58 ----A---- C:\WINDOWS\imsins.BAK2008-10-16 02:05:55 ----D---- C:\WINDOWS\system32\drivers2008-10-16 02:02:41 ----D---- C:\Program Files\Internet Explorer2008-10-15 16:58:08 ----A---- C:\YServer.txt2008-10-15 11:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll2008-10-15 07:02:42 ----D---- C:\Program Files\Common Files\Symantec Shared2008-10-15 06:40:54 ----SHD---- C:\System Volume Information2008-10-06 01:01:12 ----D---- C:\Program Files\DivX======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]R1 BHDrvx86;Symantec Heuristics Driver; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\BHDrvx86.sys []R1 ccHP;Symantec Hash Provider; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\ccHPx86.sys []R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081031.001\IDSxpx86.sys []R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-04-11 10624]R1 SRTSPX;SRTSPX; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SRTSPX.SYS []R1 SYMTDI;SYMTDI; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMTDI.SYS []R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2006-11-01 33280]R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-06-21 807998]R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-12-12 652689]R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2004-12-31 28352]R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081104.025\NAVENG.SYS []R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081104.025\NAVEX15.SYS []R3 pfc;Padus ASPI Shell; \??\C:\WINDOWS\System32\drivers\pfc.sys []R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2002-07-30 23808]R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]R3 SRTSP;SRTSP; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SRTSP.SYS []R3 SYMDNS;SYMDNS; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMDNS.SYS []R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []R3 SYMFW;SYMFW; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMFW.SYS []R3 SYMIDS;SYMIDS; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMIDS.SYS []R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-10-15 35888]R3 SYMNDIS;SYMNDIS; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMNDIS.SYS []R3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMREDRV.SYS []R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-05-01 33588]S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-04 37376]S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-17 391424]S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]S3 Fadpu16E;Fadpu16E; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\Fadpu16E.sys []S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera; C:\WINDOWS\system32\DRIVERS\mr97310v.sys [2004-03-30 118106]S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]S3 S3Psddr;S3Psddr; C:�

guestolo · « **Reply #3 on:** November 05, 2008, 01:27:14 AM »

Can you do the following
Do what you can and post back what logs your able
Also, follow the instructions closely, I asked that you save RSIT.exe to desktop, which you did not do??

For now, since I know your having problems with Windows Defender
and it may interfere with our next steps. let's disable it's protections

Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

Next:
Download and save to desktop
DelDomains.inf
Right click on DelDomains.inf and choose Install from the menu bar
Don't worry if it appears that nothing happened, this is normal

Next: ==Download [color=\"#FF0000\"]ATF-Cleaner[/color] by Atribune.
Save it to your desktop
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Exit ATF.Cleaner.exe

Do a "System scan only" with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/

O2 - BHO: (no name) - {0CF46468-AC82-9EC5-5B79-008AA7762D88} - C:\Program Files\Ziztmutr\cgilvgjh.dll (file missing)
O2 - BHO: (no name) - {158A95B4-1F79-3B06-78BF-0424CDB17C2E} - C:\Program Files\Ztqacway\ddikgary.dll (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {261C35B4-9283-6344-C5C0-005CF873D624} - C:\Program Files\Kihxksmy\meghaajp.dll (file missing)
O2 - BHO: (no name) - {2BAD0253-E6F1-0EB1-50C6-08D1DF0D4119} - C:\Program Files\Dljdirmz\tcfjcmjk.dll (file missing)
O2 - BHO: (no name) - {39C6B6C8-E01E-3175-B583-04FDA1EE088B} - C:\Program Files\Cunzkvux\zruxevfi.dll (file missing)

O2 - BHO: (no name) - {62780D18-D103-03D3-323A-01F43008B839} - C:\Program Files\Zmdzdabd\bwbgrxmn.dll (file missing)
O2 - BHO: (no name) - {65FF10BB-F36A-68E9-AA35-02257E958C1F} - C:\Program Files\Esjocaup\goncrdzw.dll (file missing)

O2 - BHO: (no name) - {CC358019-D328-40B4-8E2D-818CE142616C} - C:\WINDOWS\system32\rqrspqq.dll (file missing)
O2 - BHO: PersonalWebBHO - {D35980CB-66DF-477B-BF63-64EB8F48CB3A} - C:\Program Files\Claria\PersonalWeb\PersonalWebIE_v1108.dll
O2 - BHO: (no name) - {D5FD0C23-8963-4741-BF49-EC79463ABF08} - C:\WINDOWS\system32\geedc.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe

O4 - HKLM\..\Run: [PkIifOLC9] C:\WINDOWS\prabjnbr.exe
O4 - HKLM\..\Run: [Â¢â€°Â¸K0Â¨4W
}Ã¯ÃzÃ®[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\prabjnbr.exe
O4 - HKLM\..\Run: [Â¢â€°Â¸K0Â¨4W
}Ã¯ÃzÃ®Å¾igÃC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\prabjnbr.exe
O4 - HKLM\..\Run: [Â¢â€°Â¸K0Ã¦quot;@Ã¦quot;ÃÃ]Â§Ãº"Ã¼â€°Ã¼Å¾iC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\prabjnbr.exe
O4 - HKLM\..\Run: [Â¢â€°Â¸K0Ã¦quot;@Ã¦quot;ÃÃ]Â§Ãº"Ã¼â€°Â¸K0C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\prabjnbr.exe

O4 - HKLM\..\Run: [Â¢â€°Â¸K0Ã¦quot;ÃÃ]Â§Ãº"Ã¼â€°Ã¼Å¾igÃC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\prabjnbr.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe

O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [PersonalWeb] "C:\Program Files\Claria\PersonalWeb\PersonalWeb.exe"
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe

O4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\system32\tqtgcydh.dll",sitypnow
O4 - HKLM\..\Run: [durmvufi] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\durmvufi.dll"
O4 - HKLM\..\Run: [lolyboho] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\lolyboho.dll"
O4 - HKLM\..\Run: [dsbgrora] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\dsbgrora.dll"
O4 - HKLM\..\Run: [bideberg] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\bideberg.dll"
O4 - HKLM\..\Run: [ejkhupqb] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ejkhupqb.dll"
O4 - HKLM\..\Run: [tefovmzc] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\tefovmzc.dll"
O4 - HKLM\..\Run: [ubcnurin] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ubcnurin.dll"
O4 - HKLM\..\Run: [kvilmxah] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\kvilmxah.dll"
O4 - HKLM\..\Run: [evcpodwp] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\evcpodwp.dll"
O4 - HKLM\..\Run: [cbqjefur] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\cbqjefur.dll"
O4 - HKLM\..\Run: [qrgnwjut] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\qrgnwjut.dll"
O4 - HKLM\..\Run: [otepcjgz] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\otepcjgz.dll"
O4 - HKLM\..\Run: [yhipebkr] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\yhipebkr.dll"
O4 - HKLM\..\Run: [lsxahobc] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\lsxahobc.dll"
O4 - HKLM\..\Run: [dejuvqhq] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\dejuvqhq.dll"
O4 - HKLM\..\Run: [gzivqhgh] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\gzivqhgh.dll"

O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI

O4 - HKLM\..\Policies\Explorer\Run: [aAFgPd1P3X] rundll32.exe "C:\WINDOWS\system32\ndaTqsVqrX.dll",DllCleanServer

O16 - DPF: {00000005-0000-0000-0000-100011000004} - http://c.imputati.com/l/6cdf283501374c8c07...86362523_35.exe

O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.shopathomeselect.com/ward...tall_wm1001.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...rCabInstall.cab
O20 - Winlogon Notify: geedc - C:\WINDOWS\system32\geedc.dll (file missing)
O20 - Winlogon Notify: rqrspqq - rqrspqq.dll (file missing)
O20 - Winlogon Notify: winccf32 - winccf32.dll (file missing)

O24 - Desktop Component 0: (no name) - http://www.wildgames.com/ECS/ECSData/DP/wt..._pack_large.gif
O24 - Desktop Component 1: (no name) - http://portal.wowway.com/templates/maya/im...els_date_bg.gif

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Access your Add and Remove Programs and Remove all or any of the following you possibly can
PersonalWeb
SelectRebates
Spam Blocker Utility ShopperReports
Spam Blocker Utility Web Tools
Spam Blocker Utility
TopSearch
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebFastConnect
WildTangent GameChannel (remove only)
WildTangent Web Driver

Reboot your computer

Back in Windows

Next: Download this file - Combofix.exe and save it ONLY to your desktop

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
By default it will save a copy to C:\Combofix.txt
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Next:
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

With the log from MBAM
I need to see the log from ComboFix and a fresh Hijackthis log

NOTE: It may take more than one reply to post back all the info
In addition, your last logs were spaced, making it hard to read
Before you copy and of the logs back in Notepad, ensure to click on FORMAT in the top menu bar of the open text file and ensure that WORD WRAP is UNChecked
That will eliminate the spacing

omal · « **Reply #4 on:** November 05, 2008, 01:37:07 AM »

That's a lot of stuff, god i'm not sure how you found about all that, I feel unsecure

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' />. And as for following instructions, I deemed it unessecary to save it to my desktop (still wondering how you figured out that I didn't) as I already got the two documents you wanted.

Lots to do, will post when finished.

guestolo · « **Reply #5 on:** November 05, 2008, 01:42:13 AM »

Well, I'm off to bed soon, so do what you can from the above
Post back any info you can supply afterwards
I'll check the logs as soon as I can

omal · « **Reply #6 on:** November 05, 2008, 01:43:28 AM »

Thanks for your help, I just didn't want all my posts to be all informative and nothing social

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />.

omal · « **Reply #7 on:** November 05, 2008, 07:37:09 PM »

Okay I'm having problems with the combofix.exe file, but I have only tried it once, I'll try again. Also, two identical files named ''dumprep.exe'' are (I think) running a program called ''Microsoft Installer'' that tries to download games to my computer, however, it takes a long time to close and,before the files disappear, take up a LOT of CPU.

Thanks for all your help.

guestolo · « **Reply #8 on:** November 05, 2008, 07:38:47 PM »

Quote

Do what you can and post back what logs your able

omal · « **Reply #9 on:** November 05, 2008, 07:40:15 PM »

I'm just keeping you updated.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #10 on:** November 05, 2008, 08:14:54 PM »

[quote name=\'omal\' post=\'446336\' date=\'Nov 5 2008, 04:40 PM\']I'm just keeping you updated.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' />[/quote]

That's ok, you can keep me informed if you like, I just want to ensure you do as much as you can

omal · « **Reply #11 on:** November 05, 2008, 10:18:50 PM »

MBAM Log

Malwarebytes' Anti-Malware 1.30
Database version: 1368
Windows 5.1.2600 Service Pack 2
2008-11-05 22:10:36
mbam-log-2008-11-05 (22-10-36).txt
Scan type: Quick Scan
Objects scanned: 56331
Time elapsed: 22 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 81
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) ->
Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) ->
Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3c1a06cc-3981-4db9-b5b6-b4b8ecb1d7f2}
(Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9387eaa3-66dc-4da5-b40b-c9d080d6f818}
(Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9cddfbc2-8dc8-4f01-9143-9685d6e16dfc}
(Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cc9aa028-d639-442f-b97d-a2dad8f293a2}
(Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca}
(Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe}
(Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1}
(Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MsSC2 (Trojan.Downloader) ->
Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\system32\wowrlegl (Rogue.Multiple) -> Quarantined and deleted
successfully.
C:\WINDOWS\system32\okqipwgf (Rogue.Multiple) -> Quarantined and deleted
successfully.
Files Infected:
C:\WINDOWS\system32\wowrlegl\bg1.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\wowrlegl\bgtop.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\wowrlegl\bottom1.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\essentials.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\wowrlegl\icon1.ico (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\wowrlegl\install1.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\left1.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\wowrlegl\li.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\wowrlegl\logo.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\wowrlegl\main.htm (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\wowrlegl\mainframe.htm (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\reinstall1.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\wowrlegl\right1.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\s1.htm (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\wowrlegl\s2.htm (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\wowrlegl\s3.htm (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\wowrlegl\SMTop1.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\SMTop2.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\SMTop3.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\SMTop4.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\soft1_off.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\soft1_off_ext.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\wowrlegl\soft1_on.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\soft1_on_ext.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\wowrlegl\soft2_off.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\soft2_off_ext.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\wowrlegl\soft2_on.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\soft2_on_ext.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\wowrlegl\soft3_off.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\soft3_off_ext.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\wowrlegl\soft3_on.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\soft3_on_ext.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\wowrlegl\softbottom_off.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\wowrlegl\softbottom_on.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\wowrlegl\softleft_off.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\wowrlegl\softleft_on.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\wowrlegl\top1.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\wowrlegl\top2.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\wowrlegl\turnoff1.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\wowrlegl\turnon1.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\bg1.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\okqipwgf\bgtop.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\okqipwgf\bottom1.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\essentials.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\okqipwgf\icon1.ico (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\okqipwgf\install1.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\left1.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\okqipwgf\li.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\okqipwgf\logo.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\okqipwgf\main.htm (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\okqipwgf\mainframe.htm (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\reinstall1.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\okqipwgf\right1.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\s1.htm (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\okqipwgf\s2.htm (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\okqipwgf\s3.htm (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\okqipwgf\SMTop1.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\SMTop2.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\SMTop3.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\SMTop4.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\soft1_off.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\soft1_off_ext.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\okqipwgf\soft1_on.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\soft1_on_ext.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\okqipwgf\soft2_off.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\soft2_off_ext.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\okqipwgf\soft2_on.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\soft2_on_ext.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\okqipwgf\soft3_off.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\soft3_off_ext.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\okqipwgf\soft3_on.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\soft3_on_ext.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\okqipwgf\softbottom_off.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\okqipwgf\softbottom_on.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\okqipwgf\softleft_off.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\okqipwgf\softleft_on.gif (Rogue.Multiple) ->
Quarantined and deleted successfully.
C:\WINDOWS\system32\okqipwgf\top1.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\okqipwgf\top2.gif (Rogue.Multiple) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\okqipwgf\turnoff1.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\system32\okqipwgf\turnon1.gif (Rogue.Multiple) -> Quarantined
and deleted successfully.
C:\WINDOWS\Downloaded Program Files\SpamBlockerUtility.inf (Adware.Hotbar)
-> Quarantined and deleted successfully.

omal · « **Reply #12 on:** November 05, 2008, 10:21:18 PM »

Fresh HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:19, on 2008-11-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Plaxo\3.16.0.49\PlaxoHelper_en.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.wowway.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wowway.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.16.0.49\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.16.0.49\PlaxoSysTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: PI Monitor.lnk = C:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.atribune.org
O15 - Trusted Zone: http://download.bleepingcomputer.com
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version4/w...en/AMClient.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://download2.citrix.com/FILES/en/produ...rent/ica32t.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_2.ocx
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126907207156
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX28.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11140 bytes

omal · « **Reply #13 on:** November 05, 2008, 10:22:54 PM »

I was able to do everything, including the ComboFix scan, but I couldn't get a log to save for ComboFix, I have a screenshot showing what it says if you want to see it.

guestolo · « **Reply #14 on:** November 05, 2008, 10:29:56 PM »

Can you check the following location for a log

C:\Combofix.txt

omal · « **Reply #15 on:** November 05, 2008, 10:43:39 PM »

I am afraid I couldn't find it. Here is a picture of the message I received, when I should've received my log.

guestolo · « **Reply #16 on:** November 05, 2008, 10:53:24 PM »

After you seen that message, did you wait for the log to open?
Or did you close Combofix right away

Can you try the following
Ensure Windows Defender is still disabled

Also, can you
delete your copy of ComboFix and try downloading a fresh copy

disable Norton AntiVirus till ComboFix has run it's entirety

Try running it again and see if you can get a log
Give it a bit of time to produce the log if you see that message again, about 10 minutes at most

omal · « **Reply #17 on:** November 05, 2008, 10:59:31 PM »

Will do, right now.

omal · « **Reply #18 on:** November 05, 2008, 11:32:02 PM »

You always know what to do.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

ComboFix Log

ComboFix 08-11-04.02 - Owner 2008-11-05 23:08:47.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.168 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\Common Files\uninstall information
c:\program files\oemji
c:\program files\SecCenter
c:\program files\SideFind
c:\program files\Video Add-on
c:\windows\Casino.ico
c:\windows\cookies.ini
c:\windows\Free Online Dating.ico
c:\windows\IE4 Error Log.txt
c:\windows\PerfInfo
c:\windows\PerfInfo\aAFgPd1P3Xuc.exe
c:\windows\PerfInfo\aAFgPd1P3Xud.exe
c:\windows\ppqvmpqr
c:\windows\ppqvmpqr\1.png
c:\windows\ppqvmpqr\2.png
c:\windows\ppqvmpqr\3.png
c:\windows\ppqvmpqr\4.png
c:\windows\ppqvmpqr\5.png
c:\windows\ppqvmpqr\6.png
c:\windows\ppqvmpqr\bottom-rc.gif
c:\windows\ppqvmpqr\content.png
c:\windows\ppqvmpqr\download.gif
c:\windows\ppqvmpqr\frame-bottom-left.gif
c:\windows\ppqvmpqr\frame-h1bg.gif
c:\windows\ppqvmpqr\head.png
c:\windows\ppqvmpqr\indexuc.html
c:\windows\ppqvmpqr\indexud.html
c:\windows\ppqvmpqr\main.css
c:\windows\ppqvmpqr\net.png
c:\windows\ppqvmpqr\pc-mag.gif
c:\windows\ppqvmpqr\pc.gif
c:\windows\ppqvmpqr\poloska1.png
c:\windows\ppqvmpqr\poloska2.png
c:\windows\ppqvmpqr\poloska3.png
c:\windows\ppqvmpqr\promouc1.html
c:\windows\ppqvmpqr\promouc2.html
c:\windows\ppqvmpqr\promouc3.html
c:\windows\ppqvmpqr\promouc4.html
c:\windows\ppqvmpqr\promouc5.html
c:\windows\ppqvmpqr\promoud1.html
c:\windows\ppqvmpqr\promoud2.html
c:\windows\ppqvmpqr\promoud3.html
c:\windows\ppqvmpqr\promoud4.html
c:\windows\ppqvmpqr\promoud5.html
c:\windows\ppqvmpqr\reg.png
c:\windows\ppqvmpqr\repair.png
c:\windows\ppqvmpqr\scr-1.png
c:\windows\ppqvmpqr\scr-2.png
c:\windows\ppqvmpqr\styles.css
c:\windows\ppqvmpqr\top-rc.gif
c:\windows\ppqvmpqr\vline.gif
c:\windows\Spyware Remover.ico
c:\windows\system32\ahomsoph.ini
c:\windows\system32\ajpypjqi.ini
c:\windows\system32\anxerknx.ini
c:\windows\system32\anyimomx.ini
c:\windows\system32\bbhwgcfy.ini
c:\windows\system32\bejixwqe.ini
c:\windows\system32\bhjeyutl.ini
c:\windows\system32\bhvkjwai.ini
c:\windows\system32\bqfuguax.ini
c:\windows\system32\brjdhhrp.ini
c:\windows\system32\bwqdiqrl.ini
c:\windows\system32\bxgudjfj.ini
c:\windows\system32\carvwxck.ini
c:\windows\system32\ccyhvotr.ini
c:\windows\system32\cdeeg.bak1
c:\windows\system32\cdeeg.bak2
c:\windows\system32\cdeeg.ini
c:\windows\system32\cdeeg.ini2
c:\windows\system32\cdeeg.tmp
c:\windows\system32\ceiadoof.ini
c:\windows\system32\chahwttl.ini
c:\windows\system32\cknrxxfn.ini
c:\windows\system32\coikupyl.ini
c:\windows\system32\config\systemprofile\Application Data\SpamBlockerUtility
c:\windows\system32\coygqbfl.ini
c:\windows\system32\cvrxcuse.ini
c:\windows\system32\dgpihykj.ini
c:\windows\system32\diokravp.ini
c:\windows\system32\dlrafrga.ini
c:\windows\system32\dmjlqcgs.ini
c:\windows\system32\dnyieaaj.ini
c:\windows\system32\docpegif.ini
c:\windows\system32\doevlgyi.ini
c:\windows\system32\ekkavbym.ini
c:\windows\system32\enaavlny.ini
c:\windows\system32\esxsutrd.ini
c:\windows\system32\etfnwsmb.ini
c:\windows\system32\euvnyfkr.ini
c:\windows\system32\fcwrcckm.ini
c:\windows\system32\fefodmqu.ini
c:\windows\system32\ffmuelim.ini
c:\windows\system32\fgpusilp.ini
c:\windows\system32\fomrmlep.ini
c:\windows\system32\fougkynp.ini
c:\windows\system32\fsbkfovf.ini
c:\windows\system32\gbbuxqoy.ini
c:\windows\system32\gbfjncal.ini
c:\windows\system32\ghijvsrc.ini
c:\windows\system32\glgttwtc.ini
c:\windows\system32\gqptvxaw.ini
c:\windows\system32\grghsjbe.ini
c:\windows\system32\gtrgmeyv.ini
c:\windows\system32\hdxkhtey.ini
c:\windows\system32\hdycgtqt.ini
c:\windows\system32\hivlbtav.ini
c:\windows\system32\hmdejtql.ini
c:\windows\system32\horuahqy.ini
c:\windows\system32\hpbfkcnv.ini
c:\windows\system32\hxgkrvhr.ini
c:\windows\system32\ialxondx.ini
c:\windows\system32\iehycnxp.ini
c:\windows\system32\ilcpscuo.ini
c:\windows\system32\inrairdc.ini
c:\windows\system32\instsrv.exe
c:\windows\system32\iwbvvpfe.ini
c:\windows\system32\iyftlokh.ini
c:\windows\system32\jaidtrgw.ini
c:\windows\system32\jalpcvoy.ini
c:\windows\system32\jcdqcijr.ini
c:\windows\system32\jimjykpg.ini
c:\windows\system32\jknkbsrs.ini
c:\windows\system32\jqbttrtr.ini
c:\windows\system32\juvprpba
c:\windows\system32\juvprpba\bg1.gif
c:\windows\system32\juvprpba\bgtop.gif
c:\windows\system32\juvprpba\bottom1.gif
c:\windows\system32\juvprpba\essentials.gif
c:\windows\system32\juvprpba\icon1.ico
c:\windows\system32\juvprpba\install1.gif
c:\windows\system32\juvprpba\left1.gif
c:\windows\system32\juvprpba\li.gif
c:\windows\system32\juvprpba\logo.gif
c:\windows\system32\juvprpba\main.htm
c:\windows\system32\juvprpba\mainframe.htm
c:\windows\system32\juvprpba\reinstall1.gif
c:\windows\system32\juvprpba\right1.gif
c:\windows\system32\juvprpba\s1.htm
c:\windows\system32\juvprpba\s2.htm
c:\windows\system32\juvprpba\s3.htm
c:\windows\system32\juvprpba\SMTop1.gif
c:\windows\system32\juvprpba\SMTop2.gif
c:\windows\system32\juvprpba\SMTop3.gif
c:\windows\system32\juvprpba\SMTop4.gif
c:\windows\system32\juvprpba\soft1_off.gif
c:\windows\system32\juvprpba\soft1_off_ext.gif
c:\windows\system32\juvprpba\soft1_on.gif
c:\windows\system32\juvprpba\soft1_on_ext.gif
c:\windows\system32\juvprpba\soft2_off.gif
c:\windows\system32\juvprpba\soft2_off_ext.gif
c:\windows\system32\juvprpba\soft2_on.gif
c:\windows\system32\juvprpba\soft2_on_ext.gif
c:\windows\system32\juvprpba\soft3_off.gif
c:\windows\system32\juvprpba\soft3_off_ext.gif
c:\windows\system32\juvprpba\soft3_on.gif
c:\windows\system32\juvprpba\soft3_on_ext.gif
c:\windows\system32\juvprpba\softbottom_off.gif
c:\windows\system32\juvprpba\softbottom_on.gif
c:\windows\system32\juvprpba\softleft_off.gif
c:\windows\system32\juvprpba\softleft_on.gif
c:\windows\system32\juvprpba\top1.gif
c:\windows\system32\juvprpba\top2.gif
c:\windows\system32\juvprpba\turnoff1.gif
c:\windows\system32\juvprpba\turnon1.gif
c:\windows\system32\jvsqsnto.ini
c:\windows\system32\kbldkvfs.ini
c:\windows\system32\kdoujikd.ini
c:\windows\system32\kerpocpl.ini
c:\windows\system32\khcygwdn.ini
c:\windows\system32\kifsvivp.ini
c:\windows\system32\kytcbmrq.ini
c:\windows\system32\lglpidua.ini
c:\windows\system32\lijtfftp.ini
c:\windows\system32\lorcpthw.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\mhjfplnf.ini
c:\windows\system32\mhjuqooi.ini
c:\windows\system32\mkhktigo.ini
c:\windows\system32\mmfcywqi.ini
c:\windows\system32\mnsqtvmi.ini
c:\windows\system32\mocmigcw.ini
c:\windows\system32\mpgkqgon.ini
c:\windows\system32\mqssuuwq.ini
c:\windows\system32\mvwocjjf.ini
c:\windows\system32\mwxqyrcs.ini
c:\windows\system32\mydpkrmk.ini
c:\windows\system32\nhiygvii.ini
c:\windows\system32\njprckha
c:\windows\system32\njprckha\bg1.gif
c:\windows\system32\njprckha\bgtop.gif
c:\windows\system32\njprckha\bottom1.gif
c:\windows\system32\njprckha\essentials.gif
c:\windows\system32\njprckha\icon1.ico
c:\windows\system32\njprckha\install1.gif
c:\windows\system32\njprckha\left1.gif
c:\windows\system32\njprckha\li.gif
c:\windows\system32\njprckha\logo.gif
c:\windows\system32\njprckha\main.htm
c:\windows\system32\njprckha\mainframe.htm
c:\windows\system32\njprckha\reinstall1.gif
c:\windows\system32\njprckha\right1.gif
c:\windows\system32\njprckha\s1.htm
c:\windows\system32\njprckha\s2.htm
c:\windows\system32\njprckha\s3.htm
c:\windows\system32\njprckha\SMTop1.gif
c:\windows\system32\njprckha\SMTop2.gif
c:\windows\system32\njprckha\SMTop3.gif
c:\windows\system32\njprckha\SMTop4.gif
c:\windows\system32\njprckha\soft1_off.gif
c:\windows\system32\njprckha\soft1_off_ext.gif
c:\windows\system32\njprckha\soft1_on.gif
c:\windows\system32\njprckha\soft1_on_ext.gif
c:\windows\system32\njprckha\soft2_off.gif
c:\windows\system32\njprckha\soft2_off_ext.gif
c:\windows\system32\njprckha\soft2_on.gif
c:\windows\system32\njprckha\soft2_on_ext.gif
c:\windows\system32\njprckha\soft3_off.gif
c:\windows\system32\njprckha\soft3_off_ext.gif
c:\windows\system32\njprckha\soft3_on.gif
c:\windows\system32\njprckha\soft3_on_ext.gif
c:\windows\system32\njprckha\softbottom_off.gif
c:\windows\system32\njprckha\softbottom_on.gif
c:\windows\system32\njprckha\softleft_off.gif
c:\windows\system32\njprckha\softleft_on.gif
c:\windows\system32\njprckha\top1.gif
c:\windows\system32\njprckha\top2.gif
c:\windows\system32\njprckha\turnoff1.gif
c:\windows\system32\njprckha\turnon1.gif
c:\windows\system32\njvbtmsr.ini
c:\windows\system32\nkhnfors.ini
c:\windows\system32\nt68rrtc12.sys
c:\windows\system32\ntdpsgak.ini
c:\windows\system32\ntenpabt.ini
c:\windows\system32\nuinopsd
c:\windows\system32\nuinopsd\bg1.gif
c:\windows\system32\nuinopsd\bgtop.gif
c:\windows\system32\nuinopsd\bottom1.gif
c:\windows\system32\nuinopsd\essentials.gif
c:\windows\system32\nuinopsd\icon1.ico
c:\windows\system32\nuinopsd\install1.gif
c:\windows\system32\nuinopsd\left1.gif
c:\windows\system32\nuinopsd\li.gif
c:\windows\system32\nuinopsd\logo.gif
c:\windows\system32\nuinopsd\main.htm
c:\windows\system32\nuinopsd\mainframe.htm
c:\windows\system32\nuinopsd\nuinopsd3.exe
c:\windows\system32\nuinopsd\reinstall1.gif
c:\windows\system32\nuinopsd\right1.gif
c:\windows\system32\nuinopsd\s1.htm
c:\windows\system32\nuinopsd\s2.htm
c:\windows\system32\nuinopsd\s3.htm
c:\windows\system32\nuinopsd\SMTop1.gif
c:\windows\system32\nuinopsd\SMTop2.gif
c:\windows\system32\nuinopsd\SMTop3.gif
c:\windows\system32\nuinopsd\SMTop4.gif
c:\windows\system32\nuinopsd\soft1_off.gif
c:\windows\system32\nuinopsd\soft1_off_ext.gif
c:\windows\system32\nuinopsd\soft1_on.gif
c:\windows\system32\nuinopsd\soft1_on_ext.gif
c:\windows\system32\nuinopsd\soft2_off.gif
c:\windows\system32\nuinopsd\soft2_off_ext.gif
c:\windows\system32\nuinopsd\soft2_on.gif
c:\windows\system32\nuinopsd\soft2_on_ext.gif
c:\windows\system32\nuinopsd\soft3_off.gif
c:\windows\system32\nuinopsd\soft3_off_ext.gif
c:\windows\system32\nuinopsd\soft3_on.gif
c:\windows\system32\nuinopsd\soft3_on_ext.gif
c:\windows\system32\nuinopsd\softbottom_off.gif
c:\windows\system32\nuinopsd\softbottom_on.gif
c:\windows\system32\nuinopsd\softleft_off.gif
c:\windows\system32\nuinopsd\softleft_on.gif
c:\windows\system32\nuinopsd\top1.gif
c:\windows\system32\nuinopsd\top2.gif
c:\windows\system32\nuinopsd\turnoff1.gif
c:\windows\system32\nuinopsd\turnon1.gif
c:\windows\system32\nwrhucfv.ini
c:\windows\system32\oflkrfyl.ini
c:\windows\system32\oioibprv.ini
c:\windows\system32\optktxmc.ini
c:\windows\system32\oqavjxac.ini
c:\windows\system32\oxjgncvb.ini
c:\windows\system32\oxrmvpcn.ini
c:\windows\system32\pffuhaha.ini
c:\windows\system32\pfjpleuu.ini
c:\windows\system32\piypxmem.ini
c:\windows\system32\psjrqshk.ini
c:\windows\system32\pvqdluac.ini
c:\windows\system32\qdachcji.ini
c:\windows\system32\qeoglkqx.ini
c:\windows\system32\rbgfmtjf.ini
c:\windows\system32\rbxjgwhl.ini
c:\windows\system32\rdicwlpo.ini
c:\windows\system32\rhepoojg.ini
c:\windows\system32\rhykwpiw.ini
c:\windows\system32\robkkprm.ini
c:\windows\system32\roddwasp.ini
c:\windows\system32\segtxmgx.ini
c:\windows\system32\shqwcsig.ini
c:\windows\system32\sikyjthp.ini
c:\windows\system32\silrmfao.ini
c:\windows\system32\sjahvbyb.ini
c:\windows\system32\skrbyipy.ini
c:\windows\system32\skrobpfd.ini
c:\windows\system32\slanrbwv.ini
c:\windows\system32\sliwhqog.ini
c:\windows\system32\sluoyuvb.ini
c:\windows\system32\smmbklpk.ini
c:\windows\system32\sstediwj.ini
c:\windows\system32\supygvpd.ini
c:\windows\system32\swinekkk.ini
c:\windows\system32\swiodouo.ini
c:\windows\system32\sxersksm.ini
c:\windows\system32\tbisvmxh.ini
c:\windows\system32\tfipdiwu.ini
c:\windows\system32\tjccryhu.ini
c:\windows\system32\tnajlmud.ini
c:\windows\system32\tybpkkgb.ini
c:\windows\system32\tykupole.ini
c:\windows\system32\tymnefve.ini
c:\windows\system32\ucevoufh.ini
c:\windows\system32\ugkhxvhe.ini
c:\windows\system32\ugvfdfdn.ini
c:\windows\system32\uhryefwa.ini
c:\windows\system32\uqghaswj.ini
c:\windows\system32\uqnrvave.ini
c:\windows\system32\uxiassui.ini
c:\windows\system32\vbmhjkkb.ini
c:\windows\system32\vbwypsil.ini
c:\windows\system32\vdnqsrgx.ini
c:\windows\system32\vghaggtm.ini
c:\windows\system32\vxsuaxwq.ini
c:\windows\system32\vybsnqmv.ini
c:\windows\system32\warwytvn.ini
c:\windows\system32\wwiqbnup.ini
c:\windows\system32\xitkcxep.ini
c:\windows\system32\xjchxxer.ini
c:\windows\system32\xqortocn.ini
c:\windows\system32\xsdgdyun.ini
c:\windows\system32\xsiipmin.ini
c:\windows\system32\xsxboqbw.ini
c:\windows\system32\xvvslkgf.ini
c:\windows\system32\xxwiedca.ini
c:\windows\system32\ydchiowo.ini
c:\windows\system32\yiccutgf.ini
c:\windows\system32\yiqghqbw.ini
c:\windows\system32\yjrrbkwi.ini
c:\windows\system32\yrvoiyji.ini
c:\windows\system32\yybogtsb.ini
c:\windows\system32\yyhhtobj.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ZESOFT

((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 )))))))))))))))))))))))))))))))
.

2008-11-05 20:30 . 2008-11-05 20:30 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-11-05 20:29 . 2008-11-05 20:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-05 20:29 . 2008-11-05 20:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-05 20:29 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-05 20:29 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-05 00:33 . 2008-11-05 00:34 <DIR> d-------- C:\rsit
2008-11-04 23:41 . 2008-11-04 23:41 <DIR> d-------- c:\program files\Trend Micro
2008-11-03 20:46 . 2008-11-03 23:57 <DIR> d-------- c:\documents and settings\Owner\Application Data\U3
2008-10-25 23:03 . 2008-10-25 23:03 54,156 --ah----- c:\windows\QTFont.qfn
2008-10-25 23:03 . 2008-10-25 23:03 1,409 --a------ c:\windows\QTFont.for
2008-10-15 06:40 . 2008-10-15 06:40 <DIR> d-------- c:\program files\Symantec
2008-10-15 06:40 . 2008-10-15 06:40 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-10-15 06:40 . 2008-10-15 06:40 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2008-10-15 06:40 . 2008-10-15 06:39 35,888 -ra------ c:\windows\system32\drivers\SymIM.sys
2008-10-15 06:39 . 2008-10-15 06:39 <DIR> d-------- c:\windows\system32\drivers\NAV
2008-10-15 06:38 . 2008-10-15 06:38 <DIR> d-------- c:\program files\Norton AntiVirus
2008-10-15 06:24 . 2008-10-15 06:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\PCSettings
2008-10-15 06:24 . 2008-10-15 06:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2008-10-15 06:23 . 2008-10-15 06:23 <DIR> d-------- c:\program files\NortonInstaller
2008-10-15 06:23 . 2008-10-15 06:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 00:25 --------- d-----w c:\program files\Plaxo
2008-11-05 07:12 --------- d-----w c:\program files\WildTangent
2008-11-05 07:10 --------- d-----w c:\program files\Viewpoint
2008-11-05 07:10 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-05 04:37 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-03 21:28 --------- d-----w c:\program files\Phun
2008-11-03 21:26 --------- d-----w c:\program files\Google
2008-11-02 01:28 30 ----a-w c:\documents and settings\Owner\jagex_runescape_preferences.dat
2008-10-15 12:02 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-15 11:40 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-10-15 11:40 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-10-06 06:01 --------- d-----w c:\program files\DivX
2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-11 22:27 --------- d-----w c:\program files\IGZones
2008-09-07 17:18 --------- d-----w c:\documents and settings\Owner\Application Data\Yahoo!
2008-09-07 09:53 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-09-07 09:47 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-09-07 09:38 --------- d-----w c:\program files\Yahoo!
2008-08-20 05:33 667,648 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:00 2,180,352 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:22 2,057,728 ----a-w c:\windows\system32\ntkrnlpa.exe
2004-04-21 00:46 56 --sh--r c:\windows\system32\32B637D536.sys
.

((((((((((((((((((((((((((((( snapshot@2008-11-05_ 3.22.36.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-06 00:25:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 200767]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [BU]
"PlaxoUpdate"="c:\program files\Plaxo\3.16.0.49\PlaxoHelper_en.exe" [2008-10-04 369223]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-06 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"PlaxoSysTray"="c:\program files\Plaxo\3.16.0.49\PlaxoSysTray.exe" [2008-10-04 20480]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"NVIEW"="nview.dll" [2003-05-03 c:\windows\system32\nview.dll]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-07 27136]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSubtract.exe [2003-07-26 552960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Compaq Connections.lnk - c:\program files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2003-07-24 16384]
PI Monitor.lnk - c:\program files\ArcSoft\PhotoImpression 5\PI Monitor.exe [2006-02-16 86016]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-09-20 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 05:50 40960 c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRESX.EXE"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRES.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Online Services\\AOL80US\\InstallEmail Removedexe"=
"c:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\The Creative Assembly\\Rome - Total War\\RomeTW.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-11-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\cwsgcutz.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-05 23:15:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\winlogon.exe
-> c:\program files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-11-05 23:28:30
ComboFix-quarantined-files.txt 2008-11-06 04:26:58

Pre-Run: 69,525,766,144 bytes free
Post-Run: 69,530,775,552 bytes free

509 --- E O F --- 2008-11-05 11:53:40

guestolo · « **Reply #19 on:** November 05, 2008, 11:42:33 PM »

How are things running on your end now?

News:

Author Topic: For guestolo (Read 2968 times)