Boy has this been a week! Here's a log from combofix, I have now added Stinger, ad-adware2007,vundofix,regcure,spybot 15,HJT,xoftspy,spybot search and destroy. Way too much, and still have it. Have removed IE as browser, and have reinstalled it, and Java. Here's the log
ComboFix 07-11-08.1 - HP_Owner 2007-11-15 16:03:59.9 - NTFSx86
Running from: C:\Documents and Settings\HP_Owner\My Documents\mozilla downloads\ComboFix.exe
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\HP_Owner\Desktop\Live Safety Center.lnk
C:\Documents and Settings\HP_Owner\Desktop\Online Security Guide.lnk
C:\Documents and Settings\HP_Owner\Favorites\Online Security Guide.lnk
C:\WINDOWS\system32\onnmp.bak1
C:\WINDOWS\system32\onnmp.ini
C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\usysykju.dllbox

.
((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 )))))))))))))))))))))))))))))))
.

2007-11-15 15:32 <DIR> d-------- C:\Program Files\RegCure
2007-11-15 15:09 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-15 15:09 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-15 14:30 <DIR> d-------- C:\Program Files\Viewpoint
2007-11-15 14:06 <DIR> d-------- C:\Program Files\XoftSpySE
2007-11-15 01:32 144,480 --a------ C:\WINDOWS\system32\usysykju.dll
2007-11-15 01:32 144,480 --a--c--- C:\WINDOWS\system32\criktbeb.dll
2007-11-15 01:29 71,232 --a--c--- C:\WINDOWS\system32\qnggmrfw.exe
2007-11-14 02:37 6,058,496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-14 02:37 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-14 02:37 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-14 02:37 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-14 02:37 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-14 02:37 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-14 02:37 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-14 02:37 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-14 02:21 37,376 --a------ C:\WINDOWS\system32\nnnnkkk.dll
2007-11-14 02:13 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-11-14 01:47 <DIR> d----c--- C:\VundoFix Backups
2007-11-13 22:43 37,376 --a------ C:\WINDOWS\system32\khfcdba.dll
2007-11-13 22:43 336 --a------ C:\WINDOWS\17PHolmes1188.exe
2007-11-13 22:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-13 20:24 144,480 --a--c--- C:\WINDOWS\system32\aipbnwrm.dll
2007-11-13 20:21 85,056 --a--c--- C:\WINDOWS\system32\bwnknnrh.dll
2007-11-13 20:18 80,448 --a--c--- C:\WINDOWS\system32\jwwspdfs.dll
2007-11-13 20:12 71,232 --a--c--- C:\WINDOWS\system32\eoxejuqf.exe
2007-11-13 05:01 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Roxio
2007-11-13 02:24 <DIR> d-------- C:\Program Files\WinMX Fix v.3.0
2007-11-13 02:24 <DIR> d-------- C:\Program Files\iTunes
2007-11-13 02:24 <DIR> d-------- C:\Program Files\iPod
2007-11-13 02:23 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-11-13 02:23 <DIR> d-------- C:\Program Files\Roxio
2007-11-13 02:23 <DIR> d-------- C:\Program Files\Remove Empty Directories
2007-11-13 02:23 <DIR> d-------- C:\Program Files\Maxis
2007-11-13 02:23 <DIR> d-------- C:\Program Files\InterVideo
2007-11-13 02:23 <DIR> d-------- C:\Program Files\Disney
2007-11-13 02:23 <DIR> d-------- C:\Program Files\Cosmi
2007-11-13 02:23 <DIR> d-------- C:\Program Files\Clipmarks
2007-11-13 02:23 <DIR> d-------- C:\Program Files\BaDoink
2007-11-13 02:23 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-11-13 02:23 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Roxio
2007-11-13 02:22 <DIR> d-------- C:\Program Files\Viewpoint(3)
2007-11-13 02:22 <DIR> d-------- C:\Program Files\Tencent
2007-11-13 02:22 <DIR> d-------- C:\Program Files\MySpace
2007-11-13 02:22 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-13 02:22 <DIR> d-------- C:\audio
2007-11-13 02:05 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion(2)
2007-11-10 13:33 <DIR> d-------- C:\Program Files\AGEIA Technologies(2)
2007-11-09 19:19 <DIR> d-------- C:\Program Files\Aspyr
2007-11-09 15:18 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-08 23:11 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-08 23:09 134 --a--c--- C:\n.bat
2007-11-08 23:08 35,328 --a------ C:\WINDOWS\system32\yayxutq.dll
2007-11-08 23:08 0 --a--c--- C:\z.dat
2007-11-08 23:08 0 --a--c--- C:\x.dat
2007-11-07 15:42 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-11-07 15:42 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-07 15:42 <DIR> d-------- C:\Program Files\Legacy Interactive
2007-11-07 15:42 <DIR> d-------- C:\Program Files\GameSpy
2007-11-07 15:42 <DIR> d-------- C:\Program Files\Firaxis Games
2007-11-07 15:42 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-11-07 15:41 <DIR> d--h----- C:\Program Files\Zero G Registry
2007-11-07 15:41 <DIR> d-------- C:\Program Files\VstPlugins
2007-11-07 15:41 <DIR> d-------- C:\Program Files\UltraISO
2007-11-07 15:41 <DIR> d-------- C:\Program Files\Symantec
2007-11-07 15:41 <DIR> d-------- C:\Program Files\SoundSpectrum
2007-11-07 15:41 <DIR> d-------- C:\Program Files\SD EnterNET
2007-11-07 00:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-11-06 01:20 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-11-04 20:10 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2007-11-04 13:33 <DIR> d----c--- C:\c6616f9bfd906f1ad04bbed7e3dd4f
2007-11-04 13:30 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2007-11-04 13:30 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Sonic
2007-11-04 01:28 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Sierra Entertainment
2007-11-04 01:28 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-03 17:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-10-30 01:47 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Super-Cow
2007-10-29 01:58 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2007-10-29 01:58 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-29 01:58 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2007-10-29 01:58 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2007-10-25 02:25 <DIR> d-------- C:\Program Files\MSECache
2007-10-25 02:05 <DIR> d-------- C:\Program Files\Download Manager
2007-10-24 01:58 143,872 --a------ C:\WINDOWS\system32\iacenc.dll
2007-10-24 01:58 56,832 --a------ C:\WINDOWS\system32\iyvu9_32.dll
2007-10-24 01:44 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\QQ Games Plugin
2007-10-23 18:22 86,082 --a------ C:\WINDOWS\system32\ftdiunin.exe
2007-10-23 18:22 77,890 --a------ C:\WINDOWS\system32\FTLang.dll
2007-10-23 18:22 60,572 --a------ C:\WINDOWS\system32\drivers\ftser2k.sys
2007-10-23 18:22 48,625 --a------ C:\WINDOWS\system32\ftserui2.dll
2007-10-23 18:22 28,449 --a------ C:\WINDOWS\system32\drivers\ftdibus.sys
2007-10-20 12:32 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-10-20 12:32 53,760 --a------ C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-10-20 02:30 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\iWin
2007-10-20 01:36 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2007-10-20 01:36 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2007-10-20 01:36 572,752 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2007-10-20 01:36 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-10-20 01:35 <DIR> d-------- C:\Program Files\coolpro2
2007-10-19 19:01 <DIR> d-------- C:\Program Files\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 20:20 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-15 20:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-15 06:41 --------- d-----w C:\Program Files\Google
2007-11-14 07:28 --------- d-----w C:\Program Files\Trend Micro
2007-11-14 03:07 --------- d-----w C:\Program Files\Java
2007-11-13 22:35 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-13 07:32 --------- d-----w C:\Program Files\Microsoft Games
2007-11-13 07:23 --------- d-----w C:\Program Files\QuickTime
2007-11-13 07:23 --------- d-----w C:\Program Files\LimeWire
2007-11-12 01:31 9,046 -c--a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2007-11-10 18:52 --------- d-----w C:\Program Files\InterActual
2007-11-10 00:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-09 23:12 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\IGN_DLM
2007-11-07 23:53 --------- d-----w C:\Program Files\Common Files\aolshare
2007-11-07 23:53 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-07 20:42 --------- d-----w C:\Program Files\HPQ
2007-11-07 19:22 --------- d-----w C:\Program Files\Yahoo!
2007-11-07 19:22 --------- d-----w C:\Program Files\Support.com
2007-11-07 19:21 --------- d-----w C:\Program Files\Real
2007-11-07 19:21 --------- d-----w C:\Program Files\Online Backup
2007-11-07 19:21 --------- d-----w C:\Program Files\MSN Toolbar Suite
2007-11-07 19:21 --------- d-----w C:\Program Files\MSN Messenger
2007-11-07 19:21 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-11-07 19:21 --------- d-----w C:\Program Files\ICOO Loader
2007-11-07 19:20 --------- d-----w C:\Program Files\GameSpy Arcade
2007-11-04 18:29 --------- d-----w C:\Program Files\Sonic
2007-10-24 06:43 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-22 22:54 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2007-10-20 22:35 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\muvee Technologies
2007-10-20 22:05 --------- d-----w C:\Program Files\AskTBar
2007-10-20 17:52 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2007-10-20 00:11 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Nero
2007-10-20 00:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Nero
2007-10-19 20:13 --------- d-----w C:\Program Files\AusLogics Disk Defrag
2007-10-19 19:47 --------- d-----w C:\Program Files\Common Files\Ahead
2007-10-19 17:47 --------- d-----w C:\Program Files\PConPoint
2007-10-19 17:07 --------- d-----w C:\Program Files\Easy Internet signup
2007-10-19 16:06 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-19 15:52 --------- d-----w C:\Program Files\IncrediMail
2007-10-19 05:37 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Intuit
2007-10-19 05:36 --------- dc----w C:\Documents and Settings\All Users\Application Data\Intuit
2007-10-19 05:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-19 05:20 --------- d-----w C:\Program Files\Common Files\Real
2007-10-19 05:18 --------- d-----w C:\Program Files\AOL Computer Check-Up
2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0f
2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0e
2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0b
2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0
2007-10-19 04:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-10-19 04:40 --------- d-----w C:\Program Files\HP
2007-10-19 04:33 1,716 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_PY208AV-ABA a1030e_YC_0Pavi_QMXG530_E53NAheBLU5_47_ISalmon_SASUSTek Computer INC._V1.04_B3.15_T051019_WXH2_L409_M896_J80_7AMD_8Sempron_91.81_#050913_N1039090
0_Z11C1048C_G10396330.MRK
2007-10-19 04:30 --------- d---a-w C:\Program Files\Common Files\LightScribe
2007-10-19 03:44 --------- d-----w C:\Program Files\Webshots
2007-10-19 02:54 --------- d-----w C:\Program Files\Rhapsody
2007-10-19 02:13 --------- d-----w C:\Program Files\BellSouth
2007-10-19 02:10 132,675 ----a-w C:\Program Files\INSTALL.LOG
2007-10-19 02:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-19 00:17 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\BellSouth
2007-10-19 00:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\BellSouth
2007-10-19 00:04 --------- d-----w C:\Program Files\Common Files\Motive
2007-10-18 23:50 4 -c--a-w C:\WINDOWSRegDefrag.dat
2007-10-17 18:12 --------- d-----w C:\Program Files\DFX
2007-10-17 08:43 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Move Networks
2007-10-17 08:43 --------- dc----w C:\Documents and Settings\All Users\Application Data\yahoo!
2007-10-17 08:43 --------- d--h--r C:\Documents and Settings\HP_Owner\Application Data\yahoo!
2007-10-17 08:42 --------- d-----w C:\Program Files\Common Files\Nullsoft
2007-10-17 08:41 --------- dc----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-17 08:41 --------- d-----w C:\Program Files\Multimedia Transcoding Tool
2007-10-17 08:40 --------- d-----w C:\Program Files\AOL 9.0a
2007-10-17 08:37 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AOL
2007-10-17 05:37 --------- d-----w C:\Program Files\web-radio
2007-10-17 04:09 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-12 04:03 --------- dc----w C:\Documents and Settings\All Users\Application Data\HipSoft
2007-10-11 19:08 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2007-10-10 16:50 --------- d-----w C:\Program Files\ACNielsen
2007-10-06 17:11 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-06 08:43 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\WeatherBug
2007-09-29 19:48 --------- dc----w C:\Documents and Settings\All Users\Application Data\DFX
2007-09-28 18:34 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Babylon
2007-09-24 13:05 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-24 13:05 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-20 13:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 13:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-01-10 17:15 839,684 ----a-w C:\WINDOWS\Fonts\Crack.exe
2007-01-10 17:15 839,683 --sh--w C:\WINDOWS\Fonts\svchost.exe
2006-11-12 18:42 0 ----a-w C:\Program Files\Common Files\err.log
2006-09-19 18:10 1 -c--a-w C:\Documents and Settings\HP_Owner\SI.bin
2006-05-10 18:26 299 -c--a-w C:\Documents and Settings\HP_Owner\Application Data\internaldb1942.dat
2006-01-26 20:53 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-01-10 17:15:15 839,683 --sh--w C:\WINDOWS\Fonts\svchost.exe
2005-11-15 21:39:10 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-15 01:32 144480 --a------ C:\WINDOWS\system32\usysykju.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d91edfd0-519c-4707-8869-95221c3f4bc3}]
2007-11-13 20:18 80448 --a--c--- C:\WINDOWS\system32\jwwspdfs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}]
2007-11-14 02:21 37376 --a------ C:\WINDOWS\system32\nnnnkkk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\usysykju.dll [2007-11-15 01:32 144480]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\usysykju.dll [2007-11-15 01:32 144480]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-01-05 01:54 C:\WINDOWS\system32\SiSPower.dll]
"CTHelper"="CTHELPER.EXE" [2003-11-14 03:18 C:\WINDOWS\system32\CTHELPER.EXE]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 10:00]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 11:07]
"tgcmd"="C:\Program Files\Support.com\BellSouth\hcenter.exe" [2005-08-31 13:14]
"ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 12:12]
"AT&T Internet Security Suite"="C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe" [2007-06-28 15:09]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-18 21:47]
"HostManager"="C:\Program Files\Common Files\AOL\1192809728\ee\AOLSoftware.exe" [2007-04-12 16:23]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-08-30 13:04]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 18:14]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 00:34]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-11-16 13:55]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-01-10 12:15]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-03 23:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-10-09 11:02]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 16:57]
"AOL Fast Start"="C:\Program Files\AOL 9.0b\AOL.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:00]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 17:11]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-10-18 22:05]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-14 12:32]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"=MIDIDEF.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}"= C:\WINDOWS\system32\nnnnkkk.dll [2007-11-14 02:21 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnkkk]
nnnnkkk.dll 2007-11-14 02:21 37376 C:\WINDOWS\system32\nnnnkkk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\usysykju]
usysykju.dll 2007-11-15 01:32 144480 C:\WINDOWS\system32\usysykju.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnno.dll

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e29e2fbc-b976-11d9-bac2-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-11-12 19:06:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-03 03:55:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2007-11-12 13:57:00 C:\WINDOWS\Tasks\Find Duplicate Files.job"
- C:\PROGRA~1\ADVANC~1\finddupe.exe
"2007-11-09 21:45:01 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe
"2007-05-23 02:40:25 C:\WINDOWS\Tasks\HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe
"2007-05-28 00:35:29 C:\WINDOWS\Tasks\HubTask 2 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe
"2007-11-15 21:15:20 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-15 20:35:48 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-15 21:17:03 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
"2007-11-15 21:15:21 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-11-15 19:06:20 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-15 16:15:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-15 16:22:04 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-15 13:19
C:\ComboFix3.txt ... 2007-11-15 12:54
.
--- E O F ---

and it happened again! I have Incredemail, could that be infected , here's the latest log

ComboFix 07-11-08.1 - HP_Owner 2007-11-15 18:09:22.10 - NTFSx86
Running from: C:\Documents and Settings\HP_Owner\My Documents\mozilla downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\HP_Owner\Desktop\Live Safety Center.lnk
C:\Documents and Settings\HP_Owner\Desktop\Online Security Guide.lnk
C:\Documents and Settings\HP_Owner\Favorites\Online Security Guide.lnk
C:\WINDOWS\system32\ihkmp.bak1
C:\WINDOWS\system32\ihkmp.ini
C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\usysykju.dllbox

.
((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 )))))))))))))))))))))))))))))))
.

2007-11-15 17:11 <DIR> d-------- C:\Program Files\Viewpoint
2007-11-15 15:32 <DIR> d-------- C:\Program Files\RegCure
2007-11-15 15:09 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-15 15:09 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-15 14:06 <DIR> d-------- C:\Program Files\XoftSpySE
2007-11-15 01:32 144,480 --a--c--- C:\WINDOWS\system32\criktbeb.dll
2007-11-15 01:29 71,232 --a--c--- C:\WINDOWS\system32\qnggmrfw.exe
2007-11-14 02:37 6,058,496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-14 02:37 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-14 02:37 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-14 02:37 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-14 02:37 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-14 02:37 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-14 02:37 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-14 02:37 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-14 02:21 37,376 --a------ C:\WINDOWS\system32\nnnnkkk.dll
2007-11-14 02:13 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-11-14 01:47 <DIR> d----c--- C:\VundoFix Backups
2007-11-13 22:43 37,376 --a------ C:\WINDOWS\system32\khfcdba.dll
2007-11-13 22:43 336 --a------ C:\WINDOWS\17PHolmes1188.exe
2007-11-13 22:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-13 20:24 144,480 --a--c--- C:\WINDOWS\system32\aipbnwrm.dll
2007-11-13 20:21 85,056 --a--c--- C:\WINDOWS\system32\bwnknnrh.dll
2007-11-13 20:18 80,448 --a--c--- C:\WINDOWS\system32\jwwspdfs.dll
2007-11-13 20:12 71,232 --a--c--- C:\WINDOWS\system32\eoxejuqf.exe
2007-11-13 05:01 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Roxio
2007-11-13 02:24 <DIR> d-------- C:\Program Files\WinMX Fix v.3.0
2007-11-13 02:24 <DIR> d-------- C:\Program Files\iTunes
2007-11-13 02:24 <DIR> d-------- C:\Program Files\iPod
2007-11-13 02:23 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-11-13 02:23 <DIR> d-------- C:\Program Files\Roxio
2007-11-13 02:23 <DIR> d-------- C:\Program Files\Remove Empty Directories
2007-11-13 02:23 <DIR> d-------- C:\Program Files\Maxis
2007-11-13 02:23 <DIR> d-------- C:\Program Files\InterVideo
2007-11-13 02:23 <DIR> d-------- C:\Program Files\Disney
2007-11-13 02:23 <DIR> d-------- C:\Program Files\Cosmi
2007-11-13 02:23 <DIR> d-------- C:\Program Files\Clipmarks
2007-11-13 02:23 <DIR> d-------- C:\Program Files\BaDoink
2007-11-13 02:23 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-11-13 02:23 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Roxio
2007-11-13 02:22 <DIR> d-------- C:\Program Files\Viewpoint(3)
2007-11-13 02:22 <DIR> d-------- C:\Program Files\Tencent
2007-11-13 02:22 <DIR> d-------- C:\Program Files\MySpace
2007-11-13 02:22 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-13 02:22 <DIR> d-------- C:\audio
2007-11-13 02:05 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion(2)
2007-11-10 13:33 <DIR> d-------- C:\Program Files\AGEIA Technologies(2)
2007-11-09 19:19 <DIR> d-------- C:\Program Files\Aspyr
2007-11-09 15:18 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-08 23:11 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-08 23:09 134 --a--c--- C:\n.bat
2007-11-08 23:08 35,328 --a------ C:\WINDOWS\system32\yayxutq.dll
2007-11-08 23:08 0 --a--c--- C:\z.dat
2007-11-08 23:08 0 --a--c--- C:\x.dat
2007-11-07 15:42 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-11-07 15:42 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-07 15:42 <DIR> d-------- C:\Program Files\Legacy Interactive
2007-11-07 15:42 <DIR> d-------- C:\Program Files\GameSpy
2007-11-07 15:42 <DIR> d-------- C:\Program Files\Firaxis Games
2007-11-07 15:42 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-11-07 15:41 <DIR> d--h----- C:\Program Files\Zero G Registry
2007-11-07 15:41 <DIR> d-------- C:\Program Files\VstPlugins
2007-11-07 15:41 <DIR> d-------- C:\Program Files\UltraISO
2007-11-07 15:41 <DIR> d-------- C:\Program Files\Symantec
2007-11-07 15:41 <DIR> d-------- C:\Program Files\SoundSpectrum
2007-11-07 15:41 <DIR> d-------- C:\Program Files\SD EnterNET
2007-11-07 00:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-11-06 01:20 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-11-04 20:10 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2007-11-04 13:33 <DIR> d----c--- C:\c6616f9bfd906f1ad04bbed7e3dd4f
2007-11-04 13:30 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2007-11-04 13:30 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Sonic
2007-11-04 01:28 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Sierra Entertainment
2007-11-04 01:28 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-03 17:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-10-30 01:47 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Super-Cow
2007-10-29 01:58 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2007-10-29 01:58 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-29 01:58 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2007-10-29 01:58 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2007-10-25 02:25 <DIR> d-------- C:\Program Files\MSECache
2007-10-25 02:05 <DIR> d-------- C:\Program Files\Download Manager
2007-10-24 01:58 143,872 --a------ C:\WINDOWS\system32\iacenc.dll
2007-10-24 01:58 56,832 --a------ C:\WINDOWS\system32\iyvu9_32.dll
2007-10-24 01:44 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\QQ Games Plugin
2007-10-23 18:22 86,082 --a------ C:\WINDOWS\system32\ftdiunin.exe
2007-10-23 18:22 77,890 --a------ C:\WINDOWS\system32\FTLang.dll
2007-10-23 18:22 60,572 --a------ C:\WINDOWS\system32\drivers\ftser2k.sys
2007-10-23 18:22 48,625 --a------ C:\WINDOWS\system32\ftserui2.dll
2007-10-23 18:22 28,449 --a------ C:\WINDOWS\system32\drivers\ftdibus.sys
2007-10-20 12:32 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-10-20 12:32 53,760 --a------ C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-10-20 02:30 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\iWin
2007-10-20 01:36 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2007-10-20 01:36 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2007-10-20 01:36 572,752 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2007-10-20 01:36 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-10-20 01:35 <DIR> d-------- C:\Program Files\coolpro2
2007-10-19 19:01 <DIR> d-------- C:\Program Files\Nero
2007-10-19 19:01 <DIR> d-------- C:\Program Files\Common Files\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 22:05 --------- d-----w C:\Program Files\Advanced System Optimizer
2007-11-15 21:55 --------- d-----w C:\Program Files\Trend Micro
2007-11-15 20:20 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-15 20:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-15 06:41 --------- d-----w C:\Program Files\Google
2007-11-14 03:07 --------- d-----w C:\Program Files\Java
2007-11-13 22:35 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-13 07:32 --------- d-----w C:\Program Files\Microsoft Games
2007-11-13 07:23 --------- d-----w C:\Program Files\QuickTime
2007-11-13 07:23 --------- d-----w C:\Program Files\LimeWire
2007-11-12 01:31 9,046 -c--a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2007-11-10 18:52 --------- d-----w C:\Program Files\InterActual
2007-11-10 00:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-09 23:12 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\IGN_DLM
2007-11-07 23:53 --------- d-----w C:\Program Files\Common Files\aolshare
2007-11-07 23:53 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-07 20:42 --------- d-----w C:\Program Files\HPQ
2007-11-07 19:22 --------- d-----w C:\Program Files\Yahoo!
2007-11-07 19:22 --------- d-----w C:\Program Files\Support.com
2007-11-07 19:21 --------- d-----w C:\Program Files\Real
2007-11-07 19:21 --------- d-----w C:\Program Files\Online Backup
2007-11-07 19:21 --------- d-----w C:\Program Files\MSN Toolbar Suite
2007-11-07 19:21 --------- d-----w C:\Program Files\MSN Messenger
2007-11-07 19:21 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-11-07 19:21 --------- d-----w C:\Program Files\ICOO Loader
2007-11-07 19:20 --------- d-----w C:\Program Files\GameSpy Arcade
2007-11-04 18:29 --------- d-----w C:\Program Files\Sonic
2007-10-24 06:43 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-22 22:54 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2007-10-20 22:35 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\muvee Technologies
2007-10-20 22:05 --------- d-----w C:\Program Files\AskTBar
2007-10-20 17:52 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2007-10-20 00:11 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Nero
2007-10-20 00:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Nero
2007-10-19 20:13 --------- d-----w C:\Program Files\AusLogics Disk Defrag
2007-10-19 19:47 --------- d-----w C:\Program Files\Common Files\Ahead
2007-10-19 17:47 --------- d-----w C:\Program Files\PConPoint
2007-10-19 17:07 --------- d-----w C:\Program Files\Easy Internet signup
2007-10-19 16:06 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-19 15:52 --------- d-----w C:\Program Files\IncrediMail
2007-10-19 05:37 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Intuit
2007-10-19 05:36 --------- dc----w C:\Documents and Settings\All Users\Application Data\Intuit
2007-10-19 05:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-19 05:20 --------- d-----w C:\Program Files\Common Files\Real
2007-10-19 05:18 --------- d-----w C:\Program Files\AOL Computer Check-Up
2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0f
2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0e
2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0b
2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0
2007-10-19 04:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-10-19 04:40 --------- d-----w C:\Program Files\HP
2007-10-19 04:33 1,716 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_PY208AV-ABA a1030e_YC_0Pavi_QMXG530_E53NAheBLU5_47_ISalmon_SASUSTek Computer INC._V1.04_B3.15_T051019_WXH2_L409_M896_J80_7AMD_8Sempron_91.81_#050913_N1039090
0_Z11C1048C_G10396330.MRK
2007-10-19 04:30 --------- d---a-w C:\Program Files\Common Files\LightScribe
2007-10-19 03:44 --------- d-----w C:\Program Files\Webshots
2007-10-19 02:54 --------- d-----w C:\Program Files\Rhapsody
2007-10-19 02:13 --------- d-----w C:\Program Files\BellSouth
2007-10-19 02:10 132,675 ----a-w C:\Program Files\INSTALL.LOG
2007-10-19 02:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-19 00:17 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\BellSouth
2007-10-19 00:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\BellSouth
2007-10-19 00:04 --------- d-----w C:\Program Files\Common Files\Motive
2007-10-18 23:50 4 -c--a-w C:\WINDOWSRegDefrag.dat
2007-10-17 18:12 --------- d-----w C:\Program Files\DFX
2007-10-17 08:43 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Move Networks
2007-10-17 08:43 --------- dc----w C:\Documents and Settings\All Users\Application Data\yahoo!
2007-10-17 08:43 --------- d--h--r C:\Documents and Settings\HP_Owner\Application Data\yahoo!
2007-10-17 08:42 --------- d-----w C:\Program Files\Common Files\Nullsoft
2007-10-17 08:41 --------- dc----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-17 08:41 --------- d-----w C:\Program Files\Multimedia Transcoding Tool
2007-10-17 08:40 --------- d-----w C:\Program Files\AOL 9.0a
2007-10-17 08:37 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AOL
2007-10-17 05:37 --------- d-----w C:\Program Files\web-radio
2007-10-17 04:09 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-12 04:03 --------- dc----w C:\Documents and Settings\All Users\Application Data\HipSoft
2007-10-11 19:08 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2007-10-10 16:50 --------- d-----w C:\Program Files\ACNielsen
2007-10-06 17:11 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-06 08:43 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\WeatherBug
2007-09-29 19:48 --------- dc----w C:\Documents and Settings\All Users\Application Data\DFX
2007-09-28 18:34 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Babylon
2007-09-24 13:05 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-24 13:05 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-20 13:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 13:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-01-10 17:15 839,684 ----a-w C:\WINDOWS\Fonts\Crack.exe
2007-01-10 17:15 839,683 --sh--w C:\WINDOWS\Fonts\svchost.exe
2006-11-12 18:42 0 ----a-w C:\Program Files\Common Files\err.log
2006-09-19 18:10 1 -c--a-w C:\Documents and Settings\HP_Owner\SI.bin
2006-05-10 18:26 299 -c--a-w C:\Documents and Settings\HP_Owner\Application Data\internaldb1942.dat
2006-01-26 20:53 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-01-10 17:15:15 839,683 --sh--w C:\WINDOWS\Fonts\svchost.exe
2005-11-15 21:39:10 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d91edfd0-519c-4707-8869-95221c3f4bc3}]
2007-11-13 20:18 80448 --a--c--- C:\WINDOWS\system32\jwwspdfs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}]
2007-11-14 02:21 37376 --a------ C:\WINDOWS\system32\nnnnkkk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-01-05 01:54 C:\WINDOWS\system32\SiSPower.dll]
"CTHelper"="CTHELPER.EXE" [2003-11-14 03:18 C:\WINDOWS\system32\CTHELPER.EXE]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 10:00]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 11:07]
"tgcmd"="C:\Program Files\Support.com\BellSouth\hcenter.exe" [2005-08-31 13:14]
"ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 12:12]
"AT&T Internet Security Suite"="C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe" [2007-06-28 15:09]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-18 21:47]
"HostManager"="C:\Program Files\Common Files\AOL\1192809728\ee\AOLSoftware.exe" [2007-04-12 16:23]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-08-30 13:04]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 18:14]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 00:34]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-11-16 13:55]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-01-10 12:15]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-10-09 11:02]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 16:57]
"AOL Fast Start"="C:\Program Files\AOL 9.0b\AOL.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:00]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 17:11]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-10-18 22:05]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-14 12:32]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB2355"=command /c del "C:\WINDOWS\system32\usysykju.dll_old"
"SpybotDeletingD5429"=cmd /c del "C:\WINDOWS\system32\usysykju.dll_old"
"SpybotDeletingB6316"=command /c del "C:\WINDOWS\system32\usysykju.dll"
"SpybotDeletingD1614"=cmd /c del "C:\WINDOWS\system32\usysykju.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingA781"=command /c del "C:\WINDOWS\system32\usysykju.dll_old"
"SpybotDeletingC8533"=cmd /c del "C:\WINDOWS\system32\usysykju.dll_old"
"SpybotDeletingA9287"=command /c del "C:\WINDOWS\system32\usysykju.dll"
"SpybotDeletingC3200"=cmd /c del "C:\WINDOWS\system32\usysykju.dll"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"=MIDIDEF.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}"= C:\WINDOWS\system32\nnnnkkk.dll [2007-11-14 02:21 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnkkk]
nnnnkkk.dll 2007-11-14 02:21 37376 C:\WINDOWS\system32\nnnnkkk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\usysykju]
usysykju.dll

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
S3 Radialpoint Security Services;AT&T Internet Security Suite;C:\WINDOWS\system32\dllhost.exe /Processid:{80098F68-1220-4F43-80A8-15C7395B8874}

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e29e2fbc-b976-11d9-bac2-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-11-12 19:06:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-03 03:55:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2007-11-12 13:57:00 C:\WINDOWS\Tasks\Find Duplicate Files.job"
- C:\PROGRA~1\ADVANC~1\finddupe.exe
"2007-11-09 21:45:01 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe
"2007-05-23 02:40:25 C:\WINDOWS\Tasks\HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe
"2007-05-28 00:35:29 C:\WINDOWS\Tasks\HubTask 2 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe
"2007-11-15 23:17:14 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-15 20:35:48 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-15 23:12:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
"2007-11-15 23:21:05 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-11-15 19:06:20 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-15 18:18:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-15 18:21:32 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-15 16:22
C:\ComboFix3.txt ... 2007-11-15 13:19
.
--- E O F ---

Hello rvbeaumont and welcome to BleepingComputer!

Apollogies for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log.

Thanks,

Johannes

It's back, just did combofix, and readded destroy, already have a great spyware, will run, but here is the latest log, and it didn't take it away, will try again, and log it on again.
ComboFix 07-11-19.4 - HP_Owner 2007-11-29 1:30:56.13 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.405 [GMT -5:00]Running from: C:\Documents and Settings\HP_Owner\My Documents\My Videos\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\HP_Owner\Desktop\Live Safety Center.lnk
C:\Documents and Settings\HP_Owner\Desktop\Online Security Guide.lnk
C:\Documents and Settings\HP_Owner\Favorites\Online Security Guide.lnk
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\c1
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\ihkmp.bak1
C:\WINDOWS\system32\ihkmp.bak2
C:\WINDOWS\system32\ihkmp.ini
C:\WINDOWS\system32\j2
C:\WINDOWS\system32\j2\ppjup83122.exe
C:\WINDOWS\system32\m8
C:\WINDOWS\system32\m8\nsts2dll1.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\pzvyotou.dllbox

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\core
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
.

2007-11-29 01:48 0 ---hs---- C:\WINDOWS\system32\pzvyotou.dllbox
2007-11-29 01:22 789,408 ---hs---- C:\WINDOWS\system32\kysndupv.ini
2007-11-29 01:17 144,480 --a------ C:\WINDOWS\system32\pzvyotou.dll
2007-11-29 01:16 144,480 --a--c--- C:\WINDOWS\system32\xkiuhcwh.dll
2007-11-29 01:13 77,888 --a--c--- C:\WINDOWS\system32\haecltty.dll
2007-11-29 01:11 71,232 --a--c--- C:\WINDOWS\system32\ndkttktx.exe
2007-11-27 23:26 36,864 --a------ C:\WINDOWS\system32\gebxutu.dll
2007-11-27 19:58 789,288 --ahs---- C:\WINDOWS\system32\rpddfylh.ini
2007-11-27 19:49 71,232 --a--c--- C:\WINDOWS\system32\astbfaoq.exe
2007-11-27 18:55 294 --ahs---- C:\WINDOWS\system32\lekemoub.ini
2007-11-27 12:06 78,912 --a--c--- C:\WINDOWS\system32\hggwfuxq.dll
2007-11-27 12:03 85,056 --a--c--- C:\WINDOWS\system32\lqhqyjwt.dll
2007-11-27 12:03 526 --ahs---- C:\WINDOWS\system32\twjyqhql.ini
2007-11-27 12:01 71,232 --a--c--- C:\WINDOWS\system32\hoebwqke.exe
2007-11-27 04:09 78,912 --a--c--- C:\WINDOWS\system32\ucvacjes.dll
2007-11-27 04:09 354 --ahs---- C:\WINDOWS\system32\raopqtos.ini
2007-11-27 04:08 36,864 --a------ C:\WINDOWS\system32\nnnkkjh.dll
2007-11-27 04:06 71,232 --a--c--- C:\WINDOWS\system32\amlmghtc.exe
2007-11-27 03:57 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-11-27 03:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{FAE72283-E912-4CA0-A263-E07183A4AF20}
2007-11-27 03:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{EF257B1A-26EA-4A90-9BCC-54CA818488E8}
2007-11-27 03:01 36 --ah----- C:\WINDOWS\system32\f9t.dat
2007-11-27 01:51 <DIR> d-------- C:\Program Files\iTunes
2007-11-26 20:40 80,960 --a--c--- C:\WINDOWS\system32\lyrgompo.dll
2007-11-26 20:37 85,056 --a--c--- C:\WINDOWS\system32\gocqxgou.dll
2007-11-26 20:37 534 --ahs---- C:\WINDOWS\system32\uogxqcog.ini
2007-11-26 20:35 71,232 --a--c--- C:\WINDOWS\system32\ahjllxju.exe
2007-11-26 20:09 80,960 --a--c--- C:\WINDOWS\system32\tktcfhak.dll
2007-11-26 20:09 474 --ahs---- C:\WINDOWS\system32\lqhtxddv.ini
2007-11-26 20:01 71,232 --a--c--- C:\WINDOWS\system32\gnbomdsc.exe
2007-11-26 03:49 354 --ahs---- C:\WINDOWS\system32\pnevawfw.ini
2007-11-26 03:45 80,960 --a--c--- C:\WINDOWS\system32\qmckutyp.dll
2007-11-26 03:40 71,232 --a--c--- C:\WINDOWS\system32\qccvxgpq.exe
2007-11-25 14:36 79,936 --a--c--- C:\WINDOWS\system32\rnghanvc.dll
2007-11-25 14:33 85,056 --a--c--- C:\WINDOWS\system32\mgigrpgh.dll
2007-11-25 14:33 294 --ahs---- C:\WINDOWS\system32\hgprgigm.ini
2007-11-25 14:31 71,232 --a--c--- C:\WINDOWS\system32\pkjrdxeq.exe
2007-11-25 13:35 79,936 --a--c--- C:\WINDOWS\system32\ynsnofiw.dll
2007-11-25 13:29 85,056 --a--c--- C:\WINDOWS\system32\hdisunts.dll
2007-11-25 13:29 414 --ahs---- C:\WINDOWS\system32\stnusidh.ini
2007-11-25 13:28 71,232 --a--c--- C:\WINDOWS\system32\gjkqifcb.exe
2007-11-25 01:57 79,936 --a--c--- C:\WINDOWS\system32\okgnmwqk.dll
2007-11-25 01:52 354 --ahs---- C:\WINDOWS\system32\dcmwijdi.ini
2007-11-25 01:50 71,232 --a--c--- C:\WINDOWS\system32\jusuqald.exe
2007-11-24 15:01 85,056 --a--c--- C:\WINDOWS\system32\txhsordg.dll
2007-11-24 15:01 294 --ahs---- C:\WINDOWS\system32\gdroshxt.ini
2007-11-24 14:58 81,472 --a--c--- C:\WINDOWS\system32\ddxfxlrq.dll
2007-11-24 14:55 71,232 --a--c--- C:\WINDOWS\system32\hgnccvss.exe
2007-11-23 12:17 83,520 --a--c--- C:\WINDOWS\system32\squneltu.dll
2007-11-23 12:11 85,056 --a--c--- C:\WINDOWS\system32\myvborev.dll
2007-11-23 12:09 71,232 --a--c--- C:\WINDOWS\system32\datqxpxm.exe
2007-11-23 02:50 <DIR> d-------- C:\Program Files\Microsoft Games
2007-11-23 02:50 83,520 --a--c--- C:\WINDOWS\system32\pesuexct.dll
2007-11-23 02:42 71,232 --a--c--- C:\WINDOWS\system32\ennqbiwg.exe
2007-11-23 01:32 83,520 --a--c--- C:\WINDOWS\system32\lofpawas.dll
2007-11-23 01:29 85,056 --a--c--- C:\WINDOWS\system32\gawvyhes.dll
2007-11-23 01:29 294 --ahs---- C:\WINDOWS\system32\sehyvwag.ini
2007-11-23 01:24 71,232 --a--c--- C:\WINDOWS\system32\ikersexg.exe
2007-11-23 01:00 83,520 --a--c--- C:\WINDOWS\system32\jwycvwpy.dll
2007-11-23 00:54 85,056 --a--c--- C:\WINDOWS\system32\xlhqqrlv.dll
2007-11-23 00:52 71,232 --a--c--- C:\WINDOWS\system32\iipiulaw.exe
2007-11-22 23:51 79,936 --a--c--- C:\WINDOWS\system32\rppbtokh.dll
2007-11-22 23:48 714,650 --ahs---- C:\WINDOWS\system32\ofspjqii.ini
2007-11-22 23:48 85,056 --a--c--- C:\WINDOWS\system32\iiqjpsfo.dll
2007-11-22 23:43 71,232 --a--c--- C:\WINDOWS\system32\yskbmyoy.exe
2007-11-21 19:41 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\iWin
2007-11-21 16:42 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2007-11-21 16:30 <DIR> d-------- C:\Program Files\LimeWire
2007-11-21 15:20 917,504 --a------ C:\WINDOWS\system32\FLASH.OCX
2007-11-21 15:02 80,960 --a--c--- C:\WINDOWS\system32\bivsylaf.dll
2007-11-21 14:59 714,590 --ahs---- C:\WINDOWS\system32\ytxcdfwy.ini
2007-11-21 14:57 71,232 --a--c--- C:\WINDOWS\system32\mcxotbcu.exe
2007-11-21 12:58 80,960 --a--c--- C:\WINDOWS\system32\rssruhne.dll
2007-11-21 12:52 714,461 --ahs---- C:\WINDOWS\system32\jqgrnofu.ini
2007-11-21 12:51 <DIR> d-------- C:\WINDOWS\system32\rMa05yy
2007-11-21 12:51 <DIR> d-------- C:\temp\abW9
2007-11-21 12:50 71,232 --a--c--- C:\WINDOWS\system32\niyldnmh.exe
2007-11-20 12:17 714,341 --ahs---- C:\WINDOWS\system32\jyahqbll.ini
2007-11-20 12:11 84,544 --a--c--- C:\WINDOWS\system32\fhuuiwdv.dll
2007-11-20 12:08 71,232 --a--c--- C:\WINDOWS\system32\ytwrvmwl.exe
2007-11-19 16:44 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\ArcSoft
2007-11-19 16:42 230,432 --a--c--- C:\PA7311.DAT
2007-11-19 16:39 <DIR> d-------- C:\Program Files\VGA USB Camera
2007-11-19 16:39 6,656 --a------ C:\WINDOWS\system32\CoInst.dll
2007-11-19 16:39 518 --a------ C:\WINDOWS\system32\SP7311.INI
2007-11-19 15:40 53,248 --a------ C:\WINDOWS\system32\PAStiSvc.exe
2007-11-19 15:39 <DIR> d-------- C:\WINDOWS\PixArt
2007-11-19 15:11 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2007-11-19 15:11 <DIR> d-------- C:\Program Files\ArcSoft
2007-11-19 15:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2007-11-19 15:11 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-11-19 15:11 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2007-11-19 12:18 685,712 --ahs---- C:\WINDOWS\system32\xjbmwhgg.ini
2007-11-19 12:18 85,056 --a--c--- C:\WINDOWS\system32\gghwmbjx.dll
2007-11-19 12:15 83,008 --a--c--- C:\WINDOWS\system32\redpfdtq.dll
2007-11-18 12:14 79,424 --a--c--- C:\WINDOWS\system32\dvodghbp.dll
2007-11-18 12:11 677,929 --ahs---- C:\WINDOWS\system32\nihodhut.ini
2007-11-18 12:11 85,056 --a--c--- C:\WINDOWS\system32\tuhdohin.dll
2007-11-18 12:08 71,232 --a--c--- C:\WINDOWS\system32\fvlxugyf.exe
2007-11-17 12:16 85,056 --a--c--- C:\WINDOWS\system32\xodqlyvu.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-29 06:49 36,864 -c--a-w C:\svchost.exe
2007-11-27 09:38 --------- d-----w C:\Program Files\Real
2007-11-27 08:56 --------- d-----w C:\Program Files\Common Files\Real
2007-11-27 08:03 --------- d-----w C:\Program Files\Stamps.com Internet Postage
2007-11-27 07:51 --------- dc----w C:\Documents and Settings\All Users\Application Data\{75EE35BC-E993-41FD-9DBA-9AD37F50E521}
2007-11-27 01:05 9,356 -c--a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2007-11-26 08:37 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-26 08:14 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\IGN_DLM
2007-11-23 05:51 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-21 17:49 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AT&T
2007-11-21 08:40 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\My Battle for Middle-earth Files
2007-11-21 08:40 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Move Networks
2007-11-21 08:40 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Audacity
2007-11-21 08:40 --------- d--h--r C:\Documents and Settings\HP_Owner\Application Data\yahoo!
2007-11-21 08:40 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Viewpoint
2007-11-21 06:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-20 07:21 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-20 07:20 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-19 22:23 --------- d-----w C:\Program Files\Common Files\Logitech
2007-11-19 18:44 --------- d-----w C:\Program Files\Google
2007-11-19 18:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-19 17:42 --------- d-----w C:\Program Files\Yahoo!
2007-11-19 17:42 --------- d-----w C:\Program Files\QuickTime
2007-11-19 17:42 --------- d-----w C:\Program Files\Online Backup
2007-11-19 17:42 --------- d-----w C:\Program Files\MSN Toolbar Suite
2007-11-19 17:42 --------- d-----w C:\Program Files\MSN Messenger
2007-11-19 17:41 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-11-19 17:41 --------- d-----w C:\Program Files\Java
2007-11-19 17:41 --------- d-----w C:\Program Files\ICOO Loader
2007-11-19 17:41 --------- d-----w C:\Program Files\HPQ
2007-11-19 17:41 --------- d-----w C:\Program Files\GameSpy Arcade
2007-11-19 17:40 --------- d-----w C:\Program Files\Common Files\aolshare
2007-11-19 17:40 --------- d-----w C:\Program Files\America Online 9.0i
2007-11-17 19:13 --------- d-----w C:\Program Files\Common Files\Motive
2007-11-15 22:05 --------- d-----w C:\Program Files\Advanced System Optimizer
2007-11-15 21:55 --------- d-----w C:\Program Files\Trend Micro
2007-11-13 22:35 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-10 18:52 --------- d-----w C:\Program Files\InterActual
2007-11-08 23:16 --------- d-----w C:\Program Files\coolpro2
2007-11-04 18:29 --------- d-----w C:\Program Files\Sonic
2007-10-25 07:25 --------- d-----w C:\Program Files\MSECache
2007-10-25 07:05 --------- d-----w C:\Program Files\Download Manager
2007-10-24 06:44 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\QQ Games Plugin
2007-10-22 22:54 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2007-10-20 22:35 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\muvee Technologies
2007-10-20 17:52 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2007-10-20 00:11 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Nero
2007-10-20 00:03 --------- d-----w C:\Program Files\Common Files\Nero
2007-10-20 00:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Nero
2007-10-20 00:01 --------- d-----w C:\Program Files\Nero
2007-10-19 20:13 --------- d-----w C:\Program Files\AusLogics Disk Defrag
2007-10-19 19:47 --------- d-----w C:\Program Files\Common Files\Ahead
2007-10-19 17:47 --------- d-----w C:\Program Files\PConPoint
2007-10-19 17:07 --------- d-----w C:\Program Files\Easy Internet signup
2007-10-19 16:06 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-19 15:52 --------- d-----w C:\Program Files\IncrediMail
2007-10-19 15:23 --------- d-----w C:\Program Files\AOL Companion
2007-10-19 05:41 --------- d-----w C:\Program Files\Audacity
2007-10-19 05:36 --------- dc----w C:\Documents and Settings\All Users\Application Data\Intuit
2007-10-19 05:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-19 05:19 --------- d-----w C:\Program Files\BellSouth Application Management
2007-10-19 05:18 --------- d-----w C:\Program Files\AOL Computer Check-Up
2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0f
2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0e
2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0b
2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0
2007-10-19 04:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-10-19 04:40 --------- d-----w C:\Program Files\Learn2.com
2007-10-19 04:40 --------- d-----w C:\Program Files\HP
2007-10-19 04:35 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Symantec
2007-10-19 04:34 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2007-10-19 04:33 1,716 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_PY208AV-ABA a1030e_YC_0Pavi_QMXG530_E53NAheBLU5_47_ISalmon_SASUSTek Computer INC._V1.04_B3.15_T051019_WXH2_L409_M896_J80_7AMD_8Sempron_91.81_#050913_N1039090
0_Z11C1048C_G10396330.MRK
2007-10-19 04:30 --------- d---a-w C:\Program Files\Common Files\LightScribe
2007-10-19 03:44 --------- d-----w C:\Program Files\Webshots
2007-10-19 03:27 8,413 ----a-w C:\WINDOWS\system32\drivers\mcstrm.sys
2007-10-19 02:54 --------- d-----w C:\Program Files\Rhapsody
2007-10-19 02:21 --------- d-----w C:\Program Files\Common Files\Scanner
2007-10-19 02:16 --------- dc----w C:\Documents and Settings\All Users\Application Data\Raxco
2007-10-19 02:16 --------- d-----w C:\Program Files\Raxco
2007-10-19 02:16 --------- d-----w C:\Program Files\Common Files\Authentium
2007-10-19 02:15 --------- dc----w C:\Documents and Settings\All Users\Application Data\AT&T
2007-10-19 02:15 --------- d-----w C:\Program Files\CA
2007-10-19 02:15 --------- d-----w C:\Program Files\AT&T
2007-10-19 02:13 --------- d-----w C:\Program Files\BellSouth
2007-10-19 02:10 132,675 ----a-w C:\Program Files\INSTALL.LOG
2007-10-19 02:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-19 00:17 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\BellSouth
2007-10-19 00:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\BellSouth
2007-10-19 00:08 --------- d-----w C:\Program Files\Common Files\SupportSoft
2007-10-18 23:50 4 -c--a-w C:\WINDOWSRegDefrag.dat
2007-10-17 21:39 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\URSoft
2007-10-17 18:12 --------- d-----w C:\Program Files\DFX
2007-10-17 08:45 --------- dc----w C:\Documents and Settings\All Users\Application Data\Babylon
2007-10-17 08:43 --------- dc----w C:\Documents and Settings\All Users\Application Data\yahoo!
2007-10-17 08:42 --------- d-----w C:\Program Files\Common Files\Nullsoft
2007-10-17 08:41 --------- dc----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-17 08:41 --------- d-----w C:\Program Files\Multimedia Transcoding Tool
2007-10-17 08:40 --------- d-----w C:\Program Files\AOL 9.0a
2007-10-17 08:37 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AOL
2007-10-17 04:09 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-01-10 17:15 290,817 --sh--w C:\WINDOWS\Fonts\svchost.exe
2005-11-15 21:39 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02914A9D-75B0-48FA-9FF4-6593633F86B9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14EF0ED5-350D-4D1E-BD83-912E8890233C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17ADD453-B11F-48B9-9A91-FF61E0443962}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1DF88ED8-3757-4741-BD74-5380C9618EA9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{554AE99C-B34F-4708-8B30-09FFEDBBFFC4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68B23624-4DAA-4A6E-808A-AA0A766014FC}]
2007-08-02 08:43 282624 --a------ C:\Program Files\MSN Gaming Zone\niqy83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7398f3b7-2336-4a93-8f05-f9e77ef24dbc}]
2007-11-29 01:52 171520 --a------ C:\WINDOWS\system32\prowfvt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7527f8af-4e27-40f5-a273-903aebd7ba40}]
2007-11-29 01:13 77888 --a--c--- C:\WINDOWS\system32\haecltty.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C6D3701-B4E2-4222-BA7B-A1148A7D043D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E08ACE5-DA89-48D4-B3EE-F0D4F9564C5A}]
2007-08-02 08:43 282624 --a------ C:\Program Files\MSN Gaming Zone\niqy4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984CC232-B0BD-427B-99B6-A68494725B53}]
2007-08-02 08:43 282624 --a------ C:\Program Files\MSN Gaming Zone\niqy83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-29 01:17 144480 --a------ C:\WINDOWS\system32\pzvyotou.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC4E019E-26B4-45C5-ADEE-C26BD9BB2701}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}]
2007-11-14 02:21 37376 --a------ C:\WINDOWS\system32\nnnnkkk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E29E966E-BA13-4EB5-B7E4-9045E6799DF2}]
2007-11-29 01:52 322144 --a------ C:\WINDOWS\system32\mljjh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6763192-2D5B-4DAF-A49F-0592182BD33E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E72C75C6-DD4F-47CA-9BED-E5265D6BB412}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6711FDD-6B25-4A67-B8C3-9B1BE96BC87A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\pzvyotou.dll [2007-11-29 01:17 144480]

[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\pzvyotou.dll [2007-11-29 01:17 144480]

[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-10-09 11:02]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:00]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 17:11]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-10-18 22:05]
"WebBuying"="C:\Program Files\Web Buying\v1.8.6\webbuying.exe" [2007-11-29 01:51]
"Insider"="C:\Program Files\Insider\Insider.exe" [2007-11-29 01:55]
"WinTouch"="C:\Documents and Settings\HP_Owner\Application Data\WinTouch\WinTouch.exe" [2007-11-29 02:00]
"SfKg6w"="C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Windows\rayiou.exe" [2007-11-29 02:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="Rundll32.exe" [2004-08-03 23:00 C:\WINDOWS\system32\rundll32.exe]
"CTHelper"="CTHELPER.EXE" [2003-11-14 03:18 C:\WINDOWS\system32\CTHELPER.EXE]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 10:00]
"ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 12:12]
"AT&T Internet Security Suite"="C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe" [2007-06-28 15:09]
"HostManager"="C:\Program Files\Common Files\AOL\1192809728\ee\AOLSoftware.exe" [2007-04-12 16:23]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-08-30 13:04]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 18:14]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 00:34]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-01-10 12:15]
"HelpCenter4.1"="C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-10-22 10:27]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-27 03:53]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-11-16 13:55]
"0c9120a5"="C:\WINDOWS\system32\vpudnsyk.dll" [2007-11-29 01:22]
"runner1"="C:\WINDOWS\mrofinu1188.exe" [2007-11-29 01:51]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 04:13 C:\WINDOWS\MIDIDEF.EXE]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2005-09-15 22:44:01]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}"= C:\WINDOWS\system32\nnnnkkk.dll [2007-11-14 02:21 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnkkk]
nnnnkkk.dll 2007-11-14 02:21 37376 C:\WINDOWS\system32\nnnnkkk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pzvyotou]
pzvyotou.dll 2007-11-29 01:17 144480 C:\WINDOWS\system32\pzvyotou.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\usysykju]
usysykju.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljjh.dll
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0c9120a5]
rundll32.exe C:\WINDOWS\system32\gocqxgou.dll,b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2004-04-07 11:07 496752 --a------ C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
c:\progra~1\common~1\instal~1\update~1\issch.exe -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBInstall]
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\MBDownloader_876923.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257

R3 PAC7311;VGA USB Camera;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e29e2fbc-b976-11d9-bac2-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - CORE
.
Contents of the 'Scheduled Tasks' folder
"2007-11-24 04:55:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2007-11-26 13:57:00 C:\WINDOWS\Tasks\Find Duplicate Files.job"
- C:\PROGRA~1\ADVANC~1\finddupe.exe
"2007-11-28 22:15:06 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe
"2007-05-23 02:40:25 C:\WINDOWS\Tasks\HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
"2007-05-28 00:35:29 C:\WINDOWS\Tasks\HubTask 2 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 2 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
"2007-11-29 06:48:23 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-22 11:57:40 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-29 07:02:01 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
"2007-11-29 06:48:22 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-11-27 08:01:31 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 01:48:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\pac.txt 279600 bytes
C:\WINDOWS\system32\prowfvt.dll 171520 bytes executable
C:\WINDOWS\system32\hjjlm.ini 320 bytes
C:\WINDOWS\system32\daSgo18

scan completed successfully
hidden files: 4

**************************************************************************
.
Completion time: 2007-11-29 2:04:17 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-27 23:38
C:\ComboFix3.txt ... 2007-11-15 19:47
.
--- E O F ---

well I forgot to unplug the internet,so the last one did nothing, and I think it's popping up again. I have unabled IE and working on firefox. Here's the latest
ComboFix 07-11-19.4 - HP_Owner 2007-11-29 4:20:52.16 - NTFSx86
Running from: C:\Documents and Settings\HP_Owner\My Documents\My Videos\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\HP_Owner\Desktop\Live Safety Center.lnk
C:\Documents and Settings\HP_Owner\Desktop\Online Security Guide.lnk
C:\Documents and Settings\HP_Owner\Favorites\Online Security Guide.lnk
C:\WINDOWS\system32\pzvyotou.dllbox

.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
.

2007-11-29 01:51 <DIR> d-------- C:\WINDOWS\system32\mm6
2007-11-29 01:51 <DIR> d-------- C:\WINDOWS\system32\hv2
2007-11-29 01:51 <DIR> d-------- C:\WINDOWS\system32\ft21
2007-11-29 01:51 <DIR> d-------- C:\WINDOWS\system32\dr1
2007-11-29 01:51 <DIR> d-------- C:\WINDOWS\system32\daSgo18
2007-11-29 01:51 <DIR> d-------- C:\temp\bkR11
2007-11-29 01:51 37,376 --a------ C:\WINDOWS\system32\byxwwts.dll
2007-11-29 01:22 1,407,109 ---hs---- C:\WINDOWS\system32\kysndupv.ini
2007-11-29 01:22 85,056 --a--c--- C:\WINDOWS\system32\vpudnsyk.dll
2007-11-29 01:17 144,480 --------- C:\WINDOWS\system32\pzvyotou.dll_old
2007-11-29 01:17 144,480 --ah----- C:\WINDOWS\system32\pzvyotou.dll
2007-11-29 01:16 144,480 --a--c--- C:\WINDOWS\system32\xkiuhcwh.dll
2007-11-29 01:13 77,888 --a--c--- C:\WINDOWS\system32\haecltty.dll
2007-11-27 23:26 36,864 --a------ C:\WINDOWS\system32\gebxutu.dll
2007-11-27 19:58 789,288 --ahs---- C:\WINDOWS\system32\rpddfylh.ini
2007-11-27 18:55 294 --ahs---- C:\WINDOWS\system32\lekemoub.ini
2007-11-27 12:06 78,912 --a--c--- C:\WINDOWS\system32\hggwfuxq.dll
2007-11-27 12:03 85,056 --a--c--- C:\WINDOWS\system32\lqhqyjwt.dll
2007-11-27 12:03 526 --ahs---- C:\WINDOWS\system32\twjyqhql.ini
2007-11-27 04:09 78,912 --a--c--- C:\WINDOWS\system32\ucvacjes.dll
2007-11-27 04:09 354 --ahs---- C:\WINDOWS\system32\raopqtos.ini
2007-11-27 04:08 36,864 --a------ C:\WINDOWS\system32\nnnkkjh.dll
2007-11-27 03:57 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-11-27 03:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{FAE72283-E912-4CA0-A263-E07183A4AF20}
2007-11-27 03:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{EF257B1A-26EA-4A90-9BCC-54CA818488E8}
2007-11-27 03:01 36 --ah----- C:\WINDOWS\system32\f9t.dat
2007-11-27 01:51 <DIR> d-------- C:\Program Files\iTunes
2007-11-26 20:40 80,960 --a--c--- C:\WINDOWS\system32\lyrgompo.dll
2007-11-26 20:37 85,056 --a--c--- C:\WINDOWS\system32\gocqxgou.dll
2007-11-26 20:37 534 --ahs---- C:\WINDOWS\system32\uogxqcog.ini
2007-11-26 20:09 80,960 --a--c--- C:\WINDOWS\system32\tktcfhak.dll
2007-11-26 20:09 474 --ahs---- C:\WINDOWS\system32\lqhtxddv.ini
2007-11-26 03:49 354 --ahs---- C:\WINDOWS\system32\pnevawfw.ini
2007-11-26 03:45 80,960 --a--c--- C:\WINDOWS\system32\qmckutyp.dll
2007-11-25 14:36 79,936 --a--c--- C:\WINDOWS\system32\rnghanvc.dll
2007-11-25 14:33 85,056 --a--c--- C:\WINDOWS\system32\mgigrpgh.dll
2007-11-25 14:33 294 --ahs---- C:\WINDOWS\system32\hgprgigm.ini
2007-11-25 13:35 79,936 --a--c--- C:\WINDOWS\system32\ynsnofiw.dll
2007-11-25 13:29 85,056 --a--c--- C:\WINDOWS\system32\hdisunts.dll
2007-11-25 13:29 414 --ahs---- C:\WINDOWS\system32\stnusidh.ini
2007-11-25 01:57 79,936 --a--c--- C:\WINDOWS\system32\okgnmwqk.dll
2007-11-25 01:52 354 --ahs---- C:\WINDOWS\system32\dcmwijdi.ini
2007-11-24 15:01 85,056 --a--c--- C:\WINDOWS\system32\txhsordg.dll
2007-11-24 15:01 294 --ahs---- C:\WINDOWS\system32\gdroshxt.ini
2007-11-24 14:58 81,472 --a--c--- C:\WINDOWS\system32\ddxfxlrq.dll
2007-11-23 12:17 83,520 --a--c--- C:\WINDOWS\system32\squneltu.dll
2007-11-23 12:11 85,056 --a--c--- C:\WINDOWS\system32\myvborev.dll
2007-11-23 12:11 294 --ahs---- C:\WINDOWS\system32\verobvym.ini
2007-11-23 02:50 <DIR> d-------- C:\Program Files\Microsoft Games
2007-11-23 02:50 83,520 --a--c--- C:\WINDOWS\system32\pesuexct.dll
2007-11-23 02:44 85,056 --a--c--- C:\WINDOWS\system32\wbgpqwru.dll
2007-11-23 02:44 294 --ahs---- C:\WINDOWS\system32\urwqpgbw.ini
2007-11-23 01:32 83,520 --a--c--- C:\WINDOWS\system32\lofpawas.dll
2007-11-23 01:29 85,056 --a--c--- C:\WINDOWS\system32\gawvyhes.dll
2007-11-23 01:29 294 --ahs---- C:\WINDOWS\system32\sehyvwag.ini
2007-11-23 01:00 83,520 --a--c--- C:\WINDOWS\system32\jwycvwpy.dll
2007-11-23 00:54 85,056 --a--c--- C:\WINDOWS\system32\xlhqqrlv.dll
2007-11-23 00:54 294 --ahs---- C:\WINDOWS\system32\vlrqqhlx.ini
2007-11-22 23:51 79,936 --a--c--- C:\WINDOWS\system32\rppbtokh.dll
2007-11-22 23:48 714,650 --ahs---- C:\WINDOWS\system32\ofspjqii.ini
2007-11-22 23:48 85,056 --a--c--- C:\WINDOWS\system32\iiqjpsfo.dll
2007-11-21 19:41 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\iWin
2007-11-21 16:42 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2007-11-21 16:30 <DIR> d-------- C:\Program Files\LimeWire
2007-11-21 15:20 917,504 --a------ C:\WINDOWS\system32\FLASH.OCX
2007-11-21 15:02 80,960 --a--c--- C:\WINDOWS\system32\bivsylaf.dll
2007-11-21 14:59 714,590 --ahs---- C:\WINDOWS\system32\ytxcdfwy.ini
2007-11-21 12:58 80,960 --a--c--- C:\WINDOWS\system32\rssruhne.dll
2007-11-21 12:52 714,461 --ahs---- C:\WINDOWS\system32\jqgrnofu.ini
2007-11-21 12:51 <DIR> d-------- C:\WINDOWS\system32\rMa05yy
2007-11-21 12:51 <DIR> d-------- C:\temp\abW9
2007-11-20 12:17 714,341 --ahs---- C:\WINDOWS\system32\jyahqbll.ini
2007-11-20 12:11 84,544 --a--c--- C:\WINDOWS\system32\fhuuiwdv.dll
2007-11-19 16:44 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\ArcSoft
2007-11-19 16:42 230,432 --a--c--- C:\PA7311.DAT
2007-11-19 16:39 <DIR> d-------- C:\Program Files\VGA USB Camera
2007-11-19 16:39 6,656 --a------ C:\WINDOWS\system32\CoInst.dll
2007-11-19 16:39 518 --a------ C:\WINDOWS\system32\SP7311.INI
2007-11-19 15:40 53,248 --a------ C:\WINDOWS\system32\PAStiSvc.exe
2007-11-19 15:39 <DIR> d-------- C:\WINDOWS\PixArt
2007-11-19 15:11 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2007-11-19 15:11 <DIR> d-------- C:\Program Files\ArcSoft
2007-11-19 15:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2007-11-19 15:11 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-11-19 15:11 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2007-11-19 12:18 685,712 --ahs---- C:\WINDOWS\system32\xjbmwhgg.ini
2007-11-19 12:18 85,056 --a--c--- C:\WINDOWS\system32\gghwmbjx.dll
2007-11-19 12:15 83,008 --a--c--- C:\WINDOWS\system32\redpfdtq.dll
2007-11-18 12:14 79,424 --a--c--- C:\WINDOWS\system32\dvodghbp.dll
2007-11-18 12:11 677,929 --ahs---- C:\WINDOWS\system32\nihodhut.ini
2007-11-18 12:11 85,056 --a--c--- C:\WINDOWS\system32\tuhdohin.dll
2007-11-17 12:16 677,938 --ahs---- C:\WINDOWS\system32\uvylqdox.ini
2007-11-17 12:16 85,056 --a--c--- C:\WINDOWS\system32\xodqlyvu.dll
2007-11-17 12:10 82,496 --a--c--- C:\WINDOWS\system32\xtjgbnjy.dll
2007-11-17 02:17 40,960 --a--c--- C:\Documents and Settings\HP_Owner\f.exe
2007-11-17 02:17 36,352 --a------ C:\WINDOWS\system32\rqrrspq.dll
2007-11-17 02:17 13,902 --a--c--- C:\Documents and Settings\HP_Owner\z.dat
2007-11-17 02:17 1,249 --a--c--- C:\Documents and Settings\HP_Owner\x.dat
2007-11-17 02:17 260 --a--c--- C:\6463.bat
2007-11-16 12:15 81,984 --a--c--- C:\WINDOWS\system32\pfuofenr.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-29 07:11 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-27 09:38 --------- d-----w C:\Program Files\Real
2007-11-27 08:56 --------- d-----w C:\Program Files\Common Files\Real
2007-11-27 08:03 --------- d-----w C:\Program Files\Stamps.com Internet Postage
2007-11-27 07:51 --------- dc----w C:\Documents and Settings\All Users\Application Data\{75EE35BC-E993-41FD-9DBA-9AD37F50E521}
2007-11-27 01:05 9,356 -c--a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2007-11-26 08:14 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\IGN_DLM
2007-11-23 05:51 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-21 17:49 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AT&T
2007-11-21 08:40 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\My Battle for Middle-earth Files
2007-11-21 08:40 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Move Networks
2007-11-21 08:40 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Audacity
2007-11-21 08:40 --------- d--h--r C:\Documents and Settings\HP_Owner\Application Data\yahoo!
2007-11-21 08:40 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Viewpoint
2007-11-21 06:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-20 07:21 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-20 07:20 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-19 22:23 --------- d-----w C:\Program Files\Common Files\Logitech
2007-11-19 18:44 --------- d-----w C:\Program Files\Google
2007-11-19 18:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-19 17:42 --------- d-----w C:\Program Files\Yahoo!
2007-11-19 17:42 --------- d-----w C:\Program Files\QuickTime
2007-11-19 17:42 --------- d-----w C:\Program Files\Online Backup
2007-11-19 17:42 --------- d-----w C:\Program Files\MSN Toolbar Suite
2007-11-19 17:42 --------- d-----w C:\Program Files\MSN Messenger
2007-11-19 17:41 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-11-19 17:41 --------- d-----w C:\Program Files\Java
2007-11-19 17:41 --------- d-----w C:\Program Files\ICOO Loader
2007-11-19 17:41 --------- d-----w C:\Program Files\HPQ
2007-11-19 17:41 --------- d-----w C:\Program Files\GameSpy Arcade
2007-11-19 17:40 --------- d-----w C:\Program Files\Common Files\aolshare
2007-11-19 17:40 --------- d-----w C:\Program Files\America Online 9.0i
2007-11-17 19:13 --------- d-----w C:\Program Files\Common Files\Motive
2007-11-15 22:05 --------- d-----w C:\Program Files\Advanced System Optimizer
2007-11-15 21:55 --------- d-----w C:\Program Files\Trend Micro
2007-11-13 22:35 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-10 18:52 --------- d-----w C:\Program Files\InterActual
2007-11-08 23:16 --------- d-----w C:\Program Files\coolpro2
2007-11-04 18:29 --------- d-----w C:\Program Files\Sonic
2007-10-25 07:25 --------- d-----w C:\Program Files\MSECache
2007-10-25 07:05 --------- d-----w C:\Program Files\Download Manager
2007-10-24 06:44 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\QQ Games Plugin
2007-10-22 22:54 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2007-10-20 22:35 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\muvee Technologies
2007-10-20 17:52 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2007-10-20 00:11 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Nero
2007-10-20 00:03 --------- d-----w C:\Program Files\Common Files\Nero
2007-10-20 00:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Nero
2007-10-20 00:01 --------- d-----w C:\Program Files\Nero
2007-10-19 20:13 --------- d-----w C:\Program Files\AusLogics Disk Defrag
2007-10-19 19:47 --------- d-----w C:\Program Files\Common Files\Ahead
2007-10-19 17:47 --------- d-----w C:\Program Files\PConPoint
2007-10-19 17:07 --------- d-----w C:\Program Files\Easy Internet signup
2007-10-19 16:06 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-19 15:52 --------- d-----w C:\Program Files\IncrediMail
2007-10-19 15:23 --------- d-----w C:\Program Files\AOL Companion
2007-10-19 05:41 --------- d-----w C:\Program Files\Audacity
2007-10-19 05:36 --------- dc----w C:\Documents and Settings\All Users\Application Data\Intuit
2007-10-19 05:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-19 05:19 --------- d-----w C:\Program Files\BellSouth Application Management
2007-10-19 05:18 --------- d-----w C:\Program Files\AOL Computer Check-Up
2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0f
2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0e
2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0b
2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0
2007-10-19 04:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-10-19 04:40 --------- d-----w C:\Program Files\Learn2.com
2007-10-19 04:40 --------- d-----w C:\Program Files\HP
2007-10-19 04:35 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Symantec
2007-10-19 04:34 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2007-10-19 04:33 1,716 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_PY208AV-ABA a1030e_YC_0Pavi_QMXG530_E53NAheBLU5_47_ISalmon_SASUSTek Computer INC._V1.04_B3.15_T051019_WXH2_L409_M896_J80_7AMD_8Sempron_91.81_#050913_N1039090
0_Z11C1048C_G10396330.MRK
2007-10-19 04:30 --------- d---a-w C:\Program Files\Common Files\LightScribe
2007-10-19 03:44 --------- d-----w C:\Program Files\Webshots
2007-10-19 03:27 8,413 ----a-w C:\WINDOWS\system32\drivers\mcstrm.sys
2007-10-19 02:54 --------- d-----w C:\Program Files\Rhapsody
2007-10-19 02:21 --------- d-----w C:\Program Files\Common Files\Scanner
2007-10-19 02:16 --------- dc----w C:\Documents and Settings\All Users\Application Data\Raxco
2007-10-19 02:16 --------- d-----w C:\Program Files\Raxco
2007-10-19 02:16 --------- d-----w C:\Program Files\Common Files\Authentium
2007-10-19 02:15 --------- dc----w C:\Documents and Settings\All Users\Application Data\AT&T
2007-10-19 02:15 --------- d-----w C:\Program Files\CA
2007-10-19 02:15 --------- d-----w C:\Program Files\AT&T
2007-10-19 02:13 --------- d-----w C:\Program Files\BellSouth
2007-10-19 02:10 132,675 ----a-w C:\Program Files\INSTALL.LOG
2007-10-19 02:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-19 00:17 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\BellSouth
2007-10-19 00:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\BellSouth
2007-10-19 00:08 --------- d-----w C:\Program Files\Common Files\SupportSoft
2007-10-18 23:50 4 -c--a-w C:\WINDOWSRegDefrag.dat
2007-10-17 21:39 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\URSoft
2007-10-17 18:12 --------- d-----w C:\Program Files\DFX
2007-10-17 08:45 --------- dc----w C:\Documents and Settings\All Users\Application Data\Babylon
2007-10-17 08:43 --------- dc----w C:\Documents and Settings\All Users\Application Data\yahoo!
2007-10-17 08:42 --------- d-----w C:\Program Files\Common Files\Nullsoft
2007-10-17 08:41 --------- dc----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-17 08:41 --------- d-----w C:\Program Files\Multimedia Transcoding Tool
2007-10-17 08:40 --------- d-----w C:\Program Files\AOL 9.0a
2007-10-17 08:37 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AOL
2007-10-17 04:09 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-12 04:03 --------- dc----w C:\Documents and Settings\All Users\Application Data\HipSoft
2007-01-10 17:15 290,817 --sh--w C:\WINDOWS\Fonts\svchost.exe
2005-11-15 21:39 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02914A9D-75B0-48FA-9FF4-6593633F86B9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14EF0ED5-350D-4D1E-BD83-912E8890233C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17ADD453-B11F-48B9-9A91-FF61E0443962}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1DF88ED8-3757-4741-BD74-5380C9618EA9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{554AE99C-B34F-4708-8B30-09FFEDBBFFC4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68B23624-4DAA-4A6E-808A-AA0A766014FC}]
C:\Program Files\MSN Gaming Zone\niqy83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7527f8af-4e27-40f5-a273-903aebd7ba40}]
2007-11-29 01:13 77888 --a--c--- C:\WINDOWS\system32\haecltty.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C6D3701-B4E2-4222-BA7B-A1148A7D043D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E08ACE5-DA89-48D4-B3EE-F0D4F9564C5A}]
C:\Program Files\MSN Gaming Zone\niqy4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984CC232-B0BD-427B-99B6-A68494725B53}]
C:\Program Files\MSN Gaming Zone\niqy83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-29 04:14 144480 --ah----- C:\WINDOWS\system32\pzvyotou.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC4E019E-26B4-45C5-ADEE-C26BD9BB2701}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}]
2007-11-14 02:21 37376 --a------ C:\WINDOWS\system32\nnnnkkk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E29E966E-BA13-4EB5-B7E4-9045E6799DF2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6763192-2D5B-4DAF-A49F-0592182BD33E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E72C75C6-DD4F-47CA-9BED-E5265D6BB412}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6711FDD-6B25-4A67-B8C3-9B1BE96BC87A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\pzvyotou.dll [2007-11-29 04:14 144480]

[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\pzvyotou.dll [2007-11-29 04:14 144480]

[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-10-09 11:02]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:00]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 17:11]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-10-18 22:05]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"Srro"="C:\DOCUME~1\HP_Owner\MYDOCU~1\MCROSO~1.NET\wucrtupd.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB1320"="command /c del C:\WINDOWS\system32\pzvyotou.dll_old" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="Rundll32.exe" [2004-08-03 23:00 C:\WINDOWS\system32\rundll32.exe]
"CTHelper"="CTHELPER.EXE" [2003-11-14 03:18 C:\WINDOWS\system32\CTHELPER.EXE]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 10:00]
"ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 12:12]
"AT&T Internet Security Suite"="C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe" [2007-06-28 15:09]
"HostManager"="C:\Program Files\Common Files\AOL\1192809728\ee\AOLSoftware.exe" [2007-04-12 16:23]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-08-30 13:04]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 18:14]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 00:34]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-01-10 12:15]
"HelpCenter4.1"="C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-10-22 10:27]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-27 03:53]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-11-16 13:55]
"0c9120a5"="C:\WINDOWS\system32\vpudnsyk.dll" [2007-11-29 01:22]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-03 23:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2007-08-31 16:46]
"SpybotDeletingA5729"="command /c del C:\WINDOWS\system32\pzvyotou.dll_old" []
"SpybotDeletingC3972"="cmd /c del C:\WINDOWS\system32\pzvyotou.dll_old" []
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-03 23:00]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 04:13 C:\WINDOWS\MIDIDEF.EXE]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2005-09-15 22:44:01]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}"= C:\WINDOWS\system32\nnnnkkk.dll [2007-11-14 02:21 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnkkk]
nnnnkkk.dll 2007-11-14 02:21 37376 C:\WINDOWS\system32\nnnnkkk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pzvyotou]
pzvyotou.dll 2007-11-29 04:14 144480 C:\WINDOWS\system32\pzvyotou.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\usysykju]
usysykju.dll
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0c9120a5]
rundll32.exe C:\WINDOWS\system32\gocqxgou.dll,b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2004-04-07 11:07 496752 --a------ C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
c:\progra~1\common~1\instal~1\update~1\issch.exe -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBInstall]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

R3 PAC7311;VGA USB Camera;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e29e2fbc-b976-11d9-bac2-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-11-24 04:55:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2007-11-29 13:57:00 C:\WINDOWS\Tasks\Find Duplicate Files.job"
- C:\PROGRA~1\ADVANC~1\finddupe.exe
"2007-11-28 22:15:06 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
"2007-05-23 02:40:25 C:\WINDOWS\Tasks\HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
"2007-05-28 00:35:29 C:\WINDOWS\Tasks\HubTask 2 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 2 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
"2007-11-29 14:28:58 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-29 08:00:44 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-29 14:42:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
"2007-11-29 14:28:58 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-11-27 08:01:31 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 09:28:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-29 9:42:26 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-29 03:22
C:\ComboFix3.txt ... 2007-11-29 02:04
.
--- E O F ---

Hey rvbeaumont,

while it is noble that you are trying to help and are probably a bit frustrated by your infected pc, please only run the tools we ask you to. In this case there was only a request for a HijackThis log, not a ComboFix log!

Please note that you are infected with a trojan (horse) or a Backdoor / Backdoor Server.

Due to the status of some of the files you have on your computer, I strongly recommend that you do the following immediately:

1. Disconnect the infected computer from the internet until the computer can be cleaned.
2. From a clean computer, change your online passwords-- for email, for banks, eBay, forums etc.... (Do not change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information).

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall?

However, since the infection looks relatively small from first sight, I am happy to try and clean your PC (I am just providing you with the above information to underline the impact that can occur with files like these on your pc).

Should you have any questions, please feel free to ask.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Step #1

1. Open notepad and copy/paste the text in the codebox below into it:
   
   
   CODE
   http://www.bleepingcomputer.com/forums/index.php?showtopic=116688&st=0&p=662850&#entry662850
   
   File::
   C:\WINDOWS\system32\pzvyotou.dllbox
   C:\WINDOWS\system32\kysndupv.ini
   C:\WINDOWS\system32\pzvyotou.dll
   C:\WINDOWS\system32\xkiuhcwh.dll
   C:\WINDOWS\system32\haecltty.dll
   C:\WINDOWS\system32\ndkttktx.exe
   C:\WINDOWS\system32\gebxutu.dll
   C:\WINDOWS\system32\rpddfylh.ini
   C:\WINDOWS\system32\astbfaoq.exe
   C:\WINDOWS\system32\lekemoub.ini
   C:\WINDOWS\system32\hggwfuxq.dll
   C:\WINDOWS\system32\lqhqyjwt.dll
   C:\WINDOWS\system32\twjyqhql.ini
   C:\WINDOWS\system32\hoebwqke.exe
   C:\WINDOWS\system32\ucvacjes.dll
   C:\WINDOWS\system32\raopqtos.ini
   C:\WINDOWS\system32\nnnkkjh.dll
   C:\WINDOWS\system32\amlmghtc.exe
   C:\WINDOWS\system32\lyrgompo.dll
   C:\WINDOWS\system32\gocqxgou.dll
   C:\WINDOWS\system32\uogxqcog.ini
   C:\WINDOWS\system32\ahjllxju.exe
   C:\WINDOWS\system32\tktcfhak.dll
   C:\WINDOWS\system32\lqhtxddv.ini
   C:\WINDOWS\system32\gnbomdsc.exe
   C:\WINDOWS\system32\pnevawfw.ini
   C:\WINDOWS\system32\qmckutyp.dll
   C:\WINDOWS\system32\qccvxgpq.exe
   C:\WINDOWS\system32\rnghanvc.dll
   C:\WINDOWS\system32\mgigrpgh.dll
   C:\WINDOWS\system32\hgprgigm.ini
   C:\WINDOWS\system32\pkjrdxeq.exe
   C:\WINDOWS\system32\ynsnofiw.dll
   C:\WINDOWS\system32\hdisunts.dll
   C:\WINDOWS\system32\stnusidh.ini
   C:\WINDOWS\system32\gjkqifcb.exe
   C:\WINDOWS\system32\okgnmwqk.dll
   C:\WINDOWS\system32\dcmwijdi.ini
   C:\WINDOWS\system32\jusuqald.exe
   C:\WINDOWS\system32\txhsordg.dll
   C:\WINDOWS\system32\gdroshxt.ini
   C:\WINDOWS\system32\ddxfxlrq.dll
   C:\WINDOWS\system32\hgnccvss.exe
   C:\WINDOWS\system32\squneltu.dll
   C:\WINDOWS\system32\myvborev.dll
   C:\WINDOWS\system32\datqxpxm.exe
   C:\WINDOWS\system32\pesuexct.dll
   C:\WINDOWS\system32\ennqbiwg.exe
   C:\WINDOWS\system32\lofpawas.dll
   C:\WINDOWS\system32\gawvyhes.dll
   C:\WINDOWS\system32\sehyvwag.ini
   C:\WINDOWS\system32\ikersexg.exe
   C:\WINDOWS\system32\jwycvwpy.dll
   C:\WINDOWS\system32\xlhqqrlv.dll
   C:\WINDOWS\system32\iipiulaw.exe
   C:\WINDOWS\system32\rppbtokh.dll
   C:\WINDOWS\system32\ofspjqii.ini
   C:\WINDOWS\system32\iiqjpsfo.dll
   C:\WINDOWS\system32\yskbmyoy.exe
   C:\WINDOWS\system32\bivsylaf.dll
   C:\WINDOWS\system32\ytxcdfwy.ini
   C:\WINDOWS\system32\mcxotbcu.exe
   C:\WINDOWS\system32\rssruhne.dll
   C:\WINDOWS\system32\jqgrnofu.ini
   C:\WINDOWS\system32\niyldnmh.exe
   C:\WINDOWS\system32\jyahqbll.ini
   C:\WINDOWS\system32\fhuuiwdv.dll
   C:\WINDOWS\system32\ytwrvmwl.exe
   C:\WINDOWS\system32\xjbmwhgg.ini
   C:\WINDOWS\system32\gghwmbjx.dll
   C:\WINDOWS\system32\redpfdtq.dll
   C:\WINDOWS\system32\dvodghbp.dll
   C:\WINDOWS\system32\nihodhut.ini
   C:\WINDOWS\system32\tuhdohin.dll
   C:\WINDOWS\system32\fvlxugyf.exe
   C:\WINDOWS\system32\xodqlyvu.dll
   C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
   C:\WINDOWS\system32\prowfvt.dll
   C:\WINDOWS\system32\haecltty.dll
   C:\WINDOWS\system32\pzvyotou.dll
   C:\WINDOWS\system32\nnnnkkk.dll
   C:\WINDOWS\system32\mljjh.dll
   C:\WINDOWS\system32\pzvyotou.dll
   C:\WINDOWS\system32\pzvyotou.dll
   C:\WINDOWS\system32\vpudnsyk.dll
   
   Folder::
   C:\WINDOWS\system32\rMa05yy
   
   Collect::[1]
   C:\svchost.exe
   C:\WINDOWS\Fonts\svchost.exe
   C:\Program Files\MSN Gaming Zone\niqy83122.dll
   C:\Program Files\MSN Gaming Zone\niqy4444.dll
   C:\Program Files\MSN Gaming Zone\niqy83122.dll
   C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Windows\rayiou.exe
   C:\WINDOWS\mrofinu1188.exe
   C:\WINDOWS\system32\gocqxgou.dll
   C:\WINDOWS\system32\pac.txt
   C:\WINDOWS\system32\prowfvt.dll
   C:\WINDOWS\system32\hjjlm.ini
   C:\WINDOWS\system32\daSgo18
   C:\WINDOWS\system32\mm6
   C:\WINDOWS\system32\hv2
   C:\WINDOWS\system32\ft21
   C:\WINDOWS\system32\dr1
   C:\WINDOWS\system32\byxwwts.dll
   C:\WINDOWS\system32\pzvyotou.dll_old
   C:\WINDOWS\system32\f9t.dat
   C:\WINDOWS\system32\verobvym.ini
   C:\WINDOWS\system32\wbgpqwru.dll
   C:\WINDOWS\system32\urwqpgbw.ini
   C:\WINDOWS\system32\vlrqqhlx.ini
   C:\WINDOWS\system32\uvylqdox.ini
   C:\WINDOWS\system32\xtjgbnjy.dll
   C:\Documents and Settings\HP_Owner\f.exe
   C:\WINDOWS\system32\rqrrspq.dll
   C:\Documents and Settings\HP_Owner\z.dat
   C:\Documents and Settings\HP_Owner\x.dat
   C:\6463.bat
   C:\WINDOWS\system32\pfuofenr.dll
   
   Registry::
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02914A9D-75B0-48FA-9FF4-6593633F86B9}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14EF0ED5-350D-4D1E-BD83-912E8890233C}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17ADD453-B11F-48B9-9A91-FF61E0443962}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1DF88ED8-3757-4741-BD74-5380C9618EA9}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{554AE99C-B34F-4708-8B30-09FFEDBBFFC4}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68B23624-4DAA-4A6E-808A-AA0A766014FC}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7398f3b7-2336-4a93-8f05-f9e77ef24dbc}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7527f8af-4e27-40f5-a273-903aebd7ba40}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C6D3701-B4E2-4222-BA7B-A1148A7D043D}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E08ACE5-DA89-48D4-B3EE-F0D4F9564C5A}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984CC232-B0BD-427B-99B6-A68494725B53}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC4E019E-26B4-45C5-ADEE-C26BD9BB2701}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E29E966E-BA13-4EB5-B7E4-9045E6799DF2}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6763192-2D5B-4DAF-A49F-0592182BD33E}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E72C75C6-DD4F-47CA-9BED-E5265D6BB412}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6711FDD-6B25-4A67-B8C3-9B1BE96BC87A}]
   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
   "{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
   [-HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]
   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
   "{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
   [-HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]
   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "SfKg6w"=-
   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "Host Process"=-
   "0c9120a5"=-
   "runner1"=-
   [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
   "{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}"=-
   [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnkkk]
   [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pzvyotou]
   [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\usysykju]
   [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
   "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
   [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0c9120a5]
   [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBInstall]
   [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
   [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e29e2fbc-b976-11d9-bac2-806d6172696f}]
   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
   "{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
   [-HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]
   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
   "{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
   [-HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]
   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "Srro"=-
   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "combofix"=-
   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
   "combofix"=
   
   
2. Save this as CFScript.txt
   
   
   
3. Refering to the picture above, drag CFScript.txt into ComboFix.exe
4. When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall
5. Additonally, ComboFix will generate a zipped file on your desktop called Submit [Date Time].zip
   Please submit this file via the html page that should popup after running ComboFix.
   
   Please include a link to this topic in the message.

Step #2

It is vital that you uninstall ComboFix as described below and download a fresh copy, as there have been some updates to the tool!

• Now please navigate to: Start >> Run...
• Type: Combofix /u and hit Enter
• This will delete ComboFix

Step #3

Please download ComboFix from here. Do not run it yet!

Step #4

Download SDFix and save it to your Desktop.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Open the extracted SDFix folder and double click RunThis.bat to start the script.

Step #5

Please follow step 9 from this guide: "Preparation Guide For Use Before Posting A Hijackthis Log."

Step #6

Please post back with the log from ComboFix, the SDFix log, and a fresh HijackThis log.

sent now on stage 2
ComboFix 07-11-19.4 - HP_Owner 2007-11-30 17:38:29.17 - NTFSx86
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
C:\WINDOWS\system32\ahjllxju.exe
C:\WINDOWS\system32\amlmghtc.exe
C:\WINDOWS\system32\astbfaoq.exe
C:\WINDOWS\system32\bivsylaf.dll
C:\WINDOWS\system32\datqxpxm.exe
C:\WINDOWS\system32\dcmwijdi.ini
C:\WINDOWS\system32\ddxfxlrq.dll
C:\WINDOWS\system32\dvodghbp.dll
C:\WINDOWS\system32\ennqbiwg.exe
C:\WINDOWS\system32\fhuuiwdv.dll
C:\WINDOWS\system32\fvlxugyf.exe
C:\WINDOWS\system32\gawvyhes.dll
C:\WINDOWS\system32\gdroshxt.ini
C:\WINDOWS\system32\gebxutu.dll
C:\WINDOWS\system32\gghwmbjx.dll
C:\WINDOWS\system32\gjkqifcb.exe
C:\WINDOWS\system32\gnbomdsc.exe
C:\WINDOWS\system32\gocqxgou.dll
C:\WINDOWS\system32\haecltty.dll
C:\WINDOWS\system32\hdisunts.dll
C:\WINDOWS\system32\hggwfuxq.dll
C:\WINDOWS\system32\hgnccvss.exe
C:\WINDOWS\system32\hgprgigm.ini
C:\WINDOWS\system32\hoebwqke.exe
C:\WINDOWS\system32\iipiulaw.exe
C:\WINDOWS\system32\iiqjpsfo.dll
C:\WINDOWS\system32\ikersexg.exe
C:\WINDOWS\system32\jqgrnofu.ini
C:\WINDOWS\system32\jusuqald.exe
C:\WINDOWS\system32\jwycvwpy.dll
C:\WINDOWS\system32\jyahqbll.ini
C:\WINDOWS\system32\kysndupv.ini
C:\WINDOWS\system32\lekemoub.ini
C:\WINDOWS\system32\lofpawas.dll
C:\WINDOWS\system32\lqhqyjwt.dll
C:\WINDOWS\system32\lqhtxddv.ini
C:\WINDOWS\system32\lyrgompo.dll
C:\WINDOWS\system32\mcxotbcu.exe
C:\WINDOWS\system32\mgigrpgh.dll
C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\myvborev.dll
C:\WINDOWS\system32\ndkttktx.exe
C:\WINDOWS\system32\nihodhut.ini
C:\WINDOWS\system32\niyldnmh.exe
C:\WINDOWS\system32\nnnkkjh.dll
C:\WINDOWS\system32\nnnnkkk.dll
C:\WINDOWS\system32\ofspjqii.ini
C:\WINDOWS\system32\okgnmwqk.dll
C:\WINDOWS\system32\pesuexct.dll
C:\WINDOWS\system32\pkjrdxeq.exe
C:\WINDOWS\system32\pnevawfw.ini
C:\WINDOWS\system32\prowfvt.dll
C:\WINDOWS\system32\pzvyotou.dll
C:\WINDOWS\system32\pzvyotou.dllbox
C:\WINDOWS\system32\qccvxgpq.exe
C:\WINDOWS\system32\qmckutyp.dll
C:\WINDOWS\system32\raopqtos.ini
C:\WINDOWS\system32\redpfdtq.dll
C:\WINDOWS\system32\rnghanvc.dll
C:\WINDOWS\system32\rpddfylh.ini
C:\WINDOWS\system32\rppbtokh.dll
C:\WINDOWS\system32\rssruhne.dll
C:\WINDOWS\system32\sehyvwag.ini
C:\WINDOWS\system32\squneltu.dll
C:\WINDOWS\system32\stnusidh.ini
C:\WINDOWS\system32\tktcfhak.dll
C:\WINDOWS\system32\tuhdohin.dll
C:\WINDOWS\system32\twjyqhql.ini
C:\WINDOWS\system32\txhsordg.dll
C:\WINDOWS\system32\ucvacjes.dll
C:\WINDOWS\system32\uogxqcog.ini
C:\WINDOWS\system32\vpudnsyk.dll
C:\WINDOWS\system32\xjbmwhgg.ini
C:\WINDOWS\system32\xkiuhcwh.dll
C:\WINDOWS\system32\xlhqqrlv.dll
C:\WINDOWS\system32\xodqlyvu.dll
C:\WINDOWS\system32\ynsnofiw.dll
C:\WINDOWS\system32\yskbmyoy.exe
C:\WINDOWS\system32\ytwrvmwl.exe
C:\WINDOWS\system32\ytxcdfwy.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\6463.bat
C:\check_LSA7.txt
C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Windows\rayiou.exe
C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
C:\Documents and Settings\HP_Owner\f.exe
C:\Documents and Settings\HP_Owner\x.dat
C:\Documents and Settings\HP_Owner\z.dat
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\bivsylaf.dll
C:\WINDOWS\system32\byxwwts.dll
C:\WINDOWS\system32\dcmwijdi.ini
C:\WINDOWS\system32\ddxfxlrq.dll
C:\WINDOWS\system32\dvodghbp.dll
C:\WINDOWS\system32\f9t.dat
C:\WINDOWS\system32\fhuuiwdv.dll
C:\WINDOWS\system32\gawvyhes.dll
C:\WINDOWS\system32\gdroshxt.ini
C:\WINDOWS\system32\gebxutu.dll
C:\WINDOWS\system32\gghwmbjx.dll
C:\WINDOWS\system32\gocqxgou.dll
C:\WINDOWS\system32\haecltty.dll
C:\WINDOWS\system32\hdisunts.dll
C:\WINDOWS\system32\hggwfuxq.dll
C:\WINDOWS\system32\hgprgigm.ini
C:\WINDOWS\system32\iiqjpsfo.dll
C:\WINDOWS\system32\jqgrnofu.ini
C:\WINDOWS\system32\jwycvwpy.dll
C:\WINDOWS\system32\jyahqbll.ini
C:\WINDOWS\system32\kysndupv.ini
C:\WINDOWS\system32\lekemoub.ini
C:\WINDOWS\system32\lofpawas.dll
C:\WINDOWS\system32\lqhqyjwt.dll
C:\WINDOWS\system32\lqhtxddv.ini
C:\WINDOWS\system32\lyrgompo.dll
C:\WINDOWS\system32\mgigrpgh.dll
C:\WINDOWS\system32\myvborev.dll
C:\WINDOWS\system32\nihodhut.ini
C:\WINDOWS\system32\nnnkkjh.dll
C:\WINDOWS\system32\nnnnkkk.dll
C:\WINDOWS\system32\ofspjqii.ini
C:\WINDOWS\system32\okgnmwqk.dll
C:\WINDOWS\system32\pesuexct.dll
C:\WINDOWS\system32\pfuofenr.dll
C:\WINDOWS\system32\pnevawfw.ini
C:\WINDOWS\system32\pqstv.bak2
C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\qmckutyp.dll
C:\WINDOWS\system32\raopqtos.ini
C:\WINDOWS\system32\redpfdtq.dll
C:\WINDOWS\system32\rMa05yy
C:\WINDOWS\system32\rMa05yy\rMa05yy1080.exe
C:\WINDOWS\system32\rnghanvc.dll
C:\WINDOWS\system32\rpddfylh.ini
C:\WINDOWS\system32\rppbtokh.dll
C:\WINDOWS\system32\rqrrspq.dll
C:\WINDOWS\system32\rssruhne.dll
C:\WINDOWS\system32\sehyvwag.ini
C:\WINDOWS\system32\squneltu.dll
C:\WINDOWS\system32\stnusidh.ini
C:\WINDOWS\system32\tktcfhak.dll
C:\WINDOWS\system32\tuhdohin.dll
C:\WINDOWS\system32\twjyqhql.ini
C:\WINDOWS\system32\txhsordg.dll
C:\WINDOWS\system32\ucvacjes.dll
C:\WINDOWS\system32\uogxqcog.ini
C:\WINDOWS\system32\urwqpgbw.ini
C:\WINDOWS\system32\uvylqdox.ini
C:\WINDOWS\system32\verobvym.ini
C:\WINDOWS\system32\vlrqqhlx.ini
C:\WINDOWS\system32\vpudnsyk.dll
C:\WINDOWS\system32\vtsqp.dll
C:\WINDOWS\system32\wbgpqwru.dll
C:\WINDOWS\system32\xjbmwhgg.ini
C:\WINDOWS\system32\xkiuhcwh.dll
C:\WINDOWS\system32\xlhqqrlv.dll
C:\WINDOWS\system32\xodqlyvu.dll
C:\WINDOWS\system32\xtjgbnjy.dll
C:\WINDOWS\system32\ynsnofiw.dll
C:\WINDOWS\system32\ytxcdfwy.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 )))))))))))))))))))))))))))))))
.

2007-11-30 13:06 2,557,396 --ahs---- C:\WINDOWS\system32\bjqxhqrp.ini
2007-11-30 13:06 85,056 --a--c--- C:\WINDOWS\system32\prqhxqjb.dll
2007-11-30 13:03 78,912 --a--c--- C:\WINDOWS\system32\alwqoyxj.dll
2007-11-29 13:05 77,888 --a--c--- C:\WINDOWS\system32\wroeviwd.dll
2007-11-29 13:01 789,719 --ahs---- C:\WINDOWS\system32\lcaiwpby.ini
2007-11-29 13:01 85,056 --a--c--- C:\WINDOWS\system32\ybpwiacl.dll
2007-11-29 01:51 <DIR> d-------- C:\WINDOWS\system32\mm6
2007-11-29 01:51 <DIR> d-------- C:\WINDOWS\system32\hv2
2007-11-29 01:51 <DIR> d-------- C:\WINDOWS\system32\ft21
2007-11-29 01:51 <DIR> d-------- C:\WINDOWS\system32\dr1
2007-11-29 01:51 <DIR> d-------- C:\WINDOWS\system32\daSgo18
2007-11-29 01:51 <DIR> d-------- C:\temp\bkR11
2007-11-27 03:57 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-11-27 03:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{FAE72283-E912-4CA0-A263-E07183A4AF20}
2007-11-27 03:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{EF257B1A-26EA-4A90-9BCC-54CA818488E8}
2007-11-27 01:51 <DIR> d-------- C:\Program Files\iTunes
2007-11-23 02:50 <DIR> d-------- C:\Program Files\Microsoft Games
2007-11-21 19:41 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\iWin
2007-11-21 16:42 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2007-11-21 16:30 <DIR> d-------- C:\Program Files\LimeWire
2007-11-21 15:20 917,504 --a------ C:\WINDOWS\system32\FLASH.OCX
2007-11-21 12:51 <DIR> d-------- C:\temp\abW9
2007-11-19 16:44 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\ArcSoft
2007-11-19 16:42 230,432 --a--c--- C:\PA7311.DAT
2007-11-19 16:39 <DIR> d-------- C:\Program Files\VGA USB Camera
2007-11-19 16:39 6,656 --a------ C:\WINDOWS\system32\CoInst.dll
2007-11-19 16:39 518 --a------ C:\WINDOWS\system32\SP7311.INI
2007-11-19 15:40 53,248 --a------ C:\WINDOWS\system32\PAStiSvc.exe
2007-11-19 15:39 <DIR> d-------- C:\WINDOWS\PixArt
2007-11-19 15:11 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2007-11-19 15:11 <DIR> d-------- C:\Program Files\ArcSoft
2007-11-19 15:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2007-11-19 15:11 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-11-19 15:11 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2007-11-16 12:09 675,970 --ahs---- C:\WINDOWS\system32\utupynxr.ini
2007-11-16 12:09 85,056 --a--c--- C:\WINDOWS\system32\rxnyputu.dll
2007-11-15 22:35 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-15 15:32 <DIR> d-------- C:\Program Files\RegCure
2007-11-15 14:06 <DIR> d-------- C:\Program Files\XoftSpySE
2007-11-15 01:32 144,480 --a--c--- C:\WINDOWS\system32\criktbeb.dll
2007-11-14 02:37 6,058,496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-14 02:37 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-14 02:37 991,232 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-14 02:37 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-14 02:37 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-14 02:13 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-11-13 22:43 37,376 --a------ C:\WINDOWS\system32\khfcdba.dll
2007-11-13 22:07 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-13 20:24 144,480 --a--c--- C:\WINDOWS\system32\aipbnwrm.dll
2007-11-13 20:21 674,420 --ahs---- C:\WINDOWS\system32\hrnnknwb.ini
2007-11-13 20:21 85,056 --a--c--- C:\WINDOWS\system32\bwnknnrh.dll
2007-11-13 20:18 80,448 --a--c--- C:\WINDOWS\system32\jwwspdfs.dll
2007-11-13 05:01 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Roxio
2007-11-13 02:24 <DIR> d-------- C:\Program Files\WinMX Fix v.3.0
2007-11-13 02:24 <DIR> d-------- C:\Program Files\iPod
2007-11-13 02:23 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-11-13 02:23 <DIR> d-------- C:\Program Files\InterVideo
2007-11-13 02:23 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Roxio
2007-11-13 02:22 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-13 02:22 <DIR> d-------- C:\audio
2007-11-13 02:05 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion(2)
2007-11-08 23:11 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-08 23:09 134 --a--c--- C:\n.bat
2007-11-08 23:08 35,328 --a------ C:\WINDOWS\system32\yayxutq.dll
2007-11-08 23:08 0 --a--c--- C:\z.dat
2007-11-08 23:08 0 --a--c--- C:\x.dat
2007-11-07 15:42 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-11-07 00:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-11-06 01:20 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-11-04 20:10 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2007-11-04 13:33 <DIR> d----c--- C:\c6616f9bfd906f1ad04bbed7e3dd4f
2007-11-04 13:30 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2007-11-04 13:30 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Sonic
2007-11-04 01:28 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Sierra Entertainment
2007-11-04 01:28 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-03 17:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-10-30 01:47 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Super-Cow
2007-10-29 01:58 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2007-10-29 01:58 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-29 01:57 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-10-29 01:57 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-10-29 01:57 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-10-29 01:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-10-29 01:57 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-10-29 01:56 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-10-25 02:25 <DIR> d-------- C:\Program Files\MSECache
2007-10-25 02:05 <DIR> d-------- C:\Program Files\Download Manager
2007-10-24 01:44 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\QQ Games Plugin
2007-10-23 18:22 86,082 --a------ C:\WINDOWS\system32\ftdiunin.exe
2007-10-23 18:22 77,890 --a------ C:\WINDOWS\system32\FTLang.dll
2007-10-23 18:22 60,572 --a------ C:\WINDOWS\system32\drivers\ftser2k.sys
2007-10-23 18:22 48,625 --a------ C:\WINDOWS\system32\ftserui2.dll
2007-10-23 18:22 28,449 --a------ C:\WINDOWS\system32\drivers\ftdibus.sys
2007-10-23 18:22 110 --a------ C:\WINDOWS\system32\ftdiun2k.ini
2007-10-20 12:33 85,376 --a------ C:\WINDOWS\system32\dllcache\nabtsfec.sys
2007-10-20 12:33 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-10-20 12:33 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-10-20 12:33 17,024 --a------ C:\WINDOWS\system32\dllcache\ccdecode.sys
2007-10-20 12:33 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2007-10-20 12:33 5,504 --a------ C:\WINDOWS\system32\dllcache\mstee.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-11-15 21:39 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8cefb8af-1687-4267-9e47-e5174d07b29d}]
2007-11-30 13:03 78912 --a--c--- C:\WINDOWS\system32\alwqoyxj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E08ACE5-DA89-48D4-B3EE-F0D4F9564C5A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984CC232-B0BD-427B-99B6-A68494725B53}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC4E019E-26B4-45C5-ADEE-C26BD9BB2701}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E29E966E-BA13-4EB5-B7E4-9045E6799DF2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6763192-2D5B-4DAF-A49F-0592182BD33E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E72C75C6-DD4F-47CA-9BED-E5265D6BB412}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBDE85A0-FF65-4ECB-93AB-5AB026BEBB5B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6711FDD-6B25-4A67-B8C3-9B1BE96BC87A}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-10-09 11:02]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:00]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 17:11]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-10-18 22:05]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2003-10-02 23:06]
"MtdAcq"="C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe" [2002-10-17 03:13]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="Rundll32.exe" [2004-08-03 23:00 C:\WINDOWS\system32\rundll32.exe]
"CTHelper"="CTHELPER.EXE" [2003-11-14 03:18 C:\WINDOWS\system32\CTHELPER.EXE]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 10:00]
"ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 12:12]
"AT&T Internet Security Suite"="C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe" [2007-06-28 15:09]
"HostManager"="C:\Program Files\Common Files\AOL\1192809728\ee\AOLSoftware.exe" [2007-04-12 16:23]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-08-30 13:04]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 18:14]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 00:34]
"HelpCenter4.1"="C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-10-22 10:27]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-27 03:53]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-11-16 13:55]
"0c9120a5"="C:\WINDOWS\system32\vpudnsyk.dll" []
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-03 23:00]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 04:13 C:\WINDOWS\MIDIDEF.EXE]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2005-09-15 22:44:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnkkk]
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2004-04-07 11:07 496752 --a------ C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
c:\progra~1\common~1\instal~1\update~1\issch.exe -start

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
R3 PAC7311;VGA USB Camera;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS
S3 Radialpoint Security Services;AT&T Internet Security Suite;C:\WINDOWS\system32\dllhost.exe /Processid:{80098F68-1220-4F43-80A8-15C7395B8874}

.
Contents of the 'Scheduled Tasks' folder
"2007-11-24 04:55:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2007-11-29 13:57:00 C:\WINDOWS\Tasks\Find Duplicate Files.job"
- C:\PROGRA~1\ADVANC~1\finddupe.exe
"2007-11-28 22:15:06 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
"2007-05-23 02:40:25 C:\WINDOWS\Tasks\HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
"2007-05-28 00:35:29 C:\WINDOWS\Tasks\HubTask 2 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 2 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
"2007-11-30 22:55:31 C:\WINDOWS\Tasks\RegCure Program Check.job"
"2007-11-29 08:00:44 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-30 23:02:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
"2007-11-30 22:55:28 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-11-27 08:01:31 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-30 17:55:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R??o?u?r?c?e?\?D?e?t?e?c?t?o?r?\?C?T?D?e?t?e?c?t?.?e?x?e??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-30 18:02:29 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-29 09:42
C:\ComboFix3.txt ... 2007-11-29 03:22
.
--- E O F ---

Hey rvbeaumont,

if you want me to assist you in cleaning this badly infected machine, you have to do what I asked you to do. I am now asking you for the third time to please read the "Preparation Guide for Use before posting a HijackThis log", underlining once again the "HijackThis" part with reference to point 9 in this guide.

We can only continue the cleaning process when all steps have been carried out as mentioned in my last post. Otherwise we might miss vital information / issues on your pc...

Please read that guide and post the missing information. Thanks.

SDFix: Version 1.116

Run by HP_Owner on Fri 11/30/2007 at 06:24 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\HP_Owner\Desktop\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\X.DAT - Deleted
C:\Z.DAT - Deleted
C:\Temp\abW9\tPho.log - Deleted
C:\n.bat - Deleted
C:\WINDOWS\Fonts\Crack.exe - Deleted
C:\WINDOWS\Fonts\Setup.exe - Deleted
C:\WINDOWS\Fonts\*.zip - 1 File(s) 118,336 bytes - Deleted
C:\WINDOWS\Fonts\'\*.zip - 20222 File(s) 12,900,321,570 bytes - Deleted



Folder C:\Temp\abW9 - Removed
Folder C:\WINDOWS\Fonts\' - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 01:48:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000023
"TracesSuccessful"=dword:00000001

scanning hidden files ...

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\rvbeaumont@msn.com\SharingMetadata\nyschwartz@msn.com\DFSR\Staging\CS{1DD43710-461C-5930-D7BC-29ACF9725A72}\01\10-{1DD43710-461C-5930-D7BC-29ACF9725A72}-v1-{CB658601-5174-45DF-81E8-54554094D33D}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\rvbeaumont@msn.com\SharingMetadata\nyschwartz@msn.com\DFSR\Staging\CS{1DD43710-461C-5930-D7BC-29ACF9725A72}\11\11-{CB658601-5174-45DF-81E8-54554094D33D}-v11-{CB658601-5174-45DF-81E8-54554094D33D}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 822 bytes hidden from API
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\rvbeaumont@msn.com\SharingMetadata\nyschwartz@msn.com\DFSR\Staging\CS{1DD43710-461C-5930-D7BC-29ACF9725A72}\11\11-{CB658601-5174-45DF-81E8-54554094D33D}-v11-{CB658601-5174-45DF-81E8-54554094D33D}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 88 bytes hidden from API
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\rvbeaumont@msn.com\SharingMetadata\nyschwartz@msn.com\DFSR\Staging\CS{1DD43710-461C-5930-D7BC-29ACF9725A72}\12\12-{CB658601-5174-45DF-81E8-54554094D33D}-v12-{CB658601-5174-45DF-81E8-54554094D33D}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 786 bytes hidden from API
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\rvbeaumont@msn.com\SharingMetadata\nyschwartz@msn.com\DFSR\Staging\CS{1DD43710-461C-5930-D7BC-29ACF9725A72}\12\12-{CB658601-5174-45DF-81E8-54554094D33D}-v12-{CB658601-5174-45DF-81E8-54554094D33D}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 88 bytes hidden from API
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\rvbeaumont@msn.com\SharingMetadata\nyschwartz@msn.com\DFSR\Staging\CS{1DD43710-461C-5930-D7BC-29ACF9725A72}\13\13-{CB658601-5174-45DF-81E8-54554094D33D}-v13-{CB658601-5174-45DF-81E8-54554094D33D}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2622 bytes hidden from API
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\rvbeaumont@msn.com\SharingMetadata\nyschwartz@msn.com\DFSR\Staging\CS{1DD43710-461C-5930-D7BC-29ACF9725A72}\13\13-{CB658601-5174-45DF-81E8-54554094D33D}-v13-{CB658601-5174-45DF-81E8-54554094D33D}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 304 bytes hidden from API
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\rvbeaumont@msn.com\SharingMetadata\nyschwartz@msn.com\DFSR\Staging\CS{1DD43710-461C-5930-D7BC-29ACF9725A72}\17\17-{CB658601-5174-45DF-81E8-54554094D33D}-v17-{CB658601-5174-45DF-81E8-54554094D33D}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 22116 bytes hidden from API
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\rvbeaumont@msn.com\SharingMetadata\nyschwartz@msn.com\DFSR\Staging\CS{1DD43710-461C-5930-D7BC-29ACF9725A72}\17\17-{CB658601-5174-45DF-81E8-54554094D33D}-v17-{CB658601-5174-45DF-81E8-54554094D33D}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1632 bytes hidden from API
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\rvbeaumont@msn.com\SharingMetadata\nyschwartz@msn.com\DFSR\Staging\CS{1DD43710-461C-5930-D7BC-29ACF9725A72}\17\17-{CB658601-5174-45DF-81E8-54554094D33D}-v17-{CB658601-5174-45DF-81E8-54554094D33D}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2456 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 10


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\HP_Owner\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes:

Thu 18 Oct 2007 213 A.SHR --- "C:\BOOT.BAK"
Fri 19 Nov 2004 54,872 A..H. --- "C:\Program Files\America Online 9.0b\AOLphx.exe"
Fri 19 Nov 2004 31,832 A..H. --- "C:\Program Files\America Online 9.0b\rbm.exe"
Tue 24 Aug 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0c\aoltray.exe"
Mon 30 Aug 2004 54,384 A..H. --- "C:\Program Files\America Online 9.0i\aolphx.exe"
Mon 30 Aug 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0i\aoltray.exe"
Mon 30 Aug 2004 31,344 A..H. --- "C:\Program Files\America Online 9.0i\RBM.exe"
Tue 24 Aug 2004 54,384 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe"
Tue 24 Aug 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
Tue 24 Aug 2004 31,344 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe"
Tue 3 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Tue 15 Nov 2005 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Sun 21 Oct 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 26 May 2007 170,299 A.SH. --- "C:\Program Files\Common Files\Motive\MCCDNSHLP_1-0-0_DSR.dll"
Fri 19 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 18 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4f686eb18ed8be61735e890e67439840\BIT3F.tmp"
Fri 19 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fe95c915e785c18bf9cc0792fb5a73df\BIT45.tmp"
Wed 21 Nov 2007 8,332 ...HR --- "C:\Documents and Settings\HP_Owner\Application Data\SecuROM\UserData\securom_v7_01.bak"
Fri 28 Sep 2007 85,309 A..H. --- "C:\Program Files\Common Files\AOL\TopSpeed\3.0\WBUnins.exe"

Finished!

Hijack is coming next

doing cleaning now, and will send hijack

Hi rvbeaumont,

how is the HijackThis log looking? Its been 10 hours and I am still waiting for it . Report back with that log and we shall go from there then.

sorry thought it sent it

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:25 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe
C:\Program Files\Common Files\AOL\1192809728\ee\AOLSoftware.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\AT&T\Internet Security Wizard\ISWComHandler.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\America Online 9.0i\waol.exe
C:\Program Files\America Online 9.0i\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.manhunt.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.manhunt.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\AT&T\AT&T Internet Security Suite\pkR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {d92b70d4-715e-74e9-7624-7861fa8bfec8} - {8cefb8af-1687-4267-9e47-e5174d07b29d} - C:\WINDOWS\system32\alwqoyxj.dll
O2 - BHO: (no name) - {8E08ACE5-DA89-48D4-B3EE-F0D4F9564C5A} - (no file)
O2 - BHO: (no name) - {984CC232-B0BD-427B-99B6-A68494725B53} - (no file)
O2 - BHO: (no name) - {BC4E019E-26B4-45C5-ADEE-C26BD9BB2701} - (no file)
O2 - BHO: (no name) - {E0B54BEC-9209-4B5D-94E5-A8906DE18FFB} - (no file)
O2 - BHO: (no name) - {E29E966E-BA13-4EB5-B7E4-9045E6799DF2} - (no file)
O2 - BHO: (no name) - {E6763192-2D5B-4DAF-A49F-0592182BD33E} - (no file)
O2 - BHO: (no name) - {E72C75C6-DD4F-47CA-9BED-E5265D6BB412} - (no file)
O2 - BHO: (no name) - {EBDE85A0-FF65-4ECB-93AB-5AB026BEBB5B} - (no file)
O2 - BHO: (no name) - {F6711FDD-6B25-4A67-B8C3-9B1BE96BC87A} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [AT&T Internet Security Suite] "C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1192809728\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [0c9120a5] rundll32.exe "C:\WINDOWS\system32\vpudnsyk.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.dotphoto.com/ImageUploader4.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - http://pbells.broadjump.com/wizlet/Standar...aller_4-2-0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC0EBA04-3B3A-48DD-B382-C96E75AB5632}: NameServer = 205.188.146.145
O20 - Winlogon Notify: nnnnkkk - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 13483 bytes

Hey Rvbeaumont,

thanks for posting back with the results. We really do need a HijackThis log to work with, but since you are severly infected we will do some further cleaning until you finally post that HijackThis log asap.

Step #1

The most current version of Limewire is reported to include spyware. LimeWire 4.9.28 is clean (Older and newer version may not be). Chances are junk was bundled with this product even if you paid for it. If you are going to use p2p file sharing, I suggest you choose a safe program from here: http://p2p.malwareremoval.com/.

If you use P2P software, make sure you are careful about what you open and what P2P program you install. Malware is all over the P2P networks and the programs often come bundled with Adware and Spyware.

Further readings of interest in regards to the p2p "issue" are: http://pcpitstop.com/spycheck/p2p.asp and this: http://pcpitstop.com/spycheck/badtorrent.asp

Step #2

Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step #3

You have the program Spybot S&D (Teatimer option) running on your machine and that is good. But prior to doing the fix below with HiJackThis and/or other tools required it needs to be turned off. Please do the following:

• Right click the running icon of Spybot's Teatimer, and choose Exit.

Step #4

1. Open notepad and copy/paste the text in the codebox below into it:
   
   
   CODE
   http://www.bleepingcomputer.com/forums/index.php?showtopic=116688&view=findpost&p=674931
   
   File::
   C:\WINDOWS\system32\bjqxhqrp.ini
   C:\WINDOWS\system32\prqhxqjb.dll
   C:\WINDOWS\system32\alwqoyxj.dll
   C:\WINDOWS\system32\wroeviwd.dll
   C:\WINDOWS\system32\lcaiwpby.ini
   C:\WINDOWS\system32\ybpwiacl.dll
   C:\WINDOWS\system32\utupynxr.ini
   C:\WINDOWS\system32\rxnyputu.dll
   C:\WINDOWS\system32\mcrh.tmp
   C:\WINDOWS\system32\criktbeb.dll
   C:\WINDOWS\system32\khfcdba.dll
   C:\WINDOWS\system32\aipbnwrm.dll
   C:\WINDOWS\system32\hrnnknwb.ini
   C:\WINDOWS\system32\bwnknnrh.dll
   C:\WINDOWS\system32\jwwspdfs.dll
   C:\WINDOWS\system32\yayxutq.dll
   C:\WINDOWS\system32\vpudnsyk.dll
   
   Suspect::[1]
   C:\WINDOWS\system32\cmd.exe
   
   Folder::
   C:\WINDOWS\system32\mm6
   C:\WINDOWS\system32\hv2
   C:\WINDOWS\system32\ft21
   C:\WINDOWS\system32\dr1
   C:\WINDOWS\system32\daSgo18
   
   Registry::
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8cefb8af-1687-4267-9e47-e5174d07b29d}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E08ACE5-DA89-48D4-B3EE-F0D4F9564C5A}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984CC232-B0BD-427B-99B6-A68494725B53}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC4E019E-26B4-45C5-ADEE-C26BD9BB2701}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E29E966E-BA13-4EB5-B7E4-9045E6799DF2}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6763192-2D5B-4DAF-A49F-0592182BD33E}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E72C75C6-DD4F-47CA-9BED-E5265D6BB412}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBDE85A0-FF65-4ECB-93AB-5AB026BEBB5B}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6711FDD-6B25-4A67-B8C3-9B1BE96BC87A}]
   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "0c9120a5"=-
   "combofix"=-
   [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnkkk]
   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page" =-
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d92b70d4-715e-74e9-7624-7861fa8bfec8}]
   [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d92b70d4-715e-74e9-7624-7861fa8bfec8}]
   
   
2. Save this as CFScript.txt
   
   
   
3. Refering to the picture above, drag CFScript.txt into ComboFix.exe
4. When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall
5. Additonally, ComboFix will generate a zipped file on your desktop called Submit [Date Time].zip
   Please submit this file via the html page that should popup after running ComboFix.
   
   Please include a link to this topic in the message.

Step #5

Please download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

1. Close ALL applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post.

The logs can be quite lengthy..use two post if you need to get them all in.

Step #6

Please post back with a fresh ComboFix log and the main.txt and the extra.txt from the DSS log.

ignore this one and got to next




have submitted the combofix, and shall add it here too. going to work, will work on the rest around 1:30 easten time
ComboFix 07-11-19.4C - HP_Owner 2007-12-02 20:33:50.18 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.504 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\aipbnwrm.dll
C:\WINDOWS\system32\alwqoyxj.dll
C:\WINDOWS\system32\bjqxhqrp.ini
C:\WINDOWS\system32\bwnknnrh.dll
C:\WINDOWS\system32\criktbeb.dll
C:\WINDOWS\system32\hrnnknwb.ini
C:\WINDOWS\system32\jwwspdfs.dll
C:\WINDOWS\system32\khfcdba.dll
C:\WINDOWS\system32\lcaiwpby.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\prqhxqjb.dll
C:\WINDOWS\system32\rxnyputu.dll
C:\WINDOWS\system32\utupynxr.ini
C:\WINDOWS\system32\vpudnsyk.dll
C:\WINDOWS\system32\wroeviwd.dll
C:\WINDOWS\system32\yayxutq.dll
C:\WINDOWS\system32\ybpwiacl.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\aipbnwrm.dll
C:\WINDOWS\system32\alwqoyxj.dll
C:\WINDOWS\system32\bjqxhqrp.ini
C:\WINDOWS\system32\bwnknnrh.dll
C:\WINDOWS\system32\criktbeb.dll
C:\WINDOWS\system32\daSgo18
C:\WINDOWS\system32\daSgo18\daSgo182328.exe
C:\WINDOWS\system32\dr1
C:\WINDOWS\system32\ft21
C:\WINDOWS\system32\hrnnknwb.ini
C:\WINDOWS\system32\hv2
C:\WINDOWS\system32\jwwspdfs.dll
C:\WINDOWS\system32\lcaiwpby.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mm6
C:\WINDOWS\system32\mm6\ncstdb33.exe
C:\WINDOWS\system32\prqhxqjb.dll
C:\WINDOWS\system32\rxnyputu.dll
C:\WINDOWS\system32\utupynxr.ini
C:\WINDOWS\system32\wroeviwd.dll
C:\WINDOWS\system32\ybpwiacl.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))))
.

2007-12-01 16:44 468 --a--c--- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2007-12-01 02:12 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-01 02:12 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-30 18:19 <DIR> d-------- C:\WINDOWS\SDFIX
2007-11-29 01:51 <DIR> d-------- C:\temp\bkR11
2007-11-27 03:57 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-11-27 03:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{FAE72283-E912-4CA0-A263-E07183A4AF20}
2007-11-27 03:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{EF257B1A-26EA-4A90-9BCC-54CA818488E8}
2007-11-27 01:51 <DIR> d-------- C:\Program Files\iTunes
2007-11-23 02:50 <DIR> d-------- C:\Program Files\Microsoft Games
2007-11-21 19:41 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\iWin
2007-11-21 16:42 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2007-11-21 16:30 <DIR> d-------- C:\Program Files\LimeWire
2007-11-19 16:44 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\ArcSoft
2007-11-19 16:42 230,432 --a--c--- C:\PA7311.DAT
2007-11-19 16:39 <DIR> d-------- C:\Program Files\VGA USB Camera
2007-11-19 15:39 <DIR> d-------- C:\WINDOWS\PixArt
2007-11-19 15:11 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2007-11-19 15:11 <DIR> d-------- C:\Program Files\ArcSoft
2007-11-19 15:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2007-11-19 15:11 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-11-19 15:11 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2007-11-15 15:32 <DIR> d-------- C:\Program Files\RegCure
2007-11-15 14:06 <DIR> d-------- C:\Program Files\XoftSpySE
2007-11-14 02:37 6,058,496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-14 02:37 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-14 02:37 991,232 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-14 02:37 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-14 02:37 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-14 02:37 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-14 02:37 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-14 02:37 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-14 02:37 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-14 02:13 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-11-13 05:01 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Roxio
2007-11-13 02:24 <DIR> d-------- C:\Program Files\WinMX Fix v.3.0
2007-11-13 02:24 <DIR> d-------- C:\Program Files\iPod
2007-11-13 02:23 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-11-13 02:23 <DIR> d-------- C:\Program Files\InterVideo
2007-11-13 02:23 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Roxio
2007-11-13 02:22 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-13 02:22 <DIR> d-------- C:\audio
2007-11-13 02:05 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion(2)
2007-11-08 23:11 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-07 15:42 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-11-07 00:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-11-06 01:20 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-11-04 20:10 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2007-11-04 13:33 <DIR> d----c--- C:\c6616f9bfd906f1ad04bbed7e3dd4f
2007-11-04 13:30 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2007-11-04 13:30 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Sonic
2007-11-04 01:28 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Sierra Entertainment
2007-11-04 01:28 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-03 17:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-01 07:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-30 00:40 --------- d-----w C:\Program Files\Real
2007-11-29 07:11 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-27 08:56 --------- d-----w C:\Program Files\Common Files\Real
2007-11-27 08:03 --------- d-----w C:\Program Files\Stamps.com Internet Postage
2007-11-27 07:51 --------- dc----w C:\Documents and Settings\All Users\Application Data\{75EE35BC-E993-41FD-9DBA-9AD37F50E521}
2007-11-26 08:14 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\IGN_DLM
2007-11-23 05:51 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-21 17:49 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AT&T
2007-11-21 08:40 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\My Battle for Middle-earth Files
2007-11-21 08:40 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Move Networks
2007-11-21 08:40 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Audacity
2007-11-21 08:40 --------- d--h--r C:\Documents and Settings\HP_Owner\Application Data\yahoo!
2007-11-21 08:40 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Viewpoint
2007-11-21 06:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-20 07:21 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-20 07:20 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-19 22:23 --------- d-----w C:\Program Files\Common Files\Logitech
2007-11-19 18:44 --------- d-----w C:\Program Files\Google
2007-11-19 17:42 --------- d-----w C:\Program Files\Yahoo!
2007-11-19 17:42 --------- d-----w C:\Program Files\QuickTime
2007-11-19 17:42 --------- d-----w C:\Program Files\Online Backup
2007-11-19 17:42 --------- d-----w C:\Program Files\MSN Toolbar Suite
2007-11-19 17:42 --------- d-----w C:\Program Files\MSN Messenger
2007-11-19 17:41 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-11-19 17:41 --------- d-----w C:\Program Files\Java
2007-11-19 17:41 --------- d-----w C:\Program Files\ICOO Loader
2007-11-19 17:41 --------- d-----w C:\Program Files\HPQ
2007-11-19 17:41 --------- d-----w C:\Program Files\GameSpy Arcade
2007-11-19 17:40 --------- d-----w C:\Program Files\Common Files\aolshare
2007-11-19 17:40 --------- d-----w C:\Program Files\America Online 9.0i
2007-11-17 19:13 --------- d-----w C:\Program Files\Common Files\Motive
2007-11-15 22:05 --------- d-----w C:\Program Files\Advanced System Optimizer
2007-11-15 21:55 --------- d-----w C:\Program Files\Trend Micro
2007-11-13 22:35 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-10 18:52 --------- d-----w C:\Program Files\InterActual
2007-11-08 23:16 --------- d-----w C:\Program Files\coolpro2
2007-11-04 18:29 --------- d-----w C:\Program Files\Sonic
2007-10-30 06:53 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Super-Cow
2007-10-25 07:25 --------- d-----w C:\Program Files\MSECache
2007-10-25 07:05 --------- d-----w C:\Program Files\Download Manager
2007-10-24 06:44 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\QQ Games Plugin
2007-10-22 22:54 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2007-10-20 22:35 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\muvee Technologies
2007-10-20 17:52 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2007-10-20 00:11 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Nero
2007-10-20 00:03 --------- d-----w C:\Program Files\Common Files\Nero
2007-10-20 00:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Nero
2007-10-20 00:01 --------- d-----w C:\Program Files\Nero
2007-10-19 20:13 --------- d-----w C:\Program Files\AusLogics Disk Defrag
2007-10-19 19:47 --------- d-----w C:\Program Files\Common Files\Ahead
2007-10-19 17:47 --------- d-----w C:\Program Files\PConPoint
2007-10-19 17:07 --------- d-----w C:\Program Files\Easy Internet signup
2007-10-19 16:06 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-19 15:52 --------- d-----w C:\Program Files\IncrediMail
2007-10-19 15:23 --------- d-----w C:\Program Files\AOL Companion
2007-10-19 05:41 --------- d-----w C:\Program Files\Audacity
2007-10-19 05:36 --------- dc----w C:\Documents and Settings\All Users\Application Data\Intuit
2007-10-19 05:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-19 05:19 --------- d-----w C:\Program Files\BellSouth Application Management
2007-10-19 05:18 --------- d-----w C:\Program Files\AOL Computer Check-Up
2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0f
2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0e
2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0b
2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0
2007-10-19 04:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-10-19 04:40 --------- d-----w C:\Program Files\Learn2.com
2007-10-19 04:40 --------- d-----w C:\Program Files\HP
2007-10-19 04:35 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Symantec
2007-10-19 04:34 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2007-10-19 04:33 1,716 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_PY208AV-ABA a1030e_YC_0Pavi_QMXG530_E53NAheBLU5_47_ISalmon_SASUSTek Computer INC._V1.04_B3.15_T051019_WXH2_L409_M896_J80_7AMD_8Sempron_91.81_#050913_N1039090
0_Z11C1048C_G10396330.MRK
2007-10-19 04:30 --------- d---a-w C:\Program Files\Common Files\LightScribe
2007-10-19 03:44 --------- d-----w C:\Program Files\Webshots
2007-10-19 03:27 8,413 ----a-w C:\WINDOWS\system32\drivers\mcstrm.sys
2007-10-19 02:54 --------- d-----w C:\Program Files\Rhapsody
2007-10-19 02:21 --------- d-----w C:\Program Files\Common Files\Scanner
2007-10-19 02:16 --------- dc----w C:\Documents and Settings\All Users\Application Data\Raxco
2007-10-19 02:16 --------- d-----w C:\Program Files\Raxco
2007-10-19 02:16 --------- d-----w C:\Program Files\Common Files\Authentium
2007-10-19 02:15 --------- dc----w C:\Documents and Settings\All Users\Application Data\AT&T
2007-10-19 02:15 --------- d-----w C:\Program Files\CA
2007-10-19 02:15 --------- d-----w C:\Program Files\AT&T
2007-10-19 02:13 --------- d-----w C:\Program Files\BellSouth
2007-10-19 02:10 132,675 ----a-w C:\Program Files\INSTALL.LOG
2007-10-19 02:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-19 00:17 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\BellSouth
2007-10-19 00:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\BellSouth
2007-10-19 00:08 --------- d-----w C:\Program Files\Common Files\SupportSoft
2007-10-18 23:50 4 -c--a-w C:\WINDOWSRegDefrag.dat
2007-10-17 21:39 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\URSoft
2007-10-17 18:12 --------- d-----w C:\Program Files\DFX
2007-10-17 08:45 --------- dc----w C:\Documents and Settings\All Users\Application Data\Babylon
2007-10-17 08:43 --------- dc----w C:\Documents and Settings\All Users\Application Data\yahoo!
2007-10-17 08:42 --------- d-----w C:\Program Files\Common Files\Nullsoft
2007-10-17 08:41 --------- dc----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-17 08:41 --------- d-----w C:\Program Files\Multimedia Transcoding Tool
2007-10-17 08:40 --------- d-----w C:\Program Files\AOL 9.0a
2007-10-17 08:37 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AOL
2007-10-17 04:09 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-12 04:03 --------- dc----w C:\Documents and Settings\All Users\Application Data\HipSoft
2005-11-15 21:39 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-10-09 11:02]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:00]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 17:11]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-10-18 22:05]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2003-10-02 23:06]
"MtdAcq"="C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe" [2002-10-17 03:13]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="Rundll32.exe" [2004-08-03 23:00 C:\WINDOWS\system32\rundll32.exe]
"CTHelper"="CTHELPER.EXE" [2003-11-14 03:18 C:\WINDOWS\system32\CTHELPER.EXE]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 10:00]
"ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 12:12]
"AT&T Internet Security Suite"="C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe" [2007-06-28 15:09]
"HostManager"="C:\Program Files\Common Files\AOL\1192809728\ee\AOLSoftware.exe" [2007-04-12 16:23]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-08-30 13:04]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 18:14]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 00:34]
"HelpCenter4.1"="C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-10-22 10:27]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-27 03:53]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-11-16 13:55]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 04:13 C:\WINDOWS\MIDIDEF.EXE]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2005-09-15 22:44:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnkkk]
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2004-04-07 11:07 496752 --a------ C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
c:\progra~1\common~1\instal~1\update~1\issch.exe -start

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
S3 PAC7311;VGA USB Camera;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS
S3 Radialpoint Security Services;AT&T Internet Security Suite;C:\WINDOWS\system32\dllhost.exe /Processid:{80098F68-1220-4F43-80A8-15C7395B8874}

.
Contents of the 'Scheduled Tasks' folder
"2007-11-24 04:55:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2007-11-29 13:57:00 C:\WINDOWS\Tasks\Find Duplicate Files.job"
- C:\PROGRA~1\ADVANC~1\finddupe.exe
"2007-11-28 22:15:06 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
"2007-05-23 02:40:25 C:\WINDOWS\Tasks\HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
"2007-05-28 00:35:29 C:\WINDOWS\Tasks\HubTask 2 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 2 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
"2007-12-03 01:42:03 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-29 08:00:44 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-12-03 01:42:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
"2007-12-03 01:42:03 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-12-01 08:01:15 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 20:42:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-02 20:46:37 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-30 18:02
C:\ComboFix3.txt ... 2007-11-29 09:42
.
--- E O F ---

ok this one was without s&d on

ComboFix 07-11-19.4C - HP_Owner 2007-12-03 1:22:51.19 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.512 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\aipbnwrm.dll
C:\WINDOWS\system32\alwqoyxj.dll
C:\WINDOWS\system32\bjqxhqrp.ini
C:\WINDOWS\system32\bwnknnrh.dll
C:\WINDOWS\system32\criktbeb.dll
C:\WINDOWS\system32\hrnnknwb.ini
C:\WINDOWS\system32\jwwspdfs.dll
C:\WINDOWS\system32\khfcdba.dll
C:\WINDOWS\system32\lcaiwpby.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\prqhxqjb.dll
C:\WINDOWS\system32\rxnyputu.dll
C:\WINDOWS\system32\utupynxr.ini
C:\WINDOWS\system32\vpudnsyk.dll
C:\WINDOWS\system32\wroeviwd.dll
C:\WINDOWS\system32\yayxutq.dll
C:\WINDOWS\system32\ybpwiacl.dll
.

((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))))
.

2007-12-01 16:44 468 --a--c--- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2007-12-01 02:12 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-01 02:12 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-30 18:19 <DIR> d-------- C:\WINDOWS\SDFIX
2007-11-29 01:51 <DIR> d-------- C:\temp\bkR11
2007-11-27 03:57 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-11-27 03:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{FAE72283-E912-4CA0-A263-E07183A4AF20}
2007-11-27 03:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{EF257B1A-26EA-4A90-9BCC-54CA818488E8}
2007-11-27 01:51 <DIR> d-------- C:\Program Files\iTunes
2007-11-23 02:50 <DIR> d-------- C:\Program Files\Microsoft Games
2007-11-21 19:41 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\iWin
2007-11-21 16:42 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2007-11-21 16:30 <DIR> d-------- C:\Program Files\LimeWire
2007-11-19 16:44 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\ArcSoft
2007-11-19 16:42 230,432 --a--c--- C:\PA7311.DAT
2007-11-19 16:39 <DIR> d-------- C:\Program Files\VGA USB Camera
2007-11-19 15:39 <DIR> d-------- C:\WINDOWS\PixArt
2007-11-19 15:11 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2007-11-19 15:11 <DIR> d-------- C:\Program Files\ArcSoft
2007-11-19 15:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2007-11-19 15:11 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-11-19 15:11 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2007-11-15 15:32 <DIR> d-------- C:\Program Files\RegCure
2007-11-15 14:06 <DIR> d-------- C:\Program Files\XoftSpySE
2007-11-14 02:37 6,058,496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-14 02:37 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-14 02:37 991,232 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-14 02:37 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-14 02:37 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-14 02:37 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-14 02:37 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-14 02:37 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-14 02:37 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-14 02:13 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-11-13 05:01 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Roxio
2007-11-13 02:24 <DIR> d-------- C:\Program Files\WinMX Fix v.3.0
2007-11-13 02:24 <DIR> d-------- C:\Program Files\iPod
2007-11-13 02:23 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-11-13 02:23 <DIR> d-------- C:\Program Files\InterVideo
2007-11-13 02:23 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Roxio
2007-11-13 02:22 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-13 02:22 <DIR> d-------- C:\audio
2007-11-13 02:05 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion(2)
2007-11-08 23:11 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-07 15:42 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-11-07 00:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-11-06 01:20 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-11-04 20:10 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2007-11-04 13:33 <DIR> d----c--- C:\c6616f9bfd906f1ad04bbed7e3dd4f
2007-11-04 13:30 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2007-11-04 13:30 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Sonic
2007-11-04 01:28 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Sierra Entertainment
2007-11-04 01:28 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-03 17:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-01 07:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-30 00:40 --------- d-----w C:\Program Files\Real
2007-11-29 07:11 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-27 08:56 --------- d-----w C:\Program Files\Common Files\Real
2007-11-27 08:03 --------- d-----w C:\Program Files\Stamps.com Internet Postage
2007-11-27 07:51 --------- dc----w C:\Documents and Settings\All Users\Application Data\{75EE35BC-E993-41FD-9DBA-9AD37F50E521}
2007-11-26 08:14 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\IGN_DLM
2007-11-23 05:51 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-21 17:49 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AT&T
2007-11-21 08:40 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\My Battle for Middle-earth Files
2007-11-21 08:40 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Move Networks
2007-11-21 08:40 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Audacity
2007-11-21 08:40 --------- d--h--r C:\Documents and Settings\HP_Owner\Application Data\yahoo!
2007-11-21 08:40 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Viewpoint
2007-11-21 06:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-20 07:21 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-20 07:20 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-19 22:23 --------- d-----w C:\Program Files\Common Files\Logitech
2007-11-19 18:44 --------- d-----w C:\Program Files\Google
2007-11-19 17:42 --------- d-----w C:\Program Files\Yahoo!
2007-11-19 17:42 --------- d-----w C:\Program Files\QuickTime
2007-11-19 17:42 --------- d-----w C:\Program Files\Online Backup
2007-11-19 17:42 --------- d-----w C:\Program Files\MSN Toolbar Suite
2007-11-19 17:42 --------- d-----w C:\Program Files\MSN Messenger
2007-11-19 17:41 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-11-19 17:41 --------- d-----w C:\Program Files\Java
2007-11-19 17:41 --------- d-----w C:\Program Files\ICOO Loader
2007-11-19 17:41 --------- d-----w C:\Program Files\HPQ
2007-11-19 17:41 --------- d-----w C:\Program Files\GameSpy Arcade
2007-11-19 17:40 --------- d-----w C:\Program Files\Common Files\aolshare
2007-11-19 17:40 --------- d-----w C:\Program Files\America Online 9.0i
2007-11-17 19:13 --------- d-----w C:\Program Files\Common Files\Motive
2007-11-15 22:05 --------- d-----w C:\Program Files\Advanced System Optimizer
2007-11-15 21:55 --------- d-----w C:\Program Files\Trend Micro
2007-11-13 22:35 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-10 18:52 --------- d-----w C:\Program Files\InterActual
2007-11-08 23:16 --------- d-----w C:\Program Files\coolpro2
2007-11-04 18:29 --------- d-----w C:\Program Files\Sonic
2007-10-30 06:53 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Super-Cow
2007-10-26 03:36 8,454,656 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 07:25 --------- d-----w C:\Program Files\MSECache
2007-10-25 07:05 --------- d-----w C:\Program Files\Download Manager
2007-10-24 06:44 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\QQ Games Plugin
2007-10-22 22:54 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2007-10-22 07:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 07:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-20 22:35 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\muvee Technologies
2007-10-20 17:52 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2007-10-20 00:11 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Nero
2007-10-20 00:03 --------- d-----w C:\Program Files\Common Files\Nero
2007-10-20 00:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Nero
2007-10-20 00:01 --------- d-----w C:\Program Files\Nero
2007-10-19 20:13 --------- d-----w C:\Program Files\AusLogics Disk Defrag
2007-10-19 19:47 --------- d-----w C:\Program Files\Common Files\Ahead
2007-10-19 17:47 --------- d-----w C:\Program Files\PConPoint
2007-10-19 17:07 --------- d-----w C:\Program Files\Easy Internet signup
2007-10-19 16:06 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-19 15:52 --------- d-----w C:\Program Files\IncrediMail
2007-10-19 15:23 --------- d-----w C:\Program Files\AOL Companion
2007-10-19 05:41 --------- d-----w C:\Program Files\Audacity
2007-10-19 05:36 --------- dc----w C:\Documents and Settings\All Users\Application Data\Intuit
2007-10-19 05:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-19 05:19 --------- d-----w C:\Program Files\BellSouth Application Management
2007-10-19 05:18 --------- d-----w C:\Program Files\AOL Computer Check-Up
2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0f
2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0e
2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0b
2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0
2007-10-19 04:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-10-19 04:40 --------- d-----w C:\Program Files\Learn2.com
2007-10-19 04:40 --------- d-----w C:\Program Files\HP
2007-10-19 04:35 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Symantec
2007-10-19 04:34 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2007-10-19 04:33 1,716 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_PY208AV-ABA a1030e_YC_0Pavi_QMXG530_E53NAheBLU5_47_ISalmon_SASUSTek Computer INC._V1.04_B3.15_T051019_WXH2_L409_M896_J80_7AMD_8Sempron_91.81_#050913_N1039090
0_Z11C1048C_G10396330.MRK
2007-10-19 04:30 --------- d---a-w C:\Program Files\Common Files\LightScribe
2007-10-19 03:44 --------- d-----w C:\Program Files\Webshots
2007-10-19 03:27 8,413 ----a-w C:\WINDOWS\system32\drivers\mcstrm.sys
2007-10-19 02:54 --------- d-----w C:\Program Files\Rhapsody
2007-10-19 02:21 --------- d-----w C:\Program Files\Common Files\Scanner
2007-10-19 02:16 --------- dc----w C:\Documents and Settings\All Users\Application Data\Raxco
2007-10-19 02:16 --------- d-----w C:\Program Files\Raxco
2007-10-19 02:16 --------- d-----w C:\Program Files\Common Files\Authentium
2007-10-19 02:15 --------- dc----w C:\Documents and Settings\All Users\Application Data\AT&T
2007-10-19 02:15 --------- d-----w C:\Program Files\CA
2007-10-19 02:15 --------- d-----w C:\Program Files\AT&T
2007-10-19 02:13 --------- d-----w C:\Program Files\BellSouth
2007-10-19 02:10 132,675 ----a-w C:\Program Files\INSTALL.LOG
2007-10-19 02:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-19 00:17 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\BellSouth
2007-10-19 00:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\BellSouth
2007-10-19 00:08 --------- d-----w C:\Program Files\Common Files\SupportSoft
2007-10-18 23:50 4 -c--a-w C:\WINDOWSRegDefrag.dat
2007-10-17 21:39 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\URSoft
2007-10-17 18:12 --------- d-----w C:\Program Files\DFX
2007-10-17 08:45 --------- dc----w C:\Documents and Settings\All Users\Application Data\Babylon
2007-10-17 08:43 --------- dc----w C:\Documents and Settings\All Users\Application Data\yahoo!
2007-10-17 08:42 --------- d-----w C:\Program Files\Common Files\Nullsoft
2007-10-17 08:41 --------- dc----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-17 08:41 --------- d-----w C:\Program Files\Multimedia Transcoding Tool
2007-10-17 08:40 --------- d-----w C:\Program Files\AOL 9.0a
2005-11-15 21:39 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-10-09 11:02]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:00]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 17:11]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-10-18 22:05]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2003-10-02 23:06]
"MtdAcq"="C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe" [2002-10-17 03:13]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="Rundll32.exe" [2004-08-03 23:00 C:\WINDOWS\system32\rundll32.exe]
"CTHelper"="CTHELPER.EXE" [2003-11-14 03:18 C:\WINDOWS\system32\CTHELPER.EXE]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 10:00]
"ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 12:12]
"AT&T Internet Security Suite"="C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe" [2007-06-28 15:09]
"HostManager"="C:\Program Files\Common Files\AOL\1192809728\ee\AOLSoftware.exe" [2007-04-12 16:23]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-08-30 13:04]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 18:14]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 00:34]
"HelpCenter4.1"="C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-10-22 10:27]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-27 03:53]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-11-16 13:55]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 04:13 C:\WINDOWS\MIDIDEF.EXE]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2005-09-15 22:44:01]
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2004-04-07 11:07 496752 --a------ C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
c:\progra~1\common~1\instal~1\update~1\issch.exe -start

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
S3 PAC7311;VGA USB Camera;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS
S3 Radialpoint Security Services;AT&T Internet Security Suite;C:\WINDOWS\system32\dllhost.exe /Processid:{80098F68-1220-4F43-80A8-15C7395B8874}

.
Contents of the 'Scheduled Tasks' folder
"2007-11-24 04:55:00 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2007-11-29 13:57:00 C:\WINDOWS\Tasks\Find Duplicate Files.job"
- C:\PROGRA~1\ADVANC~1\finddupe.exe
"2007-11-28 22:15:06 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
"2007-05-23 02:40:25 C:\WINDOWS\Tasks\HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
"2007-05-28 00:35:29 C:\WINDOWS\Tasks\HubTask 2 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 2 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
"2007-12-03 06:15:58 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-29 08:00:44 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-12-03 06:27:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
"2007-12-03 06:15:58 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-12-01 08:01:15 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-03 01:29:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-03 1:30:16
C:\ComboFix2.txt ... 2007-12-02 20:46
C:\ComboFix3.txt ... 2007-11-30 18:02
.
--- E O F ---


now will get the rest for you

Deckard's System Scanner v20071014.68
Run by HP_Owner on 2007-12-03 01:37:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
25: 2007-12-03 06:37:25 UTC - RP205 - Deckard's System Scanner Restore Point
24: 2007-12-03 06:22:13 UTC - RP204 - ComboFix created restore point
23: 2007-12-03 01:33:11 UTC - RP203 - ComboFix created restore point
22: 2007-12-02 19:27:14 UTC - RP202 - System Checkpoint
21: 2007-12-01 07:57:07 UTC - RP201 - Ad-Aware Restore Point 2007-12-01 02:56:58


-- First Restore Point --
1: 2007-11-29 16:34:30 UTC - RP181 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:38:55 AM, on 12/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe
C:\Program Files\Common Files\AOL\1192809728\ee\AOLSoftware.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\AT&T\Internet Security Wizard\ISWComHandler.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.manhunt.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.manhunt.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\AT&T\AT&T Internet Security Suite\pkR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [AT&T Internet Security Suite] "C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1192809728\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.dotphoto.com/ImageUploader4.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - http://pbells.broadjump.com/wizlet/Standar...aller_4-2-0.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 11968 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
R3 catchme - c:\docume~1\hp_owner\locals~1\temp\catchme.sys (file missing)

S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 PcdrNdisuio (PCDRNDISUIO Usermode I/O Protocol) - c:\windows\system32\drivers\pcdrndisuio.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe

S2 Viewpoint Manager Service -


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\4F36BB11D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\4F36BB11D800
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2007-12-03 01:37:00 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-12-03 01:15:58 454 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2007-12-03 01:15:58 444 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2007-12-01 03:01:15 368 --a------ C:\WINDOWS\Tasks\XoftSpySE.job
2007-11-29 08:57:00 270 --a------ C:\WINDOWS\Tasks\Find Duplicate Files.job
2007-11-29 03:00:44 378 --a------ C:\WINDOWS\Tasks\RegCure.job
2007-11-28 17:15:06 1010 --ah----- C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
2007-11-23 23:55:00 266 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job
2007-05-27 19:35:29 998 --ah----- C:\WINDOWS\Tasks\HubTask 2 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
2007-05-22 21:40:25 1010 --ah----- C:\WINDOWS\Tasks\HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job


-- Files created between 2007-11-03 and 2007-12-03 -----------------------------

2007-12-01 16:44:27 468 --a----c- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2007-12-01 02:12:04 0 d-------- C:\Program Files\Lavasoft
2007-12-01 02:12:04 0 d------c- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-30 18:19:53 0 d-------- C:\WINDOWS\SDFIX
2007-11-27 03:57:32 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-27 03:03:24 0 d------c- C:\Documents and Settings\All Users\Application Data\{FAE72283-E912-4CA0-A263-E07183A4AF20}
2007-11-27 03:03:00 0 d------c- C:\Documents and Settings\All Users\Application Data\{EF257B1A-26EA-4A90-9BCC-54CA818488E8}
2007-11-27 01:51:37 0 d-------- C:\Program Files\iTunes
2007-11-23 02:50:01 0 d-------- C:\Program Files\Microsoft Games
2007-11-22 23:41:08 0 d-------- C:\Documents and Settings\NetworkService\Start Menu
2007-11-21 19:41:13 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\iWin
2007-11-21 16:42:16 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2007-11-21 16:30:37 0 d-------- C:\Program Files\LimeWire
2007-11-19 16:44:52 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\ArcSoft
2007-11-19 16:42:27 230432 --a----c- C:\PA7311.DAT
2007-11-19 16:39:56 0 d-------- C:\Program Files\VGA USB Camera
2007-11-19 15:39:56 0 d-------- C:\WINDOWS\PixArt
2007-11-19 15:11:55 0 d-------- C:\Program Files\Common Files\ArcSoft
2007-11-19 15:11:53 11776 --a------ C:\WINDOWS\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
2007-11-19 15:11:30 212480 --a------ C:\WINDOWS\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2007-11-19 15:11:27 0 d-------- C:\Program Files\ArcSoft
2007-11-15 15:32:39 0 d-------- C:\Program Files\RegCure
2007-11-15 14:06:13 0 d-------- C:\Program Files\XoftSpySE
2007-11-14 02:13:41 24576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2007-11-13 12:55:38 6291456 --a------ C:\Documents and Settings\HP_Owner\ntuser.dat
2007-11-13 05:01:38 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\Roxio
2007-11-13 02:24:51 0 d-------- C:\Program Files\WinMX Fix v.3.0
2007-11-13 02:24:07 0 d-------- C:\Program Files\iPod
2007-11-13 02:23:53 0 d-------- C:\Program Files\InterVideo
2007-11-13 02:23:53 0 d------c- C:\Documents and Settings\All Users\Application Data\Roxio
2007-11-13 02:23:46 0 d-------- C:\WINDOWS\system32\QuickTime
2007-11-13 02:22:44 0 d-------- C:\audio
2007-11-13 02:22:44 0 d-------- C:\audacity_1_2_temp
2007-11-13 02:22:18 0 d------c- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-13 02:05:23 0 d------c- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion(2)
2007-11-09 15:46:10 1387 --a----c- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-11-08 23:11:33 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-11-07 15:42:12 0 d-------- C:\WINDOWS\system32\AGEIA
2007-11-07 00:03:01 0 d------c- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-11-06 01:20:19 0 d-------- C:\Program Files\MSXML 6.0
2007-11-04 20:08:47 0 d------c- C:\6c7bce0b76c5c3ff959c14e3fe
2007-11-04 13:33:32 0 d------c- C:\c6616f9bfd906f1ad04bbed7e3dd4f
2007-11-04 13:30:53 0 d------c- C:\Documents and Settings\All Users\Application Data\Sonic
2007-11-04 13:30:39 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-11-04 01:28:43 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\Sierra Entertainment
2007-11-03 17:00:28 0 d------c- C:\WINDOWS\system32\DRVSTORE


-- Find3M Report ---------------------------------------------------------------

2007-12-02 20:50:51 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000004-20051102}.dat
2007-12-02 20:50:51 384 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000A-00001102-00000004-20051102}.dat
2007-12-01 02:11:29 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-29 19:40:54 0 d-------- C:\Program Files\Real
2007-11-29 03:32:27 0 d-------- C:\Program Files\MSN Gaming Zone
2007-11-29 03:01:19 0 d-------- C:\Program Files\Common Files
2007-11-27 04:02:48 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\Real
2007-11-27 03:56:39 0 d-------- C:\Program Files\Common Files\Real
2007-11-27 03:03:46 0 d-------- C:\Program Files\Stamps.com Internet Postage
2007-11-26 20:20:27 4 --a------ C:\WINDOWS\system32\E930B5
2007-11-26 03:14:25 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\IGN_DLM
2007-11-21 12:49:56 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\AT&T
2007-11-21 03:40:23 0 dr-h----- C:\Documents and Settings\HP_Owner\Application Data\yahoo!
2007-11-21 03:40:23 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Viewpoint
2007-11-21 03:40:08 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\My Battle for Middle-earth Files
2007-11-21 03:40:08 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\Move Networks
2007-11-21 03:40:06 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\Google
2007-11-21 03:40:06 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\Audacity
2007-11-21 03:40:05 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\Adobe
2007-11-21 01:59:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-20 02:21:39 0 d-------- C:\Program Files\Common Files\AOL
2007-11-19 17:23:21 0 d-------- C:\Program Files\Common Files\Logitech
2007-11-19 13:44:48 0 d-------- C:\Program Files\Google
2007-11-19 12:42:57 0 d-------- C:\Program Files\Yahoo!
2007-11-19 12:42:14 0 d-------- C:\Program Files\QuickTime
2007-11-19 12:42:09 0 d-------- C:\Program Files\Online Backup
2007-11-19 12:42:02 0 d-------- C:\Program Files\MSN Toolbar Suite
2007-11-19 12:42:01 0 d-------- C:\Program Files\MSN Messenger
2007-11-19 12:41:56 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-11-19 12:41:54 0 d-------- C:\Program Files\Java
2007-11-19 12:41:43 0 d-------- C:\Program Files\ICOO Loader
2007-11-19 12:41:43 0 d-------- C:\Program Files\HPQ
2007-11-19 12:41:26 0 d-------- C:\Program Files\GameSpy Arcade
2007-11-19 12:40:57 0 d-------- C:\Program Files\Common Files\aolshare
2007-11-19 12:40:18 0 d-------- C:\Program Files\America Online 9.0i
2007-11-17 14:13:14 0 d-------- C:\Program Files\Common Files\Motive
2007-11-15 17:05:43 0 d-------- C:\Program Files\Advanced System Optimizer
2007-11-15 16:55:17 0 d-------- C:\Program Files\Trend Micro
2007-11-13 17:35:31 0 d-------- C:\Program Files\Hewlett-Packard
2007-11-10 13:52:37 0 d-------- C:\Program Files\InterActual
2007-11-08 18:16:27 0 d-------- C:\Program Files\coolpro2
2007-11-04 13:29:40 0 d-------- C:\Program Files\Sonic
2007-10-30 01:53:17 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\Super-Cow
2007-10-25 02:25:24 0 d-------- C:\Program Files\MSECache
2007-10-25 02:05:27 0 d-------- C:\Program Files\Download Manager
2007-10-24 01:44:47 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\QQ Games Plugin
2007-10-22 17:54:20 0 d-------- C:\Program Files\Microsoft IntelliType Pro
2007-10-20 17:35:59 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\muvee Technologies
2007-10-20 12:52:27 0 d-------- C:\Program Files\Common Files\muvee Technologies
2007-10-20 12:11:26 300 --a----c- C:\AUTOEXEC.BAT
2007-10-19 19:11:35 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\Nero
2007-10-19 19:03:10 0 d-------- C:\Program Files\Common Files\Nero
2007-10-19 19:01:08 0 d-------- C:\Program Files\Nero
2007-10-19 15:13:12 0 d-------- C:\Program Files\AusLogics Disk Defrag
2007-10-19 14:47:17 0 d-------- C:\Program Files\Common Files\Ahead
2007-10-19 12:47:41 0 d-------- C:\Program Files\PConPoint
2007-10-19 12:07:56 0 d-------- C:\Program Files\Easy Internet signup
2007-10-19 10:52:38 0 d-------- C:\Program Files\IncrediMail
2007-10-19 10:23:04 0 d-------- C:\Program Files\AOL Companion
2007-10-19 00:41:02 0 d-------- C:\Program Files\Audacity
2007-10-19 00:20:48 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-19 00:19:36 110008 --a------ C:\WINDOWS\hpoins08.dat
2007-10-19 00:19:07 0 d-------- C:\Program Files\BellSouth Application Management
2007-10-19 00:18:57 0 d-------- C:\Program Files\AOL Computer Check-Up
2007-10-19 00:18:53 0 d-------- C:\Program Files\America Online 9.0f
2007-10-19 00:18:53 0 d-------- C:\Program Files\America Online 9.0e
2007-10-19 00:18:53 0 d-------- C:\Program Files\America Online 9.0b
2007-10-19 00:18:52 0 d-------- C:\Program Files\America Online 9.0
2007-10-19 00:06:05 3218 --a------ C:\WINDOWS\mozver.dat
2007-10-18 23:40:31 0 d-------- C:\Program Files\HP
2007-10-18 23:40:12 0 d-------- C:\Program Files\Learn2.com
2007-10-18 23:36:13 117716 --a------ C:\WINDOWS\hpoins11.dat
2007-10-18 23:35:21 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\Symantec
2007-10-18 23:34:43 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2007-10-18 23:30:08 0 d-a------ C:\Program Files\Common Files\LightScribe
2007-10-18 23:16:16 0 d-------- C:\Program Files\Windows NT
2007-10-18 23:16:12 0 d-------- C:\Program Files\Movie Maker
2007-10-18 23:16:11 0 d-------- C:\Program Files\Messenger
2007-10-18 22:44:31 0 d-------- C:\Program Files\Webshots
2007-10-18 21:54:34 0 d-------- C:\Program Files\Rhapsody
2007-10-18 21:21:41 0 d-------- C:\Program Files\Common Files\Scanner
2007-10-18 21:16:32 0 d-------- C:\Program Files\Common Files\Authentium
2007-10-18 21:16:17 0 d-------- C:\Program Files\Raxco
2007-10-18 21:15:27 0 d-------- C:\Program Files\AT&T
2007-10-18 21:15:10 0 d-------- C:\Program Files\CA
2007-10-18 21:13:23 0 d-------- C:\Program Files\BellSouth
2007-10-18 21:10:44 132675 --a------ C:\Program Files\INSTALL.LOG
2007-10-18 19:17:33 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\BellSouth
2007-10-18 19:08:20 0 d-------- C:\Program Files\Common Files\SupportSoft
2007-10-18 18:50:49 4 --a----c- C:\WINDOWSRegDefrag.dat
2007-10-17 16:39:52 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\URSoft
2007-10-17 13:12:19 0 d-------- C:\Program Files\DFX
2007-10-17 03:42:08 0 d-------- C:\Program Files\Common Files\Nullsoft
2007-10-17 03:41:23 0 d-------- C:\Program Files\Multimedia Transcoding Tool
2007-10-17 03:40:56 0 d-------- C:\Program Files\AOL 9.0a
2007-10-17 03:37:48 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\AOL
2007-10-11 14:08:06 0 d------c- C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2007-10-10 11:50:02 0 d-------- C:\Program Files\ACNielsen
2007-10-06 12:11:52 0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-06 03:43:54 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\WeatherBug
2007-09-20 20:00:12 636 --a------ C:\WINDOWS\eReg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [01/05/2005 01:54 AM C:\WINDOWS\system32\SiSPower.dll]
"CTHelper"="CTHELPER.EXE" [11/14/2003 03:18 AM C:\WINDOWS\system32\CTHELPER.EXE]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [06/18/2003 10:00 AM]
"ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [05/03/2007 12:12 PM]
"AT&T Internet Security Suite"="C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe" [06/28/2007 03:09 PM]
"HostManager"="C:\Program Files\Common Files\AOL\1192809728\ee\AOLSoftware.exe" [04/12/2007 04:23 PM]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [08/30/2004 01:04 PM]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [07/07/2006 06:14 PM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/26/2005 12:34 AM]
"HelpCenter4.1"="C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [10/22/2007 10:27 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/27/2007 03:53 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [11/16/2006 01:55 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [10/09/2007 11:02 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:00 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [03/01/2007 05:11 PM]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [10/18/2007 10:05 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [10/02/2003 11:06 PM]
"MtdAcq"="C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe" [10/17/2002 03:13 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"=MIDIDEF.EXE

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [9/15/2005 10:44:01 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"c:\progra~1\common~1\instal~1\update~1\issch.exe" -start




-- End of Deckard's System Scanner: finished at 2007-12-03 01:39:37 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Sempron™ Processor 3000+
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 895.48 MiB / 488.97 MiB
Pagefile Memory (total/avail): 2168.47 MiB / 1861.32 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.38 MiB

C: is Fixed (NTFS) - 66.49 GiB total, 22.73 GiB free.
D: is Fixed (FAT32) - 8.02 GiB total, 1.94 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST380013AS - 74.53 GiB - 2 partitions
\PARTITION0 - Unknown - 8.03 GiB - D:
\PARTITION1 (bootable) - Installable File System - 66.49 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: AT&T Internet Security Suite AT&T Firewall v6.0.1 (Bellsouth)
AV: AT&T Internet Security Suite AT&T Anti-Virus v6.0.1 (Bellsouth)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DRAGMAFIA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Owner
LOGONSERVER=\\DRAGMAFIA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\;C:\Program Files\CA\PPRT\bin;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
USERDOMAIN=DRAGMAFIA
USERNAME=HP_Owner
USERPROFILE=C:\Documents and Settings\HP_Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

HP_Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {51EF423B-DEAD-4102-A330-2B4260FD6579}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Connectivity Services --> C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
AOL Spyware Protection --> C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB2A3A6-6789-4260-9966-517498589AB5}\setup.exe" -l0x9
ArcSoft VideoImpression 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{244E21B9-164C-4EC1-AED8-9BD64161E66D}\setup.exe" -l0x9
AT&T Internet Security Suite --> C:\Program Files\InstallShield Installation Information\{D7DF917E-C963-42B4-AD48-837ACA6D8859}\setup.exe -runfromtemp -l0x0009 -removeonly
AT&T Internet Security Wizard 1.5.11 --> "C:\Program Files\AT&T\Internet Security Wizard\unins000.exe"
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AusLogics Disk Defrag --> "C:\Program Files\AusLogics Disk Defrag\unins000.exe"
Authentium AntiVirus SDK - 2 --> MsiExec.exe /I{1ACE3F9D-CDA4-4F39-9605-334CF37A1579}
BellSouth Application Management --> C:\WINDOWS\Motive\BellSouth\UninstallAppManagement.exe
Cool Edit Pro 2.1 --> C:\Program Files\coolpro2\cep2unin.exe
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\Setup.exe" -l0x9 /remove
Download Manager 2.3.6 --> C:\Program Files\Download Manager\uninst.exe
FastAccess® DSL Help Center 4.1 --> "C:\Program Files\Bellsouth\HelpCenter40b\unins000.exe"
FTDI USB Serial Converter Drivers --> C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Homescan Internet Transporter --> C:\Program Files\InstallShield Installation Information\{92BF38A8-5616-4209-87A3-D910B45A1D98}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Boot Optimizer --> MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Driver Diagnostics --> MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
HP Extended Capabilities 6.1 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.8.6 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.8.6 --> C:\Program Files\HP\Digital Imaging\{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Imaging Device Functions 6.1 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP PSC & OfficeJet 6.1.A --> "C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Solution Center and Imaging Support Tools 6.1 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{25F6C900-C138-4888-A56C-91D3D063023A}
HPIZplus450 --> MsiExec.exe /X{0E484A60-A429-49A8-982C-D6475F1E80A9}
IncrediMail Xe --> C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire PRO 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Age of Empires Gold --> "C:\Program Files\Microsoft Games\Age of Empires\UNINSTAL.EXE" /runtemp
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.10) --> c:\progra~1\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
muvee autoProducer 6.1 --> C:\Program Files\InstallShield Installation Information\{7B312BFD-6C04-4409-AB6F-DD41CCD67463}\setup.exe -runfromtemp -l0x0009 -removeonly
muvee coolStyles 1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92518780-C904-409C-B674-528822FEA6E2}\Setup.exe" -l0x9
muvee coolStyles 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AFB057E3-03AF-420D-9E85-F846739CE211}\Setup.exe" -l0x9
muvee corePack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B0BD0D6-D7D1-4D49-9815-5A85081ECC45}\Setup.exe" -l0x9
muvee Hi-Octane stylePack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB320D1D-16E2-45AE-AE48-7952D3E9542C}\Setup.exe" -l0x9
Nero 8 --> MsiExec.exe /X{90AABED0-25A8-41FC-B738-224889E31033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PC-Doctor for Windows --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{19C989C4-50AE-43A4-B06E-8C70FFFF852F} /l1033
PConPoint v4.1 --> "C:\Program Files\PConPoint\unins000.exe"
PerfectDisk --> MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7}
Photosmart 320,370,7400,8100,8400 Series --> C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
PPSDKRedistributables --> MsiExec.exe /I{C869F4FF-E5FF-4FBB-9A31-33C23605E170}
Pure Networks Port Magic --> C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Uninstall -ShowUI
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
Radialpoint Security Services --> MsiExec.exe /X{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\INSTALL.LOG
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
RPS Ad Blocker --> MsiExec.exe /I{BAF99E78-879B-4811-BFEF-3CC7057BC00D}
RPS AntiFraud --> MsiExec.exe /I{537654FC-556A-4992-BF3D-ADC05E7009DC}
RPS AntiSpyware --> MsiExec.exe /I{99E6E9E1-BBCD-4294-93C6-08537A9E92CB}
RPS AntiVirus --> MsiExec.exe /I{E85A45C2-290F-4C4A-9363-B6399EE648A9}
RPS App Detector --> MsiExec.exe /I{2F4BFC9D-17D7-447A-AEA2-467892D876B3}
RPS AsRealtime --> MsiExec.exe /I{1E164156-3FA1-4389-9B0B-28E88B879639}
RPS Backup --> MsiExec.exe /I{904847DA-FBC0-4726-BE73-830FCB9D4E8A}
RPS Burn --> MsiExec.exe /I{7D11FED9-4214-40A6-A6CA-3CFBAC20DA36}
RPS Diagnostic Utility --> MsiExec.exe /I{0345520E-2A04-4A36-BC31-353AE87A6092}
RPS Firewall --> MsiExec.exe /I{0818687F-F41F-496D-9D6D-DB98F147FC62}
RPS ParentalControl --> MsiExec.exe /I{E5E7B0D0-20E1-4B1A-B8C9-B9E2B93DE1DE}
RPS Performance Tool --> MsiExec.exe /I{3DE72179-FEF4-4846-BF82-62CBFC61F8D7}
RPS PopupBlocker --> MsiExec.exe /I{310F26F3-C769-48E5-BD0D-53D4366C34CD}
RPS Privacy Manager --> MsiExec.exe /I{AC82BF06-223B-42AA-A89F-2D3BCD247366}
RPS RpsCore --> MsiExec.exe /I{295F5142-A223-4164-9A6D-6683C08409FC}
RPS Security Cleanup --> MsiExec.exe /I{58A2663B-56DC-488F-8E29-D44C6DE053B5}
RPS Zip --> MsiExec.exe /I{4AA73DA8-8D69-44ED-B5D7-CB815C81F83E}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R,oem1.inf
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD-VR --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{897CA0D9-948F-4E5B-A20E-535E1060D3E6} /l1033
Sonic MyDVD Deluxe --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sound Blaster Audigy 2 ZS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9FC3677-D5CD-4169-B78A-297D541EEB36}\Setup.exe" -l0x9
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Stamps.com --> "C:\Documents and Settings\All Users\Application Data\{EF257B1A-26EA-4A90-9BCC-54CA818488E8}\stamps.exe" REMOVE=TRUE MODIFY=FALSE
Stamps.com support for Corel WordPerfect 8 --> "C:\Documents and Settings\All Users\Application Data\{FAE72283-E912-4CA0-A263-E07183A4AF20}\CWP8PIMstmp.exe" REMOVE=TRUE MODIFY=FALSE
Updates from HP --> C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 309731
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VGA USB Camera --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1DDF840B-A50A-491E-BF44-6D6964C451A8}\Setup.exe" -l0x9
Webshots Desktop --> "C:\Program Files\Webshots\unins000.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->
XoftSpySE --> C:\Program Files\XoftSpySE\uninstall.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2433 / Error
Event Submitted/Written: 12/01/2007 03:28:44 AM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 191283752.

Event Record #/Type2432 / Error
Event Submitted/Written: 12/01/2007 03:28:15 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application RNArcade.exe, version 1.2.0.1256, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2409 / Error
Event Submitted/Written: 11/30/2007 06:02:17 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application TeaTimer.exe, version 1.5.0.9, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2373 / Warning
Event Submitted/Written: 11/30/2007 05:01:21 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type2370 / Error
Event Submitted/Written: 11/29/2007 07:11:37 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 90544754.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type15081 / Error
Event Submitted/Written: 12/03/2007 01:15:49 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Viewpoint Manager Service service failed to start due to the following error:
%%3

Event Record #/Type15067 / Error
Event Submitted/Written: 12/02/2007 08:42:00 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Viewpoint Manager Service service failed to start due to the following error:
%%3

Event Record #/Type15036 / Error
Event Submitted/Written: 12/02/2007 07:14:05 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Viewpoint Manager Service service failed to start due to the following error:
%%3

Event Record #/Type15013 / Error
Event Submitted/Written: 12/02/2007 11:14:53 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {222F1C6D-F430-4B76-B3F1-1FE92E214AD3} did not register with DCOM within the required timeout.

Event Record #/Type15001 / Error
Event Submitted/Written: 12/02/2007 11:12:13 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Viewpoint Manager Service service failed to start due to the following error:
%%3



-- End of Deckard's System Scanner: finished at 2007-12-03 01:39:37 ------------

well I think that is all you need

Hey rvbeaumont,

Step #1

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Step #2

1. Open notepad and copy/paste the text in the codebox below into it:
   
   
   CODE
   File::
   C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
   
   Folder::
   C:\WINDOWS\SDFIX
   
   
2. Save this as CFScript.txt
   
   
   
3. Refering to the picture above, drag CFScript.txt into ComboFix.exe
4. When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Step #3

1. Download Dr.Web CureIt to the desktop: drweb-cureit.exe
   1. Reboot your computer in SAFEMODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
2. Doubleclick the drweb-cureit.exe file and Allow to run the express scan
3. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
4. Once the short scan has finished, Click Options > Change settings
5. Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
6. Back at the main window, mark the drives that you want to scan.
7. Select all drives. A red dot shows which drives have been chosen.
8. Click the green arrow at the right, and the scan will start.
9. Click 'Yes to all' if it asks if you want to cure/move the file.
10. When the scan has finished, look if you can click the icon next to the files found:
11. If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    
12. This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
13. After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
14. Save the report to your desktop. The report will be called DrWeb.csv I need that log later.
15. Close Dr.Web Cureit.
16. Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

Step #4

Please post back with a fresh HijackThis log, the ComboFix log, and the DrWeb.csv log. Thanks