I have been working on a friends computer off and on for several days now. I think I got most of his problems fixed but can't seem to get this part fixed. I have run Spybot over and over and have finally fixed all the issues that it found. However, I still can't fix this one.

He was infected with virtumonde.dll.

Whenever Internet Explorer runs it takes forever to go to a particular site. It will sometimes go to a variety of popup windows. It will sometimes say page cannot be found.

Whenever I try to go to Microsoft Update, I either don't get there, or I get there with another pop-up. It will not let me under any circumstances go to the update site though.

Internet Explorer and Firefox seem to be affected. Safari runs absolutely perfect.

I have deleted all the temporary files that I know where to delete.

I have run a Spybot Search and Destroy which is now clean.

I have run a full McAfee scan which was completely clean.

I have run a full ad-aware scan that was completely clean.

I even uninstalled IE7 and went back to 6. Same problems.

I tired to run Kaspersky Online Scanner, but the popup window that it uses to check for the version of Java, went to very strange places. Registryfix.com, and online game purchase and other places. So I was not able to run it. It would not recognize that I had the correct version of Java.

I am just out of answers, and don't know where to go next.

Thanks so much for your help ahead of time.

Brandon


Here are the logs:

Main.txt

Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-29 13:14:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2008-06-29 17:14:26 UTC - RP6 - Deckard's System Scanner Restore Point
5: 2008-06-29 15:11:04 UTC - RP5 - Installed Ad-Aware
4: 2008-06-29 13:23:29 UTC - RP4 - System Checkpoint
3: 2008-06-28 12:26:38 UTC - RP3 - System Checkpoint
2: 2008-06-27 12:01:06 UTC - RP2 - System Checkpoint


-- First Restore Point --
1: 2008-06-26 11:50:45 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 76% (more than 75%).
Total Physical Memory: 383 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:20 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mcafee.com/root/campaign.asp?cid=25642
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1BCDD095-1617-4E1E-9951-9283597C9594} - (no file)
O2 - BHO: (no name) - {2283B6DA-EFE4-4D6D-AA35-D86575E9D70B} - (no file)
O2 - BHO: (no name) - {24726148-F342-4CB0-9B10-F3A5C6DD3C8D} - (no file)
O2 - BHO: (no name) - {41087C7C-0772-4E25-ADDD-7A92DA5867D0} - (no file)
O2 - BHO: (no name) - {425C2FDF-C8FD-485A-9448-DAD95D426187} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5FC0832B-1DAB-46F0-995B-C1912E17BB60} - (no file)
O2 - BHO: (no name) - {68D88A27-8FCB-4A65-8B25-687D6A143AED} - (no file)
O2 - BHO: (no name) - {6D73F205-96D3-4674-9C2C-A078891E1DBA} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: (no name) - {84FEBFF8-945B-4F9A-B9B8-B68EC5020770} - C:\WINDOWS\system32\opnlMcyV.dll
O2 - BHO: (no name) - {8E6672C9-14F9-4302-8433-0B44032726D9} - (no file)
O2 - BHO: (no name) - {94925781-674D-4A57-9C1A-D92B7CEED5C2} - (no file)
O2 - BHO: (no name) - {9F154E76-3D08-4FE9-87CF-AAAE82DD42BF} - (no file)
O2 - BHO: (no name) - {A4DD7839-79B1-4788-BE23-2658A4D0C60E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar12.dll
O2 - BHO: (no name) - {AEE80ED6-48E9-4992-BA12-12B5397FF850} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {C08EB853-3FB5-437F-98DE-B6F4551D02B9} - (no file)
O2 - BHO: (no name) - {D261E0A4-E830-4598-811F-A760EDFC3198} - C:\WINDOWS\system32\awtustUo.dll
O2 - BHO: {f9b92241-e77d-5bc9-ed24-b024feb6092f} - {f2906bef-420b-42de-9cb5-d77e14229b9f} - (no file)
O2 - BHO: (no name) - {F87510E4-4351-4B7C-823A-F86B7CE6CA0D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar12.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KPDrv4XP] C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BM8b882bb1] Rundll32.exe "C:\WINDOWS\system32\uvpycoqv.dll",s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\7BQ66IMX\HCTP_1~1.SH! C:\DOCUME~1\Owner\Cookies\OW3E75~1.SH! C:\DOCUME~1\Owner\Cookies\OW99DC~1.SH! C:\DOCUME~1\Owner\Cookies\OW4A71~1.SH! C:\DOCUME~1\Owner\Cookies\OW89D2~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\CHLRT665\APP_1_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\CHLRT665\NO_CON~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\CHLRT665\DW_PAS~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\CHLRT665\DC_1_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\CHLRT665\DW_PAS~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\VVK0J4DX\INDEX_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\VVK0J4DX\DW_PAS~1.SH! C:\DOCUME~1\Owner\Cookies\OWC390~1.SH! C:\DOCUME~1\Owner\Cookies\OW42B7~1.SH! C:\DOCUME~1\Owner\Cookies\OWF015~1.SH! C:\DOCUME~1\Owner\Cookies\OW189C~1.SH! C:\DOCUME~1\Owner\Cookies\OW4A6B~1.SH! C:\DOCUME~1\Owner\Cookies\OW0692~1.SH!
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...307/mcfscan.cab
O20 - Winlogon Notify: opnlMcyV - C:\WINDOWS\SYSTEM32\opnlMcyV.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 13747 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080629-110336-192 O4 - HKLM\..\Run: [88bb182d] rundll32.exe "C:\WINDOWS\system32\nhijpshy.dll",b
backup-20080629-110336-636 O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
backup-20080629-110336-856 O4 - HKLM\..\Run: [BM8b882bb1] Rundll32.exe "C:\WINDOWS\system32\uvpycoqv.dll",s
backup-20080629-110337-108 O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
backup-20080629-110337-169 O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
backup-20080629-110338-460 O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
backup-20080629-110338-846 O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
backup-20080629-110338-887 O16 - DPF: Yahoo! Games Voice Chat - http://presence.games.yahoo.com/yog/y/va1_x.cab
backup-20080629-110339-470 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
backup-20080629-110339-645 O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} -
backup-20080629-110339-960 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_05) -
backup-20080629-110340-525 O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -
backup-20080629-110340-668 O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
backup-20080629-110341-427 O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} -
backup-20080629-110341-853 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 HIDKbFlt (HIDKbFlt.SvcDesc%) - c:\windows\system32\drivers\hidkbflt.sys <Not Verified; Dritek System Inc.; Dritek USB Keyboard HID Filter Driver>
R3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S3 USBAAPL (Apple Mobile USB Driver) - c:\windows\system32\drivers\usbaapl.sys <Not Verified; Apple, Inc.; Apple Mobile Device USB Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-29 12:53:08 438 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-06-27 07:21:06 372 --a------ C:\WINDOWS\Tasks\RegCure.job
2008-06-16 11:42:21 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-06-15 01:19:11 340 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-05-01 01:00:01 332 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-05-29 and 2008-06-29 -----------------------------

2008-06-29 11:11:12 0 d-------- C:\Program Files\Lavasoft
2008-06-29 11:11:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-29 11:09:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-29 01:19:04 0 d-------- C:\Program Files\Trend Micro
2008-06-29 00:43:41 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-06-29 00:42:30 0 d-------- C:\Program Files\CCleaner
2008-06-29 00:34:25 92032 --a------ C:\WINDOWS\system32\nhijpshy.dll
2008-06-27 07:20:39 0 d-------- C:\Program Files\RegCure
2008-06-27 05:38:33 0 d-------- C:\Program Files\RegistryFix6
2008-06-26 07:55:03 91520 --a------ C:\WINDOWS\system32\ahxpkqbk.dll
2008-06-26 07:54:16 243244 --ahs---- C:\WINDOWS\system32\oUtsutwa.ini2
2008-06-26 07:54:10 321920 --a------ C:\WINDOWS\system32\awtustUo.dll
2008-06-25 17:45:59 242734 --ahs---- C:\WINDOWS\system32\KSututwa.ini2
2008-06-25 00:49:35 0 d-------- C:\VundoFix Backups
2008-06-25 00:05:20 224318 --ahs---- C:\WINDOWS\system32\TBKjlUvw.ini2
2008-06-24 15:42:42 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-06-24 09:08:23 92032 --a------ C:\WINDOWS\system32\eyucnejd.dll
2008-06-22 22:26:36 232711 --ahs---- C:\WINDOWS\system32\xyHRtvut.ini2
2008-06-22 14:55:20 230448 --ahs---- C:\WINDOWS\system32\dLopAcdd.ini2
2008-06-20 23:27:13 92416 --a------ C:\WINDOWS\system32\hhwmdyvo.dll
2008-06-20 23:25:22 227005 --ahs---- C:\WINDOWS\system32\NTBbKkkj.ini2
2008-06-20 22:16:20 345 --ahs---- C:\WINDOWS\system32\dMlSAcdd.ini2
2008-06-20 00:08:53 229600 --ahs---- C:\WINDOWS\system32\DLoXxyxx.ini2
2008-06-19 22:45:53 230400 --ahs---- C:\WINDOWS\system32\qWabcccf.ini2
2008-06-19 19:11:03 226230 --ahs---- C:\WINDOWS\system32\PVFfgMoq.ini2
2008-06-19 18:08:39 226623 --ahs---- C:\WINDOWS\system32\BcdeLRqr.ini2
2008-06-19 16:01:26 229866 --ahs---- C:\WINDOWS\system32\tCddefii.ini2
2008-06-19 13:49:01 91392 --a------ C:\WINDOWS\system32\dooweinp.dll
2008-06-19 09:43:57 725 --ahs---- C:\WINDOWS\system32\jjQpqtwa.ini2
2008-06-18 22:09:13 236226 --ahs---- C:\WINDOWS\system32\VCfMlnpo.ini2
2008-06-18 20:32:24 345 --ahs---- C:\WINDOWS\system32\KQsuutwa.ini2
2008-06-18 17:02:28 239057 --ahs---- C:\WINDOWS\system32\jRCJRXbc.ini2
2008-06-18 13:15:25 236533 --ahs---- C:\WINDOWS\system32\TvuvDcdd.ini2
2008-06-17 21:01:03 95360 -----n--- C:\WINDOWS\system32\uvpycoqv.dll
2008-06-17 20:59:55 681947 --ahs---- C:\WINDOWS\system32\YceLmnmp.ini2
2008-06-17 13:16:48 237564 --ahs---- C:\WINDOWS\system32\SBLkRXyb.ini2
2008-06-16 21:53:02 344 --ahs---- C:\WINDOWS\system32\WFhOrtwa.ini2
2008-06-16 20:30:48 240390 --ahs---- C:\WINDOWS\system32\lTtDJkkj.ini2
2008-06-16 19:24:57 344 --ahs---- C:\WINDOWS\system32\srstsBeg.ini2
2008-06-16 16:54:42 344 --ahs---- C:\WINDOWS\system32\TsutDcdd.ini2
2008-06-16 11:41:32 239533 --ahs---- C:\WINDOWS\system32\TDKRBJlm.ini2
2008-06-15 17:25:17 239668 --ahs---- C:\WINDOWS\system32\VFOnmnmp.ini2
2008-06-14 22:51:33 248287 --ahs---- C:\WINDOWS\system32\egihNUvw.ini2
2008-06-13 22:06:25 240403 --ahs---- C:\WINDOWS\system32\gMWEOqss.ini2
2008-06-13 00:11:00 274132 --ahs---- C:\WINDOWS\system32\yycddJlm.ini2
2008-06-12 18:43:04 279382 --ahs---- C:\WINDOWS\system32\WaIPstwa.ini2
2008-06-12 17:07:38 276925 --ahs---- C:\WINDOWS\system32\RBaHRqss.ini2
2008-06-11 16:06:19 344 --ahs---- C:\WINDOWS\system32\PopsBccf.ini2
2008-06-11 13:49:54 373424 --ahs---- C:\WINDOWS\system32\cMStDJjl.ini2
2008-06-11 11:31:40 378852 --ahs---- C:\WINDOWS\system32\jkkkTvut.ini2
2008-06-11 06:30:34 376485 --ahs---- C:\WINDOWS\system32\oXGQstwa.ini2
2008-06-10 21:12:54 344 --ahs---- C:\WINDOWS\system32\DKTENnmp.ini2
2008-06-10 19:40:57 381358 --ahs---- C:\WINDOWS\system32\llRCdJlm.ini2
2008-06-10 18:40:37 344 --ahs---- C:\WINDOWS\system32\HgOWaJlm.ini2
2008-06-10 15:23:42 344 --ahs---- C:\WINDOWS\system32\ilkSvyay.ini2
2008-06-10 12:15:42 344 --ahs---- C:\WINDOWS\system32\EKnWyGgh.ini2
2008-06-09 22:35:40 384485 --ahs---- C:\WINDOWS\system32\qBLSBcdd.ini2
2008-06-09 19:49:12 344 --ahs---- C:\WINDOWS\system32\XGjTBJlm.ini2
2008-06-06 21:05:10 378681 --ahs---- C:\WINDOWS\system32\TCfLoUvw.ini2
2008-06-06 16:49:08 382707 --ahs---- C:\WINDOWS\system32\wDcLnUtv.ini2
2008-06-06 11:05:22 374190 --ahs---- C:\WINDOWS\system32\mSBbcMoq.ini2
2008-06-06 06:47:07 371332 --ahs---- C:\WINDOWS\system32\tEKSvyay.ini2
2008-06-05 16:53:47 374836 --ahs---- C:\WINDOWS\system32\NnTtDfhk.ini2
2008-06-04 15:37:53 344 --ahs---- C:\WINDOWS\system32\lVGQrtwa.ini2
2008-06-04 12:20:45 0 d-------- C:\Documents and Settings\Owner\Application Data\Template
2008-06-04 11:47:32 387221 --ahs---- C:\WINDOWS\system32\qpVEdMoq.ini2
2008-06-02 18:29:01 380379 --ahs---- C:\WINDOWS\system32\tBJTBcdd.ini2
2008-06-02 13:30:43 0 d-------- C:\WINDOWS\McAfee.com
2008-06-01 19:54:20 580102 --ahs---- C:\WINDOWS\system32\LlVDffii.ini2
2008-06-01 18:47:51 87151 --a------ C:\WINDOWS\system32\iifDWMFY.dll
2008-06-01 15:59:39 581610 --ahs---- C:\WINDOWS\system32\tAHRCcdd.ini2
2008-05-31 14:16:27 577723 --ahs---- C:\WINDOWS\system32\RtvyGfhk.ini2
2008-05-29 19:07:21 583683 --ahs---- C:\WINDOWS\system32\UCMWHkkj.ini2
2008-05-29 17:07:35 573058 --ahs---- C:\WINDOWS\system32\ggiSYJjl.ini2
2008-05-29 15:17:20 579248 --ahs---- C:\WINDOWS\system32\gjlVxyxx.ini2
2008-05-29 13:52:52 588919 --ahs---- C:\WINDOWS\system32\GNXxyyay.ini2


-- Find3M Report ---------------------------------------------------------------

2008-06-29 11:09:58 0 d-------- C:\Program Files\Common Files
2008-06-26 21:54:45 0 d-------- C:\Program Files\bfgtoolbar
2008-06-25 23:12:03 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-06-25 23:11:44 0 d-------- C:\Program Files\Yahoo!
2008-06-23 15:02:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-06-22 22:28:40 0 d-------- C:\Documents and Settings\Owner\Application Data\ComcastToolbar
2008-06-22 18:59:42 0 d-------- C:\Program Files\TrueSwitchComcast
2008-06-22 18:59:11 0 d-------- C:\Documents and Settings\Owner\Application Data\TrueSwitch
2008-06-22 14:48:13 239192 --ahs---- C:\WINDOWS\system32\bIQrCfhk.ini2
2008-06-20 20:17:23 0 d-------- C:\Program Files\Common Files\Scanner
2008-06-09 14:21:55 854 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-06-07 02:41:02 0 d-------- C:\Program Files\The Weather Channel FW
2008-06-04 12:41:54 0 d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-06-02 18:26:31 0 d-------- C:\Program Files\ComcastToolbar
2008-06-02 08:46:22 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-05-29 06:36:39 584438 --ahs---- C:\WINDOWS\system32\YGOoqtwa.ini2
2008-05-29 06:36:12 584438 --ahs---- C:\WINDOWS\system32\NmWFOqss.ini2
2008-05-28 20:44:04 584862 --ahs---- C:\WINDOWS\system32\lnUwDJlm.ini2
2008-05-28 15:27:23 755 --ahs---- C:\WINDOWS\system32\bdfLoUvw.ini2
2008-05-27 20:41:55 344 --ahs---- C:\WINDOWS\system32\BccLRXbc.ini2
2008-05-27 15:24:59 607211 --ahs---- C:\WINDOWS\system32\HRCcLRqr.ini2
2008-05-24 20:44:50 344 --ahs---- C:\WINDOWS\system32\gjlknUtv.ini2
2008-05-23 13:10:40 696501 --ahs---- C:\WINDOWS\system32\mnpWFfhk.ini2
2008-05-23 12:44:02 90624 --a------ C:\WINDOWS\system32\gvempuxx.dll
2008-05-23 00:39:54 786136 --ahs---- C:\WINDOWS\system32\nmmmlRqr.ini2
2008-05-22 12:59:27 781825 --ahs---- C:\WINDOWS\system32\OWDNmnmp.ini2
2008-05-22 11:19:33 786321 --ahs---- C:\WINDOWS\system32\fNmnVyxx.ini2
2008-05-21 20:53:29 784501 --ahs---- C:\WINDOWS\system32\jSAJlnpo.ini2
2008-05-21 19:31:53 90112 --a------ C:\WINDOWS\system32\aquaugxp.dll
2008-05-21 19:11:17 90112 --a------ C:\WINDOWS\system32\rcgrvyjg.dll
2008-05-20 22:52:41 779454 --ahs---- C:\WINDOWS\system32\ijSsDJlm.ini2
2008-05-20 15:28:54 778010 --ahs---- C:\WINDOWS\system32\iPYceMoq.ini2
2008-05-20 14:15:47 344 --ahs---- C:\WINDOWS\system32\PYIOUvut.ini2
2008-05-18 16:18:17 1240133 --ahs---- C:\WINDOWS\system32\PoWFPXyb.ini2
2008-05-18 16:16:19 319808 --a------ C:\WINDOWS\system32\vtUlIxww.dll
2008-05-18 13:56:21 1238156 --ahs---- C:\WINDOWS\system32\xaaKkUvw.ini2
2008-05-16 14:35:06 1240052 --ahs---- C:\WINDOWS\system32\IhOqAcdd.ini2
2008-05-15 16:18:26 1223745 --ahs---- C:\WINDOWS\system32\mloWyGgh.ini2
2008-05-15 15:08:17 1224207 --ahs---- C:\WINDOWS\system32\CbLVwGgh.ini2
2008-05-15 12:49:49 1109768 --ahs---- C:\WINDOWS\system32\yycccccf.ini2
2008-05-15 10:32:48 0 d-------- C:\Documents and Settings\Owner\Application Data\Intuit
2008-05-14 15:27:45 1068876 --ahs---- C:\WINDOWS\system32\aKRYcfii.ini2
2008-05-14 15:24:53 344 --ahs---- C:\WINDOWS\system32\uvGOonnn.ini2
2008-05-13 15:06:07 949922 --ahs---- C:\WINDOWS\system32\SDNUCJlm.ini2
2008-05-13 06:21:55 948912 --ahs---- C:\WINDOWS\system32\JQsYcccf.ini2
2008-05-13 06:21:00 957753 --ahs---- C:\WINDOWS\system32\AGfgNXyb.ini2
2008-05-12 17:51:43 948842 --ahs---- C:\WINDOWS\system32\NmVvyyxx.ini2
2008-05-12 16:47:55 946121 --ahs---- C:\WINDOWS\system32\YbJQYcfe.ini2
2008-05-11 13:42:34 940502 --ahs---- C:\WINDOWS\system32\vwxHRqru.ini2
2008-05-11 13:41:26 91776 --a------ C:\WINDOWS\system32\ypedwyho.dll
2008-05-11 12:17:31 91776 --a------ C:\WINDOWS\system32\tehewcxh.dll
2008-05-11 08:58:32 939882 --ahs---- C:\WINDOWS\system32\RBeOnnnn.ini2
2008-05-11 00:29:03 938193 --ahs---- C:\WINDOWS\system32\deKjQqss.ini2
2008-05-10 22:46:19 7226 --ahs---- C:\WINDOWS\system32\nmlkQXbc.ini2
2008-05-10 03:27:03 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-10 03:26:48 29824 --a------ C:\WINDOWS\system32\opnlMcyV.dll
2008-05-07 12:00:53 0 d-------- C:\Program Files\Safari
2008-04-18 17:53:43 1080 --a------ C:\WINDOWS\AUTOLNCH.REG


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1BCDD095-1617-4E1E-9951-9283597C9594}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2283B6DA-EFE4-4D6D-AA35-D86575E9D70B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24726148-F342-4CB0-9B10-F3A5C6DD3C8D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41087C7C-0772-4E25-ADDD-7A92DA5867D0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{425C2FDF-C8FD-485A-9448-DAD95D426187}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5FC0832B-1DAB-46F0-995B-C1912E17BB60}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68D88A27-8FCB-4A65-8B25-687D6A143AED}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D73F205-96D3-4674-9C2C-A078891E1DBA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84FEBFF8-945B-4F9A-B9B8-B68EC5020770}]
05/10/2008 03:26 AM 29824 --a------ C:\WINDOWS\system32\opnlMcyV.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E6672C9-14F9-4302-8433-0B44032726D9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94925781-674D-4A57-9C1A-D92B7CEED5C2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F154E76-3D08-4FE9-87CF-AAAE82DD42BF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A4DD7839-79B1-4788-BE23-2658A4D0C60E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AEE80ED6-48E9-4992-BA12-12B5397FF850}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C08EB853-3FB5-437F-98DE-B6F4551D02B9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D261E0A4-E830-4598-811F-A760EDFC3198}]
06/26/2008 07:54 AM 321920 --a------ C:\WINDOWS\system32\awtustUo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f2906bef-420b-42de-9cb5-d77e14229b9f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F87510E4-4351-4B7C-823A-F86B7CE6CA0D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/21/2006 09:29 AM]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [08/04/2004 03:00 PM]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [11/15/2004 06:04 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"SoundMan"="SOUNDMAN.EXE" [04/15/2005 11:01 AM C:\WINDOWS\SOUNDMAN.EXE]
"ShowWnd"="ShowWnd.exe" [09/19/2003 12:09 PM C:\WINDOWS\ShowWnd.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 11:24 PM]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 02:50 PM]
"KPDrv4XP"="C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE" [02/21/2005 07:15 AM]
"KEMailKb"="C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE" [08/09/2005 04:27 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [12/11/2001 08:33 PM]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [04/19/2007 02:21 PM]
"CHotkey"="zHotkey.exe" [05/17/2004 09:30 PM C:\WINDOWS\zHotkey.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/18/2005 12:05 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"BM8b882bb1"="C:\WINDOWS\system32\uvpycoqv.dll" [06/17/2008 09:01 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"Yahoo! Pager"="1" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/13/2007 05:41 PM]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [06/10/2008 04:18 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"DelayShred"=c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\7BQ66IMX\HCTP_1~1.SH! C:\DOCUME~1\Owner\Cookies\OW3E75~1.SH! C:\DOCUME~1\Owner\Cookies\OW99DC~1.SH! C:\DOCUME~1\Owner\Cookies\OW4A71~1.SH! C:\DOCUME~1\Owner\Cookies\OW89D2~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\CHLRT665\APP_1_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\CHLRT665\NO_CON~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\CHLRT665\DW_PAS~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\CHLRT665\DC_1_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\CHLRT665\DW_PAS~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\VVK0J4DX\INDEX_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\VVK0J4DX\DW_PAS~1.SH! C:\DOCUME~1\Owner\Cookies\OWC390~1.SH! C:\DOCUME~1\Owner\Cookies\OW42B7~1.SH! C:\DOCUME~1\Owner\Cookies\OWF015~1.SH! C:\DOCUME~1\Owner\Cookies\OW189C~1.SH! C:\DOCUME~1\Owner\Cookies\OW4A6B~1.SH! C:\DOCUME~1\Owner\Cookies\OW0692~1.SH! C:\DOCUME~1\Owner\Cookies\OWB925~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\VPAKN8MX\KB4564~4.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\T8RAEQ4U\USER_1~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\VPAKN8MX\PRINT_~3.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\DXRZZHQF\363265~2.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\TM6RA4XD\A_DS_P~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\T8RAEQ4U\INDEX_~2.SH!

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2/11/2008 8:54:23 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{84FEBFF8-945B-4F9A-B9B8-B68EC5020770}"= C:\WINDOWS\system32\opnlMcyV.dll [05/10/2008 03:26 AM 29824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnlMcyV]
opnlMcyV.dll 05/10/2008 03:26 AM 29824 C:\WINDOWS\system32\opnlMcyV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtustUo

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ff28851-c8be-11d9-aca4-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ebe9b31-f8d8-11d9-a879-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8744 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-29 13:16:39 ------------




The extra log:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3200+
Percentage of Memory in Use: 78%
Physical Memory (total/avail): 382.48 MiB / 83.63 MiB
Pagefile Memory (total/avail): 918.49 MiB / 465.44 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1949.42 MiB

C: is Fixed (NTFS) - 89.84 GiB total, 59.95 GiB free.
D: is Fixed (FAT32) - 3.3 GiB total, 1.13 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3100011A - 93.16 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 89.84 GiB - C:
\PARTITION1 - Unknown - 3.31 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"="C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=EMACHINES
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\EMACHINES
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=EMACHINES
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Shasta (admin)
Nikki (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\common\unwise.exe /S C:\PROGRA~1\Yahoo!\common\install.log
--> C:\PROGRA~1\Yahoo!\common\unybase.exe
--> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\common\yaddbook.dll
--> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\common\ylogin.dll
--> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\common\ymmapi.dll
--> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\yhexbmes.dll
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avery DesignPro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}\setup.exe" -l0x9 -uninst
Avery Wizard 3.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{6B10045E-6789-49C4-BFED-52575F5B76BF}
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Comcast Toolbar --> C:\Program Files\ComcastToolbar\uninstall.exe
Dave Ramsey's Financial Peace Software --> "C:\Debt\Remove.exe" /U:"C:\Debt\Remove.log"
Desktop Doctor --> MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar12.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp deskjet 930c series (Remove only) --> C:\Program Files\hp deskjet 930c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=930c -huninstall
HP PrecisionScan LTX --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\Uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\HPUninstallIs.dll"
Internet Keyboard Elite --> C:\WINDOWS\UnInst32.exe KEMailKb.UNI
iPodder 2.0.5p --> C:\Program Files\iPodder\uninst.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
JumpStart Typing --> C:\WINDOWS\IsUninst.exe -fC:\KA\JSTYPING\DeIsL1.isu
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D695F627-7F16-429A-ACE7-57C535AC6ECB}\setup.exe" -l0x9
Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" -l0x9
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
QuickTime for Windows (32-bit) --> C:\WINDOWS\QTW32DEL.EXE
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Recovery Software Suite eMachines --> MsiExec.exe /I{15377C3E-9655-400F-B441-E69F0A6BEAFE}
RegCure 1.5.0.1 --> C:\Program Files\RegCure\uninst.exe
RegistryFix v6.4 --> "C:\Program Files\RegistryFix6\unins000.exe"
Safari --> MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0}
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Super Collapse! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A301896D-9F55-4492-B518-30EAC4C723E1}\setup.exe" -l0x9
The Weather Channel Desktop 6 --> C:\Program Files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
Travelaxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F0815A1-ABA6-41A6-8790-2A7198AA8ECD}\setup.exe"
TurboTax Deluxe 2007 --> C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
V CAST Music Manager --> C:\PROGRA~1\VERIZO~1\VCASTM~1\Setup.exe /remove /q0
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Weather Services --> C:\WINDOWS\system32\control.exe C:\PROGRA~1\THEWEA~1\FRAMEW~1\wxfw.cpl,4
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type5615 / Warning
Event Submitted/Written: 06/27/2008 00:42:25 AM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{6295DF2D-35EE-11D1-8707-00C04FD93327}. CoGetObject returned HRESULT 8000401A.

Event Record #/Type5601 / Error
Event Submitted/Written: 06/26/2008 08:37:28 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application TeaTimer.exe, version 1.5.2.16, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type5570 / Error
Event Submitted/Written: 06/25/2008 06:01:25 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application TeaTimer.exe, version 1.5.2.16, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type5565 / Error
Event Submitted/Written: 06/25/2008 07:16:10 AM / 06/25/2008 07:16:11 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type5544 / Error
Event Submitted/Written: 06/25/2008 00:40:42 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application spybotsd.exe, version 1.5.2.20, faulting module kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.
Processing media-specific event for [spybotsd.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type51758 / Error
Event Submitted/Written: 06/29/2008 10:49:08 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.

Event Record #/Type51741 / Error
Event Submitted/Written: 06/29/2008 10:41:09 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.0.6 for the Network Card with network address 0013D328234E has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type51738 / Error
Event Submitted/Written: 06/29/2008 08:41:40 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type51727 / Error
Event Submitted/Written: 06/29/2008 01:15:47 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type51726 / Error
Event Submitted/Written: 06/29/2008 01:12:55 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}



-- End of Deckard's System Scanner: finished at 2008-06-29 13:16:39 ------------

I have moved your Topic that includes a HijackThis log here to the Misplaced HJT Logs forum. You posted your log in a forum not intended for HijackThis logs analysis and probably missed the directions we provide to those who require assistance. We can only allow topics with such logs in the HijackThis Logs and Malware Removal forum. This restriction is to ensure you get the best help available, from those who specialize in malware anlaysis and removal. It also should prevent you from receiving ineffective or even potentially dangerous advice, whether well meaning or not.

Prior to posting a HJT log, we ask that you please read and follow all instructions in the pinned topic titled Preparation Guide For Use Before Posting A Hijackthis Log. Following the steps in this Guide will allow the HJT Team to quickly help you with specific fixes for what may remain on your system.

Please complete all the steps in the Guide. If you have performed some of them already, then just continue with the next. There are instructions for downloading and running Deckard's System Scanner (DSS) which will create a hijackthis log for you, or automatically download and install the most current version of HijackThis if it's not already installed on your computer.

Please note that it is important that Deckard's System Scanner be run and a log created while in normal mode. If you run it and create your log while in safe mode, you will be asked to redo it again properly. When you have completed those steps, start a new topic in the HijackThis Logs and Malware Removal forum as directed in the Guide to post a new log.

Please DO NOT post any more logs to this topic, or post a log again in the wrong forum.

The Misplaced HJT Logs forum is strictly a holding area where the BC Staff can assist you with preparations for and to properly post your log. If you have a question or encounter a problem in the Prep Guide, please do post back to this topic; that is what it is here for.

When your new HJT log is posted in the proper forum, please reply to this topic with a link to your new topic. Once that is done, a Member of the HJT Team will analyze your log and assist you with step by step instructions to clean your computer or otherwise advise what needs to be done.

Thanks for your cooperation and good luck.
The BC Staff

I am very sorry. It appears that I missed the instruction as to what forum to post in. I think you will find everything else though following the preparation guide. I printed the preparation guide off and was following this when making my post.

Should I post this exact message in a new post as it should have all the ingredients in your instructions.

Thanks so much for your help!

Brandon

Please create a new topic in the proper forum. Given that you have, excepting for posting location, followed all the directions, using the same content will work. You can copy and paste it if you wish.

Orange Blossom

I have reposted in the HijackThis Logs and Malware Removal forum

Here is the link:

http://www.bleepingcomputer.com/forums/topic155220.html

Brandon Lubbert

Hello Brandon,

Thank you for posting back with the link.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic. Good luck with your log.

The BC Staff