Trojans Galore! Please help!

D

dfrancis011

New member
I have been infected for a couple of months now with several Trojans and I'm getting desperate for help. I have all sorts of IE windows opening up that I can only close using Task Manager. I have some sort of .dll file that tries to open on start up that I have determined is part of a virus. Please show me the ways of the great malware removal gods. THANK YOU!

My HJT scan follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:55 PM, on 2/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\mpssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.viewpoint.com/landing/v37b.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1a305610-95f8-42ed-b918-4f24eb4df90f} - C:\WINDOWS\system32\pipiwuhi.dll
O2 - BHO: (no name) - {238ADBCD-4486-4645-B710-81CFE7621034} - (no file)
O2 - BHO: (no name) - {263ab450-2efe-4cc9-ac1f-973f179ecae8} - (no file)
O2 - BHO: (no name) - {36B819E9-EFB1-4A0E-83BC-0329A108FCF7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {77AB5974-55A3-4737-9FD5-B93C64307F78} - C:\WINDOWS\system32\alidtvbs.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\ukujkpr.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dibodedohu] Rundll32.exe "C:\WINDOWS\system32\miwajiho.dll",s
O4 - HKLM\..\Run: [CPM27577897] Rundll32.exe "c:\windows\system32\bodibuna.dll",a
O4 - HKLM\..\Run: [24644b0b] rundll32.exe "C:\WINDOWS\system32\fidavine.dll",b
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [dsapgmbj] c:\documents and settings\don\local settings\application data\dsapgmbj.exe dsapgmbj
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Don\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKUS\S-1-5-19\..\Run: [dibodedohu] Rundll32.exe "C:\WINDOWS\system32\miwajiho.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [dibodedohu] Rundll32.exe "C:\WINDOWS\system32\miwajiho.dll",s (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Google Updater.lnk.disabled
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.10/WinSSWebAgent.CAB
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} (GameTap Web Updater) - http://ll.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab
O16 - DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} (JInitiator 1.3.1.13) -
O20 - AppInit_DLLs: qxlhmd.dll vkwzzb.dll vdqnqz.dll gorjrj.dll wlhsgb.dll nyerhp.dll orrasm.dll jqfivg.dll C:\WINDOWS\system32\meridewa.dll ufcnhk.dll c:\windows\system32\bodibuna.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bodibuna.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bodibuna.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10460 bytes
 
Hi dfrancis011

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
 
Thanks Shaba!

I am posting the requested logs below and thanks for your help!

ComboFix 09-02-08.02 - Don 2009-02-10 1:41:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.605 [GMT -5:00]
Running from: C:\ComboFix.exe
AV: Norton AntiVirus *On-access scanning enabled* (Outdated)
AV: Windows Live OneCare Antivirus *On-access scanning enabled* (Outdated)
FW: Windows Live OneCare Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Don\Local Settings\Application Data\twtxuozyt.dat
c:\documents and settings\Don\Local Settings\Application Data\twtxuozyt.exe
c:\documents and settings\Don\Local Settings\Application Data\twtxuozyt_navps.dat
c:\windows\system32\afodupub.ini
c:\windows\system32\akvmekhn.dll
c:\windows\system32\akxvojok.ini
c:\windows\system32\alidtvbs.dll
c:\windows\system32\anisebal.ini
c:\windows\system32\arwhubkm.dll
c:\windows\system32\bhvorcvn.dll
c:\windows\system32\bkphdswf.ini
c:\windows\system32\bodibuna.dll
c:\windows\system32\byevupih.ini
c:\windows\system32\ccmiqdho.dll
c:\windows\system32\cghahkmp.ini
c:\windows\system32\crqcpmfy.dll
c:\windows\system32\cvpoolgl.ini
c:\windows\system32\daharubo.dll.tmp
c:\windows\system32\dddsjptv.dll
c:\windows\system32\ddvydluv.dll
c:\windows\system32\desoyahi.dll
c:\windows\system32\dskwetqw.dll
c:\windows\system32\dunuwopo.dll
c:\windows\system32\dwohsots.dll
c:\windows\system32\dxbjfjtq.ini
c:\windows\system32\egdups.dll
c:\windows\system32\egimanub.ini
c:\windows\system32\egukoubj.dll
c:\windows\system32\enivadif.ini
c:\windows\system32\fakuhazu.dll
c:\windows\system32\feyajute.dll
c:\windows\system32\fftyjrce.dll
c:\windows\system32\firowazo.dll
c:\windows\system32\fojawuka.dll.tmp
c:\windows\system32\foxubwos.dll
c:\windows\system32\ftxxtxxm.dll
c:\windows\system32\fubaneko.dll.tmp
c:\windows\system32\fwsdhpkb.dll
c:\windows\system32\fymhcpub.ini
c:\windows\system32\ghbvsldh.dll
c:\windows\system32\gorjrj.dll
c:\windows\system32\gukprmyv.ini
c:\windows\system32\gwvdlvsx.dll
c:\windows\system32\hamohive.dll
c:\windows\system32\hbevgsfg.dll
c:\windows\system32\hdlsvbhg.ini
c:\windows\system32\hflkvjqo.ini
c:\windows\system32\hheejckj.ini
c:\windows\system32\hipuveyb.dll
c:\windows\system32\hxoshxgs.dll
c:\windows\system32\igjyjg.dll
c:\windows\system32\iiridvgo.ini
c:\windows\system32\jcxugdjn.ini
c:\windows\system32\jderputy.dll
c:\windows\system32\jetsignj.ini
c:\windows\system32\jexweciu.dll
c:\windows\system32\jiledosa.dll.tmp
c:\windows\system32\jomtgmol.dll
c:\windows\system32\jqfivg.dll
c:\windows\system32\jqsiiayp.ini
c:\windows\system32\jvngivds.dll
c:\windows\system32\jxnrigbl.dll
c:\windows\system32\kewoboda.dll.tmp
c:\windows\system32\kizosewa.dll
c:\windows\system32\kphkpn.dll
c:\windows\system32\kqnnlr.dll
c:\windows\system32\krdnghyd.dll
c:\windows\system32\krtharvy.ini
c:\windows\system32\kubzrt.dll
c:\windows\system32\kvpqkvqd.dll
c:\windows\system32\lczcst.dll
c:\windows\system32\lgloopvc.dll
c:\windows\system32\lomgtmoj.ini
c:\windows\system32\lqaday.dll
c:\windows\system32\lrnghs.dll
c:\windows\system32\lrpcib.dll
c:\windows\system32\margltgh.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\meridewa.dll.tmp
c:\windows\system32\miwajiho.dll.tmp
c:\windows\system32\mkbuhwra.ini
c:\windows\system32\mlicpmdy.dll
c:\windows\system32\mqwgpdju.ini
c:\windows\system32\mslayefx.ini
c:\windows\system32\mxxtxxtf.ini
c:\windows\system32\nakonaze.dll
c:\windows\system32\nawobiti.dll.tmp
c:\windows\system32\nebpfdei.dll
c:\windows\system32\nhkemvka.ini
c:\windows\system32\nvcrovhb.ini
c:\windows\system32\nyerhp.dll
c:\windows\system32\ogvdirii.dll
c:\windows\system32\okzxns.dll
c:\windows\system32\olkphtiu.dll
c:\windows\system32\oroditfh.dll
c:\windows\system32\orrasm.dll
c:\windows\system32\ovnpiiyl.ini
c:\windows\system32\oxuxow.dll
c:\windows\system32\padktmau.dll
c:\windows\system32\pahiboji.dll
c:\windows\system32\pevkadcu.dll
c:\windows\system32\pipiwuhi.dll.tmp
c:\windows\system32\pjcxgcqw.ini
c:\windows\system32\pjwbkrxy.dll
c:\windows\system32\pmgouxjg.ini
c:\windows\system32\pmkhahgc.dll
c:\windows\system32\poaqsz.dll
c:\windows\system32\pojezija.dll.tmp
c:\windows\system32\pswklh.dll
c:\windows\system32\pyaiisqj.dll
c:\windows\system32\qasfvhgl.dll
c:\windows\system32\qtjfjbxd.dll
c:\windows\system32\qtjnss.dll
c:\windows\system32\rlhjwmkt.dll
c:\windows\system32\rmyhjesy.dll
c:\windows\system32\rntbbj.dll
c:\windows\system32\rokonuge.dll
c:\windows\system32\rqqvrllf.ini
c:\windows\system32\rsonqo.dll
c:\windows\system32\rvguzx.dll
c:\windows\system32\sdvignvj.ini
c:\windows\system32\sefswabr.dll
c:\windows\system32\septtupx.ini
c:\windows\system32\sgxhsoxh.ini
c:\windows\system32\sowbuxof.ini
c:\windows\system32\svgjolge.ini
c:\windows\system32\svpqcd.dll
c:\windows\system32\sxxmrfny.ini
c:\windows\system32\tigefeki.dll
c:\windows\system32\tkmwjhlr.ini
c:\windows\system32\UBbIkUvw.ini
c:\windows\system32\UBbIkUvw.ini2
c:\windows\system32\ufcnhk.dll
c:\windows\system32\ujndkedp.dll
c:\windows\system32\ulbbvvsn.dll
c:\windows\system32\unjdwsqy.ini
c:\windows\system32\usrwkofe.ini
c:\windows\system32\uvwcefbp.dll
c:\windows\system32\vdcovnpb.dll
c:\windows\system32\vdqnqz.dll
c:\windows\system32\vihlovlq.dll
c:\windows\system32\vkwzzb.dll
c:\windows\system32\vogujesi.dll.tmp
c:\windows\system32\vpaerrhe.dll
c:\windows\system32\vsulqsqm.ini
c:\windows\system32\vtpjsddd.ini
c:\windows\system32\vvfysank.ini
c:\windows\system32\vvqipe.dll
c:\windows\system32\vwpbevuk.dll
c:\windows\system32\vymrpkug.dll
c:\windows\system32\vyrhwx.dll
c:\windows\system32\wlhsgb.dll
c:\windows\system32\wlzyih.dll
c:\windows\system32\woeavmrg.ini
c:\windows\system32\wqtewksd.ini
c:\windows\system32\wvUkIbBU.dll
c:\windows\system32\xnrowp.dll
c:\windows\system32\xqoxxvar.ini
c:\windows\system32\xrkppdde.dll
c:\windows\system32\xsvldvwg.ini
c:\windows\system32\yaluvufa.dll.tmp
c:\windows\system32\ydthbjmq.ini
c:\windows\system32\yfurws.dll
c:\windows\system32\yfvsfidd.dll
c:\windows\system32\yiqsen.dll
c:\windows\system32\ynfrmxxs.dll
c:\windows\system32\ysejhymr.ini
c:\windows\system32\ytupredj.ini
c:\windows\system32\yuhodose.dll
c:\windows\system32\yvrahtrk.dll
c:\windows\system32\ywjogc.dll
c:\windows\system32\zavidegu.dll
c:\windows\system32\zibigihu.dll
c:\windows\system32\zlqkkn.dll
c:\windows\wiaserviv.log

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((( Files Created from 2009-01-10 to 2009-02-10 )))))))))))))))))))))))))))))))
.

2009-02-10 01:06 . 2009-02-10 01:06 2,919,117 -ra------ C:\ComboFix.exe
2009-02-08 12:21 . 2009-02-08 13:00 <DIR> d-------- C:\Sansa
2009-02-06 19:19 . 2009-02-06 19:19 <DIR> d-------- c:\program files\ERUNT
2009-02-05 10:49 . 2009-02-05 10:49 1,056 --a------ C:\Export
2009-02-03 23:13 . 2009-02-03 23:13 <DIR> d-------- c:\program files\The Weather Channel FW
2009-02-03 21:26 . 2009-02-03 21:26 <DIR> d-------- c:\program files\Common Files\xing shared
2009-02-03 21:23 . 2009-02-03 21:23 <DIR> d-------- c:\program files\Real
2009-02-03 19:12 . 2009-02-03 19:12 13,408 --a------ C:\2008_Federal_FAFSA.pdf
2009-02-03 00:51 . 2009-02-03 00:51 4,863 --a------ C:\Export (1).QIF
2009-02-03 00:50 . 2009-02-05 10:49 1,056 --a------ C:\Export.QIF
2009-02-03 00:45 . 2009-02-03 00:45 2,073 --a------ C:\Export.CSV
2009-02-02 23:43 . 2009-02-02 23:43 2,402,775 --a------ C:\mycheckbook-setup.exe
2009-01-31 13:12 . 2009-01-31 13:10 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-28 19:13 . 2009-01-28 19:13 <DIR> d-------- c:\program files\Opera
2009-01-15 14:31 . 2009-01-15 14:31 40,960 --a------ c:\windows\system32\jqgehrdy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-05 20:05 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-05 04:24 --------- d-----w c:\documents and settings\Don\Application Data\LimeWire
2009-02-04 02:26 --------- d-----w c:\program files\Common Files\Real
2009-02-04 02:25 --------- d-----w c:\program files\Common Files\csshare
2009-02-03 04:56 --------- d-----w c:\program files\Document
2009-02-02 07:09 --------- d-----w c:\program files\icuii
2009-01-31 18:10 --------- d-----w c:\program files\Java
2009-01-13 20:47 --------- d-----w c:\documents and settings\Brittany\Application Data\DivX
2009-01-08 02:19 --------- d-----w c:\documents and settings\Joseph\Application Data\DivX
2009-01-07 05:41 --------- d-----w c:\documents and settings\Don\Application Data\Azureus
2009-01-07 05:37 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2009-01-07 05:36 --------- d-----w c:\program files\Vuze
2009-01-07 05:22 --------- d-----w c:\program files\DivX
2009-01-01 04:03 --------- d-----w c:\documents and settings\Brittany\Application Data\LimeWire
2008-12-20 05:09 --------- d-----w c:\program files\Common Files\Adobe
2008-12-16 04:55 --------- d-----w c:\program files\Trend Micro
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]
"Google Update"="c:\documents and settings\Don\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-06 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-12-12 71328]
"NAV CfgWiz"="c:\program files\Common Files\Symantec Shared\CfgWiz.exe" [2003-08-15 124096]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2006-06-06 202032]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2006-05-28 100056]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-31 136600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-03 185896]

c:\documents and settings\Don\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinCinema Manager.lnk - c:\program files\Sandisk\Common\Bin\WinCinemaMgr.exe [2007-11-25 303104]
Google Updater.lnk.disabled [2007-08-13 920]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSMPSVC]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"dsapgmbj"=c:\documents and settings\don\local settings\application data\dsapgmbj.exe dsapgmbj
"twtxuozyt"=c:\documents and settings\don\local settings\application data\twtxuozyt.exe twtxuozyt
"Aim6"="c:\program files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SoundMan"=SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 MPSHLPR;MPSHLPR;c:\windows\system32\drivers\mpshlpr.sys [2006-02-09 107008]
R2 MPSDrv;MPSDrv;c:\windows\system32\drivers\mpsdrv.sys [2006-02-09 83200]
R2 mpssvc;Microsoft Protection Service;c:\program files\Microsoft Windows OneCare Live\Firewall\mpssvc.exe [2006-02-09 838888]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-02-26 24652]
S3 PciTest;WinMTA PCI Service;c:\windows\system32\drivers\pcitest.sys [2004-05-10 6912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f81e8f3-9253-11dd-9353-00038a000015}]
\Shell\AutoRun\command - e:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - e:\system\viewer\FlipVideoforPC.exe
.
Contents of the 'Scheduled Tasks' folder

2008-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826549902-1532422000-2314379556-1007.job
- c:\documents and settings\Don\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 00:33]

2009-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826549902-1532422000-2314379556-1008.job
- c:\documents and settings\Brittany\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-22 13:25]

2005-03-28 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Cindy.job
- c:\progra~1\NORTON~1\NAVW32.EXE [2003-12-04 17:22]

2009-02-07 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\Navw32.exe [2003-12-04 17:22]

2009-02-10 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-06-18 20:17]

2009-02-10 c:\windows\Tasks\znqcdnkl.job
- c:\windows\system32\efcYQiFu.dll [2009-01-04 02:48]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1a305610-95f8-42ed-b918-4f24eb4df90f} - c:\windows\system32\nakonaze.dll
BHO-{238ADBCD-4486-4645-B710-81CFE7621034} - (no file)
BHO-{263ab450-2efe-4cc9-ac1f-973f179ecae8} - (no file)
BHO-{36B819E9-EFB1-4A0E-83BC-0329A108FCF7} - (no file)
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKLM-Run-24644b0b - c:\windows\system32\fidavine.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.emachines.com/
uInternet Connection Wizard,ShellNext = hxxp://www.viewpoint.com/landing/v37b.html
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://ll.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab
FF - ProfilePath - c:\documents and settings\Don\Application Data\Mozilla\Firefox\Profiles\g0x035vn.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - component: c:\documents and settings\Don\Application Data\Mozilla\Firefox\Profiles\g0x035vn.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\documents and settings\Don\Application Data\Mozilla\Firefox\Profiles\g0x035vn.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - plugin: c:\documents and settings\Don\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJinit13113.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 01:53:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
c:\program files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton AntiVirus\NAVAPSVC.EXE
c:\program files\Norton AntiVirus\SAVSCAN.EXE
c:\windows\wanmpsvc.exe
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\program files\Microsoft Windows OneCare Live\winss.exe
c:\windows\system32\wscntfy.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2009-02-10 2:02:13 - machine was rebooted [Don]
ComboFix-quarantined-files.txt 2009-02-10 07:02:08

Pre-Run: 2,905,051,136 bytes free
Post-Run: 4,200,046,592 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

362 --- E O F --- 2008-12-12 06:10:20




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:06:03 AM, on 2/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\mpssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.viewpoint.com/landing/v37b.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Don\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Google Updater.lnk.disabled
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.10/WinSSWebAgent.CAB
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} (GameTap Web Updater) - http://ll.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab
O16 - DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} (JInitiator 1.3.1.13) -
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8957 bytes
 
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

uninstall-man.jpg


5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
 
Sansa Media Converter
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player 11
AIM 6
Apple Software Update
ArcSoft Software Suite
Bicycle Pinochle
CC_ccStart
ccCommon
CompuServe
ConvertHelper 2.1
Data Doctor Recovery Memory Card (Evaluation) 3.0.1.5
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Dr Watson for Microsoft Windows OneCare Live v1.0.0971.10
eMule
ERUNT 1.1j
Favorit
File Scavenger 3.2
GameTap Web Player
Google Updater
GraphicView 32
HijackThis 2.0.2
Hot Rod American Street Drag
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
ICQ
ICUII
Indeo® Software
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Java(TM) 6 Update 11
Jump
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 1.90 (Symantec Corporation)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Malware Protection Engine Files
Microsoft Malware Protection On Access Scanner
Microsoft National Language Support Downlevel APIs
Microsoft Protection Service
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows OneCare Live v1.0.0971.28
Microsoft Works 6.0
Mozilla Firefox (3.0.5)
MSRedist
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Napster
Napster Burn Engine
Need For Speed II
Netscape 6 (6.2.1)
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton WMI Update
OpenOffice.org Installer 1.0
Opera 9.63
Oracle JInitiator 1.3.1.13
Paint.NET v3.10
PicLens for Internet Explorer
PowerDVD
PX Engine
QuickTime
RealPlayer
Realtek AC'97 Audio
Rhapsody Player Engine
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
SoftV92 Data Fax Modem with SmartCP
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Symantec Script Blocking Installer
SymNet
Tweak UI
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
VC80CRTRedist - 8.0.50727.762
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Vuze
Winamp (remove only)
Windows Backup Utility
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinZip 11.1
WordPerfect Productivity Pack
Zoo Tycoon: Complete Collection
 
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

eMule
Vuze

I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new uninstall list scan when finished and post the log back here.
 
Thanks for letting me know, I wasn't even aware of these. My computer is used by myself and two others in my household. In fact when the Trojans began attacking it was after one of the other users had used the computer. Either way, thanks for telling me about them and here is the latest uninstall scan.

Sansa Media Converter
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player 11
AIM 6
Apple Software Update
ArcSoft Software Suite
Bicycle Pinochle
CC_ccStart
ccCommon
CompuServe
ConvertHelper 2.1
Data Doctor Recovery Memory Card (Evaluation) 3.0.1.5
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Dr Watson for Microsoft Windows OneCare Live v1.0.0971.10
ERUNT 1.1j
Favorit
File Scavenger 3.2
GameTap Web Player
Google Updater
GraphicView 32
HijackThis 2.0.2
Hot Rod American Street Drag
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
ICQ
ICUII
Indeo® Software
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Java(TM) 6 Update 11
Jump
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 1.90 (Symantec Corporation)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Malware Protection Engine Files
Microsoft Malware Protection On Access Scanner
Microsoft National Language Support Downlevel APIs
Microsoft Protection Service
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows OneCare Live v1.0.0971.28
Microsoft Works 6.0
Mozilla Firefox (3.0.5)
MSRedist
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Napster
Napster Burn Engine
Need For Speed II
Netscape 6 (6.2.1)
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton WMI Update
OpenOffice.org Installer 1.0
Opera 9.63
Oracle JInitiator 1.3.1.13
Paint.NET v3.10
PicLens for Internet Explorer
PowerDVD
PX Engine
QuickTime
RealPlayer
Realtek AC'97 Audio
Rhapsody Player Engine
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
SoftV92 Data Fax Modem with SmartCP
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Symantec Script Blocking Installer
SymNet
Tweak UI
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
VC80CRTRedist - 8.0.50727.762
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Winamp (remove only)
Windows Backup Utility
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinZip 11.1
WordPerfect Productivity Pack
Zoo Tycoon: Complete Collection
 
Open notepad and copy/paste the text in the codebox below into it:

Code: 
File::
c:\windows\Tasks\znqcdnkl.job

Folder::
c:\documents and settings\Don\Application Data\LimeWire
c:\documents and settings\Don\Application Data\Azureus
c:\documents and settings\All Users\Application Data\Azureus
c:\program files\Vuze
c:\documents and settings\Brittany\Application Data\LimeWire

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"dsapgmbj"=-
"twtxuozyt"=-

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
 
Here you go! Thanks . . .

ComboFix 09-02-12.03 - Don 2009-02-13 2:03:09.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.518 [GMT -5:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Outdated)
AV: Windows Live OneCare Antivirus *On-access scanning disabled* (Outdated)
FW: Windows Live OneCare Firewall *enabled*
* Created a new restore point

FILE ::
c:\windows\Tasks\znqcdnkl.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Azureus
c:\documents and settings\All Users\Application Data\Azureus\azCID.txt
c:\documents and settings\Brittany\Application Data\LimeWire
c:\documents and settings\Brittany\Application Data\LimeWire\414splashfree.png
c:\documents and settings\Brittany\Application Data\LimeWire\active.mojito
c:\documents and settings\Brittany\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Brittany\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Brittany\Application Data\LimeWire\downloads.dat
c:\documents and settings\Brittany\Application Data\LimeWire\fileurns.bak
c:\documents and settings\Brittany\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Brittany\Application Data\LimeWire\filters.props
c:\documents and settings\Brittany\Application Data\LimeWire\gnutella.net
c:\documents and settings\Brittany\Application Data\LimeWire\installation.props
c:\documents and settings\Brittany\Application Data\LimeWire\library.dat
c:\documents and settings\Brittany\Application Data\LimeWire\limewire.props
c:\documents and settings\Brittany\Application Data\LimeWire\mojito.props
c:\documents and settings\Brittany\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Brittany\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Brittany\Application Data\LimeWire\promotion\promodb.lck
c:\documents and settings\Brittany\Application Data\LimeWire\promotion\promodb.log
c:\documents and settings\Brittany\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Brittany\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Brittany\Application Data\LimeWire\questions.props
c:\documents and settings\Brittany\Application Data\LimeWire\responses.cache
c:\documents and settings\Brittany\Application Data\LimeWire\simpp.xml
c:\documents and settings\Brittany\Application Data\LimeWire\spam.dat
c:\documents and settings\Brittany\Application Data\LimeWire\tables.props
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\splashpro.png
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\Brittany\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\Brittany\Application Data\LimeWire\ttree.cache
c:\documents and settings\Brittany\Application Data\LimeWire\ttrees.cache
c:\documents and settings\Brittany\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Brittany\Application Data\LimeWire\version.xml
c:\documents and settings\Brittany\Application Data\LimeWire\versions.props
c:\documents and settings\Brittany\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\Brittany\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\Brittany\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\Brittany\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\Brittany\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\Brittany\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\Brittany\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\Brittany\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\Brittany\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\Brittany\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\Brittany\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\Brittany\Application Data\LimeWire\xml\schemas\video.xsd
c:\documents and settings\Don\Application Data\Azureus
c:\documents and settings\Don\Application Data\Azureus\.certs
c:\documents and settings\Don\Application Data\Azureus\.keystore
c:\documents and settings\Don\Application Data\Azureus\.lock
c:\documents and settings\Don\Application Data\Azureus\active\0483AC0DCFD4E79ED5DAD3394BCCDEE4EECDE87C.dat
c:\documents and settings\Don\Application Data\Azureus\active\0483AC0DCFD4E79ED5DAD3394BCCDEE4EECDE87C.dat.bak
c:\documents and settings\Don\Application Data\Azureus\active\cache.dat
c:\documents and settings\Don\Application Data\Azureus\azureus.config
c:\documents and settings\Don\Application Data\Azureus\azureus.config.bak
c:\documents and settings\Don\Application Data\Azureus\azureus.statistics
c:\documents and settings\Don\Application Data\Azureus\azureus.statistics.bak
c:\documents and settings\Don\Application Data\Azureus\dht\addresses.dat
c:\documents and settings\Don\Application Data\Azureus\dht\contacts.dat
c:\documents and settings\Don\Application Data\Azureus\dht\diverse.dat
c:\documents and settings\Don\Application Data\Azureus\dht\general.dat
c:\documents and settings\Don\Application Data\Azureus\dht\version.dat
c:\documents and settings\Don\Application Data\Azureus\downloads.config
c:\documents and settings\Don\Application Data\Azureus\downloads.config.bak
c:\documents and settings\Don\Application Data\Azureus\friends.config
c:\documents and settings\Don\Application Data\Azureus\ipfilter.cache
c:\documents and settings\Don\Application Data\Azureus\logs\alerts_1.log
c:\documents and settings\Don\Application Data\Azureus\logs\AutoSpeedSearchHistory_1.log
c:\documents and settings\Don\Application Data\Azureus\logs\debug_1.log
c:\documents and settings\Don\Application Data\Azureus\logs\Friends_1.log
c:\documents and settings\Don\Application Data\Azureus\logs\MetaSearch_1.log
c:\documents and settings\Don\Application Data\Azureus\logs\NetStatus_1.log
c:\documents and settings\Don\Application Data\Azureus\logs\seltrace_1.log
c:\documents and settings\Don\Application Data\Azureus\logs\Subscriptions_1.log
c:\documents and settings\Don\Application Data\Azureus\logs\thread_1.log
c:\documents and settings\Don\Application Data\Azureus\logs\v3.ads_1.log
c:\documents and settings\Don\Application Data\Azureus\logs\v3.CMsgr_1.log
c:\documents and settings\Don\Application Data\Azureus\logs\v3.emp_1.log
c:\documents and settings\Don\Application Data\Azureus\logs\v3.Friends_1.log
c:\documents and settings\Don\Application Data\Azureus\logs\v3.MD_1.log
c:\documents and settings\Don\Application Data\Azureus\logs\v3.PMsgr_1.log
c:\documents and settings\Don\Application Data\Azureus\logs\v3.Stream_1.log
c:\documents and settings\Don\Application Data\Azureus\media\azpd\ASB2YDOP2TTZ5VO22M4UXTG64TXM32D4.azpd
c:\documents and settings\Don\Application Data\Azureus\metasearch.config
c:\documents and settings\Don\Application Data\Azureus\metasearch.config.bak
c:\documents and settings\Don\Application Data\Azureus\net\pm_20115.dat
c:\documents and settings\Don\Application Data\Azureus\net\pm_default.dat
c:\documents and settings\Don\Application Data\Azureus\sidebarauto.config
c:\documents and settings\Don\Application Data\Azureus\subs\8DE6E5753F5ADF094F49.vuze
c:\documents and settings\Don\Application Data\Azureus\subs\95B34C1A1F40931D0972.vuze
c:\documents and settings\Don\Application Data\Azureus\subs\C812A6FF933B4196A2B4.vuze
c:\documents and settings\Don\Application Data\Azureus\subscriptions.config
c:\documents and settings\Don\Application Data\Azureus\subscriptions.config.bak
c:\documents and settings\Don\Application Data\Azureus\tables.config
c:\documents and settings\Don\Application Data\Azureus\tables.config.bak
c:\documents and settings\Don\Application Data\Azureus\timingstats.dat
c:\documents and settings\Don\Application Data\Azureus\tmp\AZU4991.tmp
c:\documents and settings\Don\Application Data\Azureus\tmp\AZU4992.tmp
c:\documents and settings\Don\Application Data\Azureus\tmp\AZU4993.tmp
c:\documents and settings\Don\Application Data\Azureus\tmp\AZU4994.tmp
c:\documents and settings\Don\Application Data\Azureus\tmp\AZU4995.tmp
c:\documents and settings\Don\Application Data\Azureus\tmp\AZU4996.tmp
c:\documents and settings\Don\Application Data\Azureus\tmp\AZU4997.tmp
c:\documents and settings\Don\Application Data\Azureus\tmp\AZU4998.tmp
c:\documents and settings\Don\Application Data\Azureus\tmp\AZU5000.tmp
c:\documents and settings\Don\Application Data\Azureus\torrents\AZU4999.tmp
c:\documents and settings\Don\Application Data\Azureus\tracker.config
c:\documents and settings\Don\Application Data\Azureus\tracker.config.bak
c:\documents and settings\Don\Application Data\Azureus\unsentdata.config
c:\documents and settings\Don\Application Data\Azureus\v3.Friends.dat
c:\documents and settings\Don\Application Data\Azureus\v3.Friends.dat.bak
c:\documents and settings\Don\Application Data\Azureus\VuzeActivities.config
c:\documents and settings\Don\Application Data\Azureus\VuzeActivities.config.bak
c:\documents and settings\Don\Application Data\LimeWire
c:\documents and settings\Don\Application Data\LimeWire\active.mojito
c:\documents and settings\Don\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Don\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Don\Application Data\LimeWire\downloads.dat
c:\documents and settings\Don\Application Data\LimeWire\fileurns.bak
c:\documents and settings\Don\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Don\Application Data\LimeWire\filters.props
c:\documents and settings\Don\Application Data\LimeWire\gnutella.net
c:\documents and settings\Don\Application Data\LimeWire\installation.props
c:\documents and settings\Don\Application Data\LimeWire\library.dat
c:\documents and settings\Don\Application Data\LimeWire\limewire.props
c:\documents and settings\Don\Application Data\LimeWire\mojito.props
c:\documents and settings\Don\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Don\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Don\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Don\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Don\Application Data\LimeWire\questions.props
c:\documents and settings\Don\Application Data\LimeWire\responses.cache
c:\documents and settings\Don\Application Data\LimeWire\simpp.xml
c:\documents and settings\Don\Application Data\LimeWire\spam.dat
c:\documents and settings\Don\Application Data\LimeWire\tables.props
c:\documents and settings\Don\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\Don\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\Don\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\Don\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\Don\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\Don\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\Don\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\Don\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\Don\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\Don\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\Don\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\Don\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\Don\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\Don\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\Don\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\Don\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\Don\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\Don\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\Don\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\Don\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\Don\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\Don\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\Don\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\Don\Application Data\LimeWire\ttrees.cache
c:\documents and settings\Don\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Don\Application Data\LimeWire\version.xml
c:\documents and settings\Don\Application Data\LimeWire\versions.props
c:\documents and settings\Don\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\Don\Application Data\LimeWire\xml\data\video.sxml2
c:\program files\Vuze
c:\program files\Vuze\plugins\azemp\azemp_2.0.32.jar
c:\program files\Vuze\plugins\azemp\azemp_2.0.32.zip
c:\program files\Vuze\plugins\azemp\azmplay.exe.bak
c:\program files\Vuze\plugins\azemp\cp1250-a.raw.bak
c:\program files\Vuze\plugins\azemp\cp1250-b.raw.bak
c:\program files\Vuze\plugins\azemp\font.desc.bak
c:\program files\Vuze\plugins\azemp\mplayer\config
c:\program files\Vuze\plugins\azemp\osd-mplayer-a.raw.bak
c:\program files\Vuze\plugins\azemp\osd-mplayer-b.raw.bak
c:\program files\Vuze\plugins\azemp\plugin.properties_2.0.32

.
((((((((((((((((((((((((( Files Created from 2009-01-13 to 2009-02-13 )))))))))))))))))))))))))))))))
.

2009-02-13 01:59 . 2009-02-13 01:59 2,921,379 -ra------ C:\ComboFix.exe
2009-02-10 18:34 . 2009-02-10 18:34 <DIR> d-------- C:\TELEMARKETING_files
2009-02-10 18:34 . 2009-02-10 18:34 4,140 --a------ C:\TELEMARKETING.htm
2009-02-10 02:42 . 2009-02-10 02:42 197 --a------ c:\windows\system32\MRT.INI
2009-02-08 12:21 . 2009-02-08 13:00 <DIR> d-------- C:\Sansa
2009-02-06 19:19 . 2009-02-06 19:19 <DIR> d-------- c:\program files\ERUNT
2009-02-05 10:49 . 2009-02-05 10:49 1,056 --a------ C:\Export
2009-02-03 23:13 . 2009-02-03 23:13 <DIR> d-------- c:\program files\The Weather Channel FW
2009-02-03 21:26 . 2009-02-03 21:26 <DIR> d-------- c:\program files\Common Files\xing shared
2009-02-03 21:23 . 2009-02-03 21:23 <DIR> d-------- c:\program files\Real
2009-02-03 19:12 . 2009-02-03 19:12 13,408 --a------ C:\2008_Federal_FAFSA.pdf
2009-02-03 00:51 . 2009-02-03 00:51 4,863 --a------ C:\Export (1).QIF
2009-02-03 00:50 . 2009-02-05 10:49 1,056 --a------ C:\Export.QIF
2009-02-03 00:45 . 2009-02-03 00:45 2,073 --a------ C:\Export.CSV
2009-02-02 23:43 . 2009-02-02 23:43 2,402,775 --a------ C:\mycheckbook-setup.exe
2009-01-31 13:12 . 2009-01-31 13:10 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-28 19:13 . 2009-01-28 19:13 <DIR> d-------- c:\program files\Opera
2009-01-15 14:31 . 2009-01-15 14:31 40,960 --a------ c:\windows\system32\jqgehrdy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-13 05:35 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-11 21:49 --------- d-----w c:\program files\eMule
2009-02-04 02:26 --------- d-----w c:\program files\Common Files\Real
2009-02-04 02:25 --------- d-----w c:\program files\Common Files\csshare
2009-02-03 04:56 --------- d-----w c:\program files\Document
2009-02-02 07:09 --------- d-----w c:\program files\icuii
2009-01-31 18:10 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-31 18:10 --------- d-----w c:\program files\Java
2009-01-13 20:47 --------- d-----w c:\documents and settings\Brittany\Application Data\DivX
2009-01-08 02:19 --------- d-----w c:\documents and settings\Joseph\Application Data\DivX
2009-01-07 05:22 --------- d-----w c:\program files\DivX
2009-01-01 03:07 129,024 ----a-w c:\windows\system32\poegsmvl.dll
2009-01-01 03:07 129,024 ----a-w c:\windows\system32\ayyrxu.dll
2009-01-01 03:01 72,704 ----a-w c:\windows\system32\wqcgxcjp.dll
2008-12-31 03:01 129,024 ----a-w c:\windows\system32\torbwg.dll
2008-12-31 03:01 129,024 ----a-w c:\windows\system32\qhgadedb.dll
2008-12-31 02:57 72,704 ----a-w c:\windows\system32\efokwrsu.dll
2008-12-29 16:04 129,024 ----a-w c:\windows\system32\qzsybu.dll
2008-12-29 16:04 129,024 ----a-w c:\windows\system32\irdanupy.dll
2008-12-29 16:01 72,704 ----a-w c:\windows\system32\xputtpes.dll
2008-12-28 23:04 129,024 ----a-w c:\windows\system32\sdokxcfl.dll
2008-12-28 23:04 129,024 ----a-w c:\windows\system32\jknrlx.dll
2008-12-27 20:33 129,024 ----a-w c:\windows\system32\exwcvfus.dll
2008-12-27 20:33 129,024 ----a-w c:\windows\system32\bqvfbz.dll
2008-12-27 20:30 72,704 ----a-w c:\windows\system32\xfeyalsm.dll
2008-12-26 13:49 129,024 ----a-w c:\windows\system32\zqywsc.dll
2008-12-26 13:49 129,024 ----a-w c:\windows\system32\vwhvjmuf.dll
2008-12-26 13:46 72,704 ----a-w c:\windows\system32\yqswdjnu.dll
2008-12-24 02:03 72,704 ----a-w c:\windows\system32\kojovxka.dll
2008-12-23 01:43 72,704 ----a-w c:\windows\system32\knasyfvv.dll
2008-12-22 01:27 129,024 ----a-w c:\windows\system32\xmhnmu.dll
2008-12-22 01:27 129,024 ----a-w c:\windows\system32\krtwvgwd.dll
2008-12-22 01:24 72,704 ----a-w c:\windows\system32\qmjbhtdy.dll
2008-12-20 23:19 72,704 ----a-w c:\windows\system32\ujdpgwqm.dll
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-20 05:09 --------- d-----w c:\program files\Common Files\Adobe
2008-12-19 23:28 72,704 ----a-w c:\windows\system32\njdguxcj.dll
2008-12-18 23:24 129,024 ----a-w c:\windows\system32\injjbe.dll
2008-12-18 23:24 129,024 ----a-w c:\windows\system32\eekrqtsh.dll
2008-12-17 23:21 129,024 ----a-w c:\windows\system32\rpzawh.dll
2008-12-17 23:21 129,024 ----a-w c:\windows\system32\ltfyhcqm.dll
2008-12-17 04:39 72,704 ----a-w c:\windows\system32\gjxuogmp.dll
2008-12-17 04:36 129,024 ----a-w c:\windows\system32\filueu.dll
2008-12-17 04:36 129,024 ----a-w c:\windows\system32\brvpajhp.dll
2008-12-16 04:55 --------- d-----w c:\program files\Trend Micro
2008-12-16 03:21 72,704 ----a-w c:\windows\system32\bupchmyf.dll
2008-12-15 05:06 129,024 ----a-w c:\windows\system32\djvdywbc.dll
2008-12-15 02:08 129,024 ----a-w c:\windows\system32\plrspw.dll
2008-12-15 02:08 129,024 ----a-w c:\windows\system32\dwjfkpeu.dll
2008-12-15 01:53 34,816 ------w c:\windows\system32\fccywwtR.dll
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-02-10_ 1.59.48.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 17:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\2-11-2009\ERDNT.EXE
+ 2009-02-11 21:27:44 8,470,528 ----a-w c:\windows\ERDNT\AutoBackup\2-11-2009\Users\00000001\NTUSER.DAT
+ 2009-02-11 21:27:45 274,432 ----a-w c:\windows\ERDNT\AutoBackup\2-11-2009\Users\00000002\UsrClass.dat
+ 2005-10-20 17:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\2-13-2009\ERDNT.EXE
+ 2009-02-13 05:52:50 8,470,528 ----a-w c:\windows\ERDNT\AutoBackup\2-13-2009\Users\00000001\NTUSER.DAT
+ 2009-02-13 05:52:51 274,432 ----a-w c:\windows\ERDNT\AutoBackup\2-13-2009\Users\00000002\UsrClass.dat
+ 2008-10-17 07:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
+ 2008-10-16 20:38:34 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll
+ 2008-10-16 20:38:34 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
+ 2008-10-16 20:38:34 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
+ 2008-10-16 20:38:35 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll
+ 2008-10-16 13:11:09 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
+ 2008-10-16 20:38:35 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
+ 2008-10-16 20:38:35 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
+ 2008-10-16 20:38:35 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
+ 2008-10-16 20:38:37 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
+ 2008-10-16 20:38:37 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
+ 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
+ 2008-10-16 20:38:38 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
+ 2008-10-16 20:38:38 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll
+ 2008-10-16 20:38:39 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll
+ 2008-10-16 20:38:39 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll
+ 2008-10-16 20:38:39 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
+ 2008-10-16 20:38:39 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll
+ 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
+ 2008-10-16 20:38:39 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
+ 2008-10-16 20:38:40 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll
- 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-12-20 23:15:11 124,928 ----a-w c:\windows\system32\advpack.dll
- 2009-02-10 06:00:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-02-10 07:00:14 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-10 06:00:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-10 07:00:14 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-10 06:00:08 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009021020090211\index.dat
+ 2009-02-10 07:00:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009021020090211\index.dat
- 2009-02-10 06:00:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-10 07:00:14 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-16 20:38:34 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2008-12-20 23:15:11 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
- 2008-10-16 20:38:34 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-10-16 20:38:34 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
- 2008-10-16 20:38:35 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-12-20 23:15:13 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
- 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-12-20 23:15:13 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-10-16 13:11:09 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-10-16 20:38:35 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
- 2008-10-16 20:38:35 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
- 2008-10-15 07:04:53 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
+ 2008-12-19 05:23:56 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
- 2008-10-16 20:38:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-12-20 23:15:15 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-10-16 20:38:35 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-12-20 23:15:21 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-10-16 20:38:37 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
+ 2008-12-20 23:15:21 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
- 2008-10-16 20:38:37 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-12-20 23:15:22 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2008-12-19 05:25:25 634,024 -c----w c:\windows\system32\dllcache\iexplore.exe
- 2008-10-16 20:38:37 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
- 2008-10-16 20:38:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-12-20 23:15:23 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-10-16 20:38:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-12-20 23:15:24 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-10-17 07:08:40 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-17 02:35:14 3,594,752 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-10-16 20:38:38 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2008-10-16 20:38:38 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2008-12-20 23:15:31 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
- 2008-10-16 20:38:39 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
+ 2008-12-20 23:15:32 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
- 2008-10-16 20:38:39 102,912 -c----w c:\windows\system32\dllcache\occache.dll
+ 2008-12-20 23:15:38 102,912 -c----w c:\windows\system32\dllcache\occache.dll
- 2008-10-16 20:38:39 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
- 2008-08-28 10:04:17 333,056 -c----w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 11:57:21 333,184 -c----w c:\windows\system32\dllcache\srv.sys
- 2008-10-16 20:38:39 105,984 -c----w c:\windows\system32\dllcache\url.dll
+ 2008-12-20 23:15:39 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2008-10-16 20:38:39 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2008-12-20 23:15:40 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2008-10-16 20:38:40 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-12-20 23:15:41 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
- 2008-08-28 10:04:17 333,056 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-12-11 11:57:21 333,184 ----a-w c:\windows\system32\drivers\srv.sys
- 2008-10-16 20:38:34 347,136 ------w c:\windows\system32\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 ------w c:\windows\system32\dxtmsft.dll
- 2008-10-16 20:38:34 214,528 ------w c:\windows\system32\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 ------w c:\windows\system32\dxtrans.dll
- 2008-10-16 20:38:35 133,120 ------w c:\windows\system32\extmgr.dll
+ 2008-12-20 23:15:13 133,120 ------w c:\windows\system32\extmgr.dll
- 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-12-20 23:15:13 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-10-16 13:11:09 70,656 ------w c:\windows\system32\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 ------w c:\windows\system32\ie4uinit.exe
- 2008-10-16 20:38:35 153,088 ------w c:\windows\system32\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 ------w c:\windows\system32\ieakeng.dll
- 2008-10-16 20:38:35 230,400 ------w c:\windows\system32\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 ------w c:\windows\system32\ieaksie.dll
- 2008-10-15 07:04:53 161,792 ------w c:\windows\system32\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ------w c:\windows\system32\ieakui.dll
- 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-12-20 23:15:15 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-10-16 20:38:35 384,512 ------w c:\windows\system32\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 ------w c:\windows\system32\iedkcs32.dll
- 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-12-20 23:15:21 6,066,688 ----a-w c:\windows\system32\ieframe.dll
- 2008-10-16 20:38:37 44,544 ------w c:\windows\system32\iernonce.dll
+ 2008-12-20 23:15:21 44,544 ------w c:\windows\system32\iernonce.dll
- 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-12-20 23:15:22 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
- 2008-01-19 08:42:40 74,649 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-02-10 07:25:49 88,590 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe
- 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-12-20 23:15:23 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-12-20 23:15:24 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-10-17 07:08:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2009-01-17 02:35:14 3,594,752 ----a-w c:\windows\system32\mshtml.dll
- 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-10-16 20:38:38 193,024 ------w c:\windows\system32\msrating.dll
+ 2008-12-20 23:15:31 193,024 ------w c:\windows\system32\msrating.dll
- 2008-10-16 20:38:39 671,232 ------w c:\windows\system32\mstime.dll
+ 2008-12-20 23:15:32 671,232 ------w c:\windows\system32\mstime.dll
- 2008-10-16 20:38:39 102,912 ------w c:\windows\system32\occache.dll
+ 2008-12-20 23:15:38 102,912 ------w c:\windows\system32\occache.dll
- 2008-10-16 20:38:39 44,544 ------w c:\windows\system32\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 ------w c:\windows\system32\pngfilt.dll
- 2007-07-27 14:41:40 16,760 ------w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
- 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-12-20 23:15:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-12-20 23:15:40 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2009-02-13 05:30:18 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_418.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]
"Google Update"="c:\documents and settings\Don\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-06 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-12-12 71328]
"NAV CfgWiz"="c:\program files\Common Files\Symantec Shared\CfgWiz.exe" [2003-08-15 124096]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2006-06-06 202032]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2006-05-28 100056]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-31 136600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-03 185896]

c:\documents and settings\Don\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinCinema Manager.lnk - c:\program files\Sandisk\Common\Bin\WinCinemaMgr.exe [2007-11-25 303104]
Google Updater.lnk.disabled [2007-08-13 920]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSMPSVC]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"="c:\program files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SoundMan"=SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 MPSHLPR;MPSHLPR;c:\windows\system32\drivers\mpshlpr.sys [2006-02-09 107008]
R2 MPSDrv;MPSDrv;c:\windows\system32\drivers\mpsdrv.sys [2006-02-09 83200]
R2 mpssvc;Microsoft Protection Service;c:\program files\Microsoft Windows OneCare Live\Firewall\mpssvc.exe [2006-02-09 838888]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-02-26 24652]
S3 PciTest;WinMTA PCI Service;c:\windows\system32\drivers\pcitest.sys [2004-05-10 6912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f81e8f3-9253-11dd-9353-00038a000015}]
\Shell\AutoRun\command - e:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - e:\system\viewer\FlipVideoforPC.exe
.
Contents of the 'Scheduled Tasks' folder

2008-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826549902-1532422000-2314379556-1007.job
- c:\documents and settings\Don\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 00:33]

2009-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826549902-1532422000-2314379556-1008.job
- c:\documents and settings\Brittany\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-22 13:25]

2005-03-28 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Cindy.job
- c:\progra~1\NORTON~1\NAVW32.EXE [2003-12-04 17:22]

2009-02-07 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\Navw32.exe [2003-12-04 17:22]

2009-02-13 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-06-18 20:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.emachines.com/
uInternet Connection Wizard,ShellNext = hxxp://www.viewpoint.com/landing/v37b.html
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://ll.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab
FF - ProfilePath - c:\documents and settings\Don\Application Data\Mozilla\Firefox\Profiles\g0x035vn.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - component: c:\documents and settings\Don\Application Data\Mozilla\Firefox\Profiles\g0x035vn.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\documents and settings\Don\Application Data\Mozilla\Firefox\Profiles\g0x035vn.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJinit13113.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-13 02:08:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-13 2:11:51
ComboFix-quarantined-files.txt 2009-02-13 07:11:28
ComboFix2.txt 2009-02-10 07:02:25

Pre-Run: 3,827,396,608 bytes free
Post-Run: 3,805,011,968 bytes free

570 --- E O F --- 2009-02-11 22:03:19





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:07 AM, on 2/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\mpssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.viewpoint.com/landing/v37b.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Don\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Google Updater.lnk.disabled
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.10/WinSSWebAgent.CAB
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} (GameTap Web Updater) - http://ll.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab
O16 - DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} (JInitiator 1.3.1.13) -
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8891 bytes
 
Open notepad and copy/paste the text in the codebox below into it:

Code: 
File::
c:\windows\system32\poegsmvl.dll
c:\windows\system32\ayyrxu.dll
c:\windows\system32\wqcgxcjp.dll
c:\windows\system32\torbwg.dll
c:\windows\system32\qhgadedb.dll
c:\windows\system32\efokwrsu.dll
c:\windows\system32\qzsybu.dll
c:\windows\system32\irdanupy.dll
c:\windows\system32\xputtpes.dll
c:\windows\system32\sdokxcfl.dll
c:\windows\system32\jknrlx.dll
c:\windows\system32\exwcvfus.dll
c:\windows\system32\bqvfbz.dll
c:\windows\system32\xfeyalsm.dll
c:\windows\system32\zqywsc.dll
c:\windows\system32\vwhvjmuf.dll
c:\windows\system32\yqswdjnu.dll
c:\windows\system32\kojovxka.dll
c:\windows\system32\knasyfvv.dll
c:\windows\system32\xmhnmu.dll
c:\windows\system32\krtwvgwd.dll
c:\windows\system32\qmjbhtdy.dll
c:\windows\system32\ujdpgwqm.dll
c:\windows\system32\njdguxcj.dll
c:\windows\system32\injjbe.dll
c:\windows\system32\eekrqtsh.dll
c:\windows\system32\rpzawh.dll
c:\windows\system32\ltfyhcqm.dll
c:\windows\system32\gjxuogmp.dll
c:\windows\system32\filueu.dll
c:\windows\system32\brvpajhp.dll
c:\windows\system32\bupchmyf.dll
c:\windows\system32\djvdywbc.dll
c:\windows\system32\plrspw.dll
c:\windows\system32\dwjfkpeu.dll
c:\windows\system32\fccywwtR.dll

Folder::
c:\program files\eMule

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
 
What about these? Please advise.
C:\Documents and Settings\Joseph\Application Data\LimeWire
C:\Documents and Settings\Drake\Application Data\LimeWire

Your requests follow.



ComboFix 09-02-12.03 - Don 2009-02-13 17:40:22.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.627 [GMT -5:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Outdated)
AV: Windows Live OneCare Antivirus *On-access scanning disabled* (Outdated)
FW: Windows Live OneCare Firewall *enabled*
* Created a new restore point

FILE ::
c:\windows\system32\ayyrxu.dll
c:\windows\system32\bqvfbz.dll
c:\windows\system32\brvpajhp.dll
c:\windows\system32\bupchmyf.dll
c:\windows\system32\djvdywbc.dll
c:\windows\system32\dwjfkpeu.dll
c:\windows\system32\eekrqtsh.dll
c:\windows\system32\efokwrsu.dll
c:\windows\system32\exwcvfus.dll
c:\windows\system32\fccywwtR.dll
c:\windows\system32\filueu.dll
c:\windows\system32\gjxuogmp.dll
c:\windows\system32\injjbe.dll
c:\windows\system32\irdanupy.dll
c:\windows\system32\jknrlx.dll
c:\windows\system32\knasyfvv.dll
c:\windows\system32\kojovxka.dll
c:\windows\system32\krtwvgwd.dll
c:\windows\system32\ltfyhcqm.dll
c:\windows\system32\njdguxcj.dll
c:\windows\system32\plrspw.dll
c:\windows\system32\poegsmvl.dll
c:\windows\system32\qhgadedb.dll
c:\windows\system32\qmjbhtdy.dll
c:\windows\system32\qzsybu.dll
c:\windows\system32\rpzawh.dll
c:\windows\system32\sdokxcfl.dll
c:\windows\system32\torbwg.dll
c:\windows\system32\ujdpgwqm.dll
c:\windows\system32\vwhvjmuf.dll
c:\windows\system32\wqcgxcjp.dll
c:\windows\system32\xfeyalsm.dll
c:\windows\system32\xmhnmu.dll
c:\windows\system32\xputtpes.dll
c:\windows\system32\yqswdjnu.dll
c:\windows\system32\zqywsc.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\eMule
c:\windows\system32\ayyrxu.dll
c:\windows\system32\bqvfbz.dll
c:\windows\system32\brvpajhp.dll
c:\windows\system32\bupchmyf.dll
c:\windows\system32\djvdywbc.dll
c:\windows\system32\dwjfkpeu.dll
c:\windows\system32\eekrqtsh.dll
c:\windows\system32\efokwrsu.dll
c:\windows\system32\exwcvfus.dll
c:\windows\system32\fccywwtR.dll
c:\windows\system32\filueu.dll
c:\windows\system32\gjxuogmp.dll
c:\windows\system32\injjbe.dll
c:\windows\system32\irdanupy.dll
c:\windows\system32\jknrlx.dll
c:\windows\system32\knasyfvv.dll
c:\windows\system32\kojovxka.dll
c:\windows\system32\krtwvgwd.dll
c:\windows\system32\ltfyhcqm.dll
c:\windows\system32\njdguxcj.dll
c:\windows\system32\plrspw.dll
c:\windows\system32\poegsmvl.dll
c:\windows\system32\qhgadedb.dll
c:\windows\system32\qmjbhtdy.dll
c:\windows\system32\qzsybu.dll
c:\windows\system32\rpzawh.dll
c:\windows\system32\sdokxcfl.dll
c:\windows\system32\torbwg.dll
c:\windows\system32\ujdpgwqm.dll
c:\windows\system32\vwhvjmuf.dll
c:\windows\system32\wqcgxcjp.dll
c:\windows\system32\xfeyalsm.dll
c:\windows\system32\xmhnmu.dll
c:\windows\system32\xputtpes.dll
c:\windows\system32\yqswdjnu.dll
c:\windows\system32\zqywsc.dll

.
((((((((((((((((((((((((( Files Created from 2009-01-13 to 2009-02-13 )))))))))))))))))))))))))))))))
.

2009-02-13 01:59 . 2009-02-13 01:59 2,921,379 -ra------ C:\ComboFix.exe
2009-02-10 18:34 . 2009-02-10 18:34 <DIR> d-------- C:\TELEMARKETING_files
2009-02-10 18:34 . 2009-02-10 18:34 4,140 --a------ C:\TELEMARKETING.htm
2009-02-10 02:42 . 2009-02-10 02:42 197 --a------ c:\windows\system32\MRT.INI
2009-02-08 12:21 . 2009-02-08 13:00 <DIR> d-------- C:\Sansa
2009-02-06 19:19 . 2009-02-06 19:19 <DIR> d-------- c:\program files\ERUNT
2009-02-03 23:13 . 2009-02-03 23:13 <DIR> d-------- c:\program files\The Weather Channel FW
2009-02-03 21:26 . 2009-02-03 21:26 <DIR> d-------- c:\program files\Common Files\xing shared
2009-02-03 21:23 . 2009-02-03 21:23 <DIR> d-------- c:\program files\Real
2009-02-03 19:12 . 2009-02-03 19:12 13,408 --a------ C:\2008_Federal_FAFSA.pdf
2009-02-02 23:43 . 2009-02-02 23:43 2,402,775 --a------ C:\mycheckbook-setup.exe
2009-01-31 13:12 . 2009-01-31 13:10 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-28 19:13 . 2009-01-28 19:13 <DIR> d-------- c:\program files\Opera
2009-01-15 14:31 . 2009-01-15 14:31 40,960 --a------ c:\windows\system32\jqgehrdy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-13 05:35 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-04 02:26 --------- d-----w c:\program files\Common Files\Real
2009-02-04 02:25 --------- d-----w c:\program files\Common Files\csshare
2009-02-03 04:56 --------- d-----w c:\program files\Document
2009-02-02 07:09 --------- d-----w c:\program files\icuii
2009-01-31 18:10 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-31 18:10 --------- d-----w c:\program files\Java
2009-01-13 20:47 --------- d-----w c:\documents and settings\Brittany\Application Data\DivX
2009-01-08 02:19 --------- d-----w c:\documents and settings\Joseph\Application Data\DivX
2009-01-07 05:22 --------- d-----w c:\program files\DivX
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-20 05:09 --------- d-----w c:\program files\Common Files\Adobe
2008-12-16 04:55 --------- d-----w c:\program files\Trend Micro
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-02-13_ 2.09.22.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-13 22:18:15 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4a8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]
"Google Update"="c:\documents and settings\Don\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-06 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-12-12 71328]
"NAV CfgWiz"="c:\program files\Common Files\Symantec Shared\CfgWiz.exe" [2003-08-15 124096]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2006-06-06 202032]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2006-05-28 100056]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-31 136600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-03 185896]

c:\documents and settings\Don\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinCinema Manager.lnk - c:\program files\Sandisk\Common\Bin\WinCinemaMgr.exe [2007-11-25 303104]
Google Updater.lnk.disabled [2007-08-13 920]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSMPSVC]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"="c:\program files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SoundMan"=SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 MPSHLPR;MPSHLPR;c:\windows\system32\drivers\mpshlpr.sys [2006-02-09 107008]
R2 MPSDrv;MPSDrv;c:\windows\system32\drivers\mpsdrv.sys [2006-02-09 83200]
R2 mpssvc;Microsoft Protection Service;c:\program files\Microsoft Windows OneCare Live\Firewall\mpssvc.exe [2006-02-09 838888]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-02-26 24652]
S3 PciTest;WinMTA PCI Service;c:\windows\system32\drivers\pcitest.sys [2004-05-10 6912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f81e8f3-9253-11dd-9353-00038a000015}]
\Shell\AutoRun\command - e:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - e:\system\viewer\FlipVideoforPC.exe
.
Contents of the 'Scheduled Tasks' folder

2008-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826549902-1532422000-2314379556-1007.job
- c:\documents and settings\Don\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 00:33]

2009-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826549902-1532422000-2314379556-1008.job
- c:\documents and settings\Brittany\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-22 13:25]

2005-03-28 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Cindy.job
- c:\progra~1\NORTON~1\NAVW32.EXE [2003-12-04 17:22]

2009-02-07 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\Navw32.exe [2003-12-04 17:22]

2009-02-13 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-06-18 20:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.emachines.com/
uInternet Connection Wizard,ShellNext = hxxp://www.viewpoint.com/landing/v37b.html
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://ll.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab
FF - ProfilePath - c:\documents and settings\Don\Application Data\Mozilla\Firefox\Profiles\g0x035vn.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - component: c:\documents and settings\Don\Application Data\Mozilla\Firefox\Profiles\g0x035vn.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\documents and settings\Don\Application Data\Mozilla\Firefox\Profiles\g0x035vn.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-13 17:44:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-13 17:47:55
ComboFix-quarantined-files.txt 2009-02-13 22:47:34
ComboFix2.txt 2009-02-13 07:11:56
ComboFix3.txt 2009-02-10 07:02:25

Pre-Run: 3,774,631,936 bytes free
Post-Run: 3,757,031,424 bytes free

223 --- E O F --- 2009-02-11 22:03:19






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:49:15 PM, on 2/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\mpssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.viewpoint.com/landing/v37b.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Don\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Google Updater.lnk.disabled
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.10/WinSSWebAgent.CAB
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} (GameTap Web Updater) - http://ll.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab
O16 - DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} (JInitiator 1.3.1.13) -
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8922 bytes
 
Please delete them and this one as well:

c:\windows\system32\jqgehrdy.dll

After that:

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select ''Run as administrator'' to perform this scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here
 
Wow that took forever, but here it is.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, February 15, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, February 14, 2009 20:18:08
Records in database: 1797305
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: no

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 113876
Threat name: 98
Infected objects: 297
Suspicious objects: 0
Duration of the scan: 04:12:30


File name / Threat name / Threats count
C:\Documents and Settings\Brittany\My Documents\My Music\Incomplete\T-3545425-only time techno.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\Don\My Documents\My Music\dj zinc.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Drake\Desktop\PLAY_MP3.exe Infected: not-a-virus:AdWare.Win32.Agent.dva 1
C:\Documents and Settings\Drake\Desktop\setup.exe Infected: Trojan-Downloader.Win32.Zlob.lky 1
C:\Documents and Settings\Drake\xnetini.kdd Infected: Trojan-Downloader.Win32.Agent.aubk 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\alidtvbs.dll.vir Infected: Trojan.Win32.Monder.asva 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ayyrxu.dll.vir Infected: Trojan.Win32.Monder.apfw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\bhvorcvn.dll.vir Infected: Trojan.Win32.Monder.awgj 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\bodibuna.dll.vir Infected: Trojan.Win32.Monder.avub 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\bqvfbz.dll.vir Infected: Trojan.Win32.Monder.apfy 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\brvpajhp.dll.vir Infected: Trojan.Win32.Monder.acja 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ccmiqdho.dll.vir Infected: Trojan.Win32.Monder.aidh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\daharubo.dll.tmp.vir Infected: Packed.Win32.Mondera.b 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\dddsjptv.dll.vir Infected: Trojan.Win32.Monder.aokk 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ddvydluv.dll.vir Infected: Trojan.Win32.Monder.amrr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\desoyahi.dll.vir Infected: Trojan-Downloader.Win32.Agent.bhjb 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\djvdywbc.dll.vir Infected: Trojan.Win32.Monder.acix 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\dskwetqw.dll.vir Infected: Trojan.Win32.Monder.alko 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\dwjfkpeu.dll.vir Infected: Trojan.Win32.Monder.acix 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\dwohsots.dll.vir Infected: Trojan.Win32.Monder.apga 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\eekrqtsh.dll.vir Infected: Trojan.Win32.Monder.adyt 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\egdups.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gdm 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\egukoubj.dll.vir Infected: Trojan.Win32.Monder.avau 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\exwcvfus.dll.vir Infected: Trojan.Win32.Monder.apfy 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\fccywwtR.dll.vir Infected: Trojan-Downloader.Win32.Injecter.bel 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\feyajute.dll.vir Infected: Trojan.Win32.Agent.bqec 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\fftyjrce.dll.vir Infected: Trojan.Win32.Monder.avbn 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\filueu.dll.vir Infected: Trojan.Win32.Monder.acja 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\firowazo.dll.vir Infected: Packed.Win32.Mondera.b 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\foxubwos.dll.vir Infected: Trojan.Win32.Monder.amyl 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ftxxtxxm.dll.vir Infected: Trojan.Win32.Monder.awgj 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ghbvsldh.dll.vir Infected: Trojan.Win32.Monder.aidl 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gjxuogmp.dll.vir Infected: Trojan.Win32.Monder.acop 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gorjrj.dll.vir Infected: Trojan.Win32.Monder.avba 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gwvdlvsx.dll.vir Infected: Trojan.Win32.Monder.aqeq 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\hbevgsfg.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jan 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\hipuveyb.dll.vir Infected: Trojan.Win32.Monder.awgz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\hxoshxgs.dll.vir Infected: Trojan.Win32.Monder.aokn 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\igjyjg.dll.vir Infected: Trojan.Win32.Monder.aokl 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\injjbe.dll.vir Infected: Trojan.Win32.Monder.adyt 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\irdanupy.dll.vir Infected: Trojan.Win32.Monder.aiid 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jexweciu.dll.vir Infected: Trojan.Win32.Agent2.bkd 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jqfivg.dll.vir Infected: Trojan-Downloader.Win32.Agent.bhiy 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jvngivds.dll.vir Infected: Trojan.Win32.Monder.areo 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kizosewa.dll.vir Infected: Trojan.Win32.Agent.bqeg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kphkpn.dll.vir Infected: Trojan.Win32.Monder.aokj 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kqnnlr.dll.vir Infected: Trojan.Win32.Monder.atjd 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\krdnghyd.dll.vir Infected: Trojan.Win32.Monder.avba 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\krtwvgwd.dll.vir Infected: Trojan.Win32.Monder.aiir 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kubzrt.dll.vir Infected: Trojan.Win32.Monder.arem 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\lczcst.dll.vir Infected: Trojan.Win32.Monder.apga 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\lrnghs.dll.vir Infected: Trojan.Win32.Monder.aidh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\lrpcib.dll.vir Infected: Trojan.Win32.Monder.amrr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ltfyhcqm.dll.vir Infected: Trojan.Win32.Pakes.mfm 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\margltgh.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.gdm 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\mlicpmdy.dll.vir Infected: Trojan.Win32.Monder.alkp 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\nebpfdei.dll.vir Infected: Trojan.Win32.Monder.avay 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\nyerhp.dll.vir Infected: Trojan-Downloader.Win32.Agent.bhjb 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ogvdirii.dll.vir Infected: Trojan.Win32.Monder.aidl 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\okzxns.dll.vir Infected: Trojan.Win32.Monder.aokh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\olkphtiu.dll.vir Infected: Trojan.Win32.Monder.asxw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\oroditfh.dll.vir Infected: Trojan.Win32.Monder.atjd 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\orrasm.dll.vir Infected: Trojan.Win32.Agent.bqeg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\oxuxow.dll.vir Infected: not-a-virus:FraudTool.Win32.Agent.hf 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\pevkadcu.dll.vir Infected: Trojan.Win32.Monder.aokj 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\pjwbkrxy.dll.vir Infected: Trojan.Win32.Monder.arem 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\plrspw.dll.vir Infected: Trojan.Win32.Monder.acix 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\poaqsz.dll.vir Infected: Trojan.Win32.Monder.avay 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\poegsmvl.dll.vir Infected: Trojan.Win32.Monder.apfw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\pojezija.dll.tmp.vir Infected: Packed.Win32.Mondera.b 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\pswklh.dll.vir Infected: Trojan.Win32.Monder.aokl 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\pyaiisqj.dll.vir Infected: Trojan.Win32.Monder.aidl 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\qasfvhgl.dll.vir Infected: Trojan.Win32.Monder.aokl 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\qhgadedb.dll.vir Infected: Trojan.Win32.Monder.akko 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\qmjbhtdy.dll.vir Infected: Trojan.Win32.Monder.aghz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\qtjfjbxd.dll.vir Infected: Trojan.Win32.Monder.baui 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\qtjnss.dll.vir Infected: Trojan.Win32.Agent2.bkd 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\qzsybu.dll.vir Infected: Trojan.Win32.Monder.aiid 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\rlhjwmkt.dll.vir Infected: Trojan.Win32.Monder.apxw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\rmyhjesy.dll.vir Infected: Trojan.Win32.Monder.areo 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\rntbbj.dll.vir Infected: Trojan.Win32.Monder.asxw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\rpzawh.dll.vir Infected: Trojan.Win32.Pakes.mfm 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\rvguzx.dll.vir Infected: Trojan.Win32.Monder.arem 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\sefswabr.dll.vir Infected: Trojan.Win32.Monder.arem 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\svpqcd.dll.vir Infected: Trojan.Win32.Monder.alkp 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\tigefeki.dll.vir Infected: Trojan-Downloader.Win32.Agent.bhiy 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\torbwg.dll.vir Infected: Trojan.Win32.Monder.akko 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ujdpgwqm.dll.vir Infected: Trojan.Win32.Agent.bahn 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ujndkedp.dll.vir Infected: Trojan.Win32.Monder.aokh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ulbbvvsn.dll.vir Infected: not-a-virus:FraudTool.Win32.Agent.hf 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\uvwcefbp.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.iee 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\vihlovlq.dll.vir Infected: Trojan.Win32.Monder.aidh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\vkwzzb.dll.vir Infected: Trojan.Win32.Monder.avbn 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\vogujesi.dll.tmp.vir Infected: Packed.Win32.Mondera.b 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\vpaerrhe.dll.vir Infected: Trojan.Win32.Monder.aidh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\vvqipe.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jan 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\vwhvjmuf.dll.vir Infected: Trojan.Win32.Monder.aiiu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\vwpbevuk.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.iej 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\vymrpkug.dll.vir Infected: Trojan.Win32.Monder.aokg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\vyrhwx.dll.vir Infected: Trojan.Win32.Monder.aidh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wlhsgb.dll.vir Infected: Trojan.Win32.Monder.avau 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wlzyih.dll.vir Infected: Trojan.Win32.Monder.avay 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\xfeyalsm.dll.vir Infected: Trojan.Win32.Monder.apfz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\xmhnmu.dll.vir Infected: Trojan.Win32.Monder.aiir 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\xrkppdde.dll.vir Infected: Trojan.Win32.Monder.aokl 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\yfurws.dll.vir Infected: Trojan.Win32.Monder.aidh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\yfvsfidd.dll.vir Infected: Trojan.Win32.Monder.avay 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\yiqsen.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.iej 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ynfrmxxs.dll.vir Infected: Trojan.Win32.Monder.asxx 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\yvrahtrk.dll.vir Infected: Trojan.Win32.Monder.avtf 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\zibigihu.dll.vir Infected: Packed.Win32.Mondera.b 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\zlqkkn.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.iee 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\zqywsc.dll.vir Infected: Trojan.Win32.Monder.aiiu 1
E:\WINDOWS\SYSTEM\tfde.dll Infected: not-a-virus:AdWare.Win32.Aureate.a 1
E:\WINDOWS\SYSTEM\htmdeng.exe Infected: not-a-virus:AdWare.Win32.Aureate.a 1
E:\WINDOWS\SYSTEM\ipcclient.dll Infected: not-a-virus:AdWare.Win32.Aureate.a 1
E:\WINDOWS\SYSTEM\msipcsv.exe Infected: not-a-virus:AdWare.Win32.Aureate.a 1
E:\WINDOWS\SYSTEM\adimage.dll Infected: not-a-virus:AdWare.Win32.Aureate.a 1
E:\WINDOWS\SYSTEM\stcloader.exe Infected: Trojan.Win32.SecondThought.ai 1
E:\WINDOWS\SYSTEM\exdl.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 1
E:\WINDOWS\SYSTEM\exdl0.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 1
E:\WINDOWS\SYSTEM\mqexdlm.srg Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 1
E:\WINDOWS\SYSTEM\exul.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 1
E:\WINDOWS\SYSTEM\javexulm.vxd Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 1
E:\WINDOWS\SYSTEM\nvms.dll Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 1
E:\WINDOWS\SYSTEM\mscb.dll Infected: not-a-virus:AdWare.Win32.BargainBuddy.l 1
E:\WINDOWS\SYSTEM\exdl2.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 1
E:\WINDOWS\SYSTEM\exdl3.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 1
E:\WINDOWS\SYSTEM\exul1.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 1
E:\WINDOWS\SYSTEM\exul3.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 1
E:\WINDOWS\SYSTEM\exdl1.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 1
E:\WINDOWS\SYSTEM\exul2.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 1
E:\WINDOWS\SYSTEM\MSBE.DLL Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 1
E:\WINDOWS\TEMP\i1BarStp.exe Infected: not-a-virus:AdWare.Win32.Excite.c 1
E:\WINDOWS\TEMP\AornumSP.exe Infected: not-a-virus:AdWare.Win32.IWon.a 1
E:\WINDOWS\TEMP\nst1325.EXE Infected: not-a-virus:AdWare.Win32.SmartPops.c 1
E:\WINDOWS\Temporary Internet Files\Content.IE5\0T6R4PIR\tvmedia[1].exe Infected: Trojan.Win32.SecondThought.ab 1
E:\WINDOWS\Temporary Internet Files\Content.IE5\0T6R4PIR\mindset[1].exe Infected: Trojan.Win32.SecondThought.ab 1
E:\WINDOWS\Temporary Internet Files\Content.IE5\0T6R4PIR\cb8034[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.l 2
E:\WINDOWS\Temporary Internet Files\Content.IE5\0T6R4PIR\cb8034[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 2
E:\WINDOWS\Temporary Internet Files\Content.IE5\0T6R4PIR\cb8034[1].exe Infected: Trojan-Clicker.Win32.VB.ex 1
E:\WINDOWS\Temporary Internet Files\Content.IE5\0T6R4PIR\cb8034[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 3
E:\WINDOWS\Temporary Internet Files\Content.IE5\0T6R4PIR\cb8034[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.p 1
E:\WINDOWS\Temporary Internet Files\Content.IE5\0T6R4PIR\adp8038f[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 5
E:\WINDOWS\Temporary Internet Files\Content.IE5\0T6R4PIR\adp8038f[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 2
E:\WINDOWS\Temporary Internet Files\Content.IE5\0T6R4PIR\adp8038f[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.y 1
E:\WINDOWS\Temporary Internet Files\Content.IE5\0T6R4PIR\adp8038f[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.w 1
E:\WINDOWS\Temporary Internet Files\Content.IE5\HRAKUVEO\nls8034[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 4
E:\WINDOWS\Temporary Internet Files\Content.IE5\HRAKUVEO\nls8034[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 2
E:\WINDOWS\Temporary Internet Files\Content.IE5\HRAKUVEO\nls8034[1].exe Infected: Trojan-Clicker.Win32.VB.ex 1
E:\WINDOWS\Temporary Internet Files\Content.IE5\4HIJ0LQ3\loader[1].exe Infected: Trojan.Win32.SecondThought.ai 1
E:\WINDOWS\Temporary Internet Files\Content.IE5\4HIJ0LQ3\webrebates[1].exe Infected: Trojan.Win32.SecondThought.ab 1
E:\WINDOWS\Temporary Internet Files\Content.IE5\4HIJ0LQ3\bbi8033[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.l 2
E:\WINDOWS\Temporary Internet Files\Content.IE5\4HIJ0LQ3\bbi8033[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 4
E:\WINDOWS\Temporary Internet Files\Content.IE5\4HIJ0LQ3\bbi8033[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 1
E:\WINDOWS\Temporary Internet Files\Content.IE5\4HIJ0LQ3\bbi8033[1].exe Infected: Trojan-Clicker.Win32.VB.ex 1
E:\WINDOWS\Temporary Internet Files\Content.IE5\4HIJ0LQ3\bbi8033[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.y 1
E:\WINDOWS\Temporary Internet Files\Content.IE5\4HIJ0LQ3\cb8034[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.l 1
E:\WINDOWS\Temporary Internet Files\Content.IE5\4HIJ0LQ3\cb8034[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 2
E:\WINDOWS\Temporary Internet Files\Content.IE5\4HIJ0LQ3\cb8034[1].exe Infected: Trojan-Clicker.Win32.VB.ex 1
E:\WINDOWS\Temporary Internet Files\Content.IE5\4HIJ0LQ3\cb8034[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 1
E:\WINDOWS\Temporary Internet Files\Content.IE5\4HIJ0LQ3\cb8036[1].exe Infected: not-a-virus:AdWare.Win32.CashBack.b 1
E:\WINDOWS\Temporary Internet Files\Content.IE5\4HIJ0LQ3\cb8036[1].exe Infected: not-a-virus:AdWare.Win32.CashBack.d 1
E:\WINDOWS\Temporary Internet Files\Content.IE5\4HIJ0LQ3\cb8036[2].exe Infected: not-a-virus:AdWare.Win32.CashBack.b 1
E:\WINDOWS\Temporary Internet Files\Content.IE5\4HIJ0LQ3\cb8036[2].exe Infected: not-a-virus:AdWare.Win32.CashBack.d 1
E:\WINDOWS\Temporary Internet Files\Content.IE5\GFG7EP87\bbi8032[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.l 2
E:\WINDOWS\Temporary Internet Files\Content.IE5\GFG7EP87\bbi8032[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 10
E:\WINDOWS\Temporary Internet Files\Content.IE5\GFG7EP87\bbi8032[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.y 1
E:\WINDOWS\Temporary Internet Files\Content.IE5\GFG7EP87\bbi8032[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.j 1
E:\WINDOWS\Temporary Internet Files\Content.IE5\GFG7EP87\cb8034[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.l 2
E:\WINDOWS\Temporary Internet Files\Content.IE5\GFG7EP87\cb8034[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 2
E:\WINDOWS\Temporary Internet Files\Content.IE5\GFG7EP87\cb8034[1].exe Infected: Trojan-Clicker.Win32.VB.ex 1
E:\WINDOWS\Temporary Internet Files\Content.IE5\GFG7EP87\cb8034[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 3
E:\WINDOWS\Temporary Internet Files\Content.IE5\GFG7EP87\cb8034[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.p 1
E:\WINDOWS\Temporary Internet Files\Content.IE5\CPEF4HMF\qoologic[1].exe Infected: Trojan.Win32.SecondThought.ab 1
E:\WINDOWS\extract.exe Infected: not-a-virus:AdWare.Win32.ImiBar.c 1
E:\WINDOWS\extract.exe Infected: not-a-virus:AdWare.Win32.ShopNav.g 1
E:\WINDOWS\systb.dll Infected: not-a-virus:AdWare.Win32.ImiBar.c 1
E:\WINDOWS\wdskctl.exe Infected: not-a-virus:AdWare.Win32.ShopNav.g 1
E:\WINDOWS\msbb.exe Infected: not-a-virus:AdWare.Win32.180Solutions.e 1
E:\WINDOWS\msbbi.exe Infected: not-a-virus:AdWare.Win32.180Solutions 1
E:\WINDOWS\msbbhook.dll Infected: not-a-virus:AdWare.Win32.180Solutions 1
E:\WINDOWS\dwcg2.exe Infected: not-a-virus:AdWare.Win32.DownloadWare.a 1
E:\WINDOWS\clipg.exe Infected: not-a-virus:AdWare.Win32.DownloadWare.a 1
E:\WINDOWS\rgrt.exe Infected: not-a-virus:AdWare.Win32.ShopNav.g 1
E:\WINDOWS\bargain3.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.f 1
E:\WINDOWS\bargain3.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.e 1
E:\WINDOWS\bargain3.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.h 1
E:\WINDOWS\dez.exe Infected: not-a-virus:AdWare.Win32.180Solutions 1
E:\Program Files\STC\tvmedia.exe Infected: Trojan.Win32.SecondThought.ab 1
E:\Program Files\STC\webrebates.exe Infected: Trojan.Win32.SecondThought.ab 1
E:\Program Files\STC\qoologic.exe Infected: Trojan.Win32.SecondThought.ab 1
E:\Program Files\STC\mindset.exe Infected: Trojan.Win32.SecondThought.ab 1
E:\Program Files\iWon\iWonBar\1.bin\IWON2NS.EXE Infected: not-a-virus:AdWare.Win32.Excite.a 1
E:\Program Files\iWon\iWonBar\1.bin\IWONBAR.DLL Infected: not-a-virus:AdWare.Win32.Excite.a 1
E:\Program Files\DownloadWare\Downloads\217.dat Infected: not-a-virus:AdWare.Win32.WindowEnhancer 2
E:\Program Files\DownloadWare\Downloads\268.dat Infected: not-a-virus:AdWare.Win32.SmartPops.c 1
E:\Program Files\DownloadWare\Temp\seinst.exe Infected: not-a-virus:AdWare.Win32.WindowEnhancer 2
E:\Program Files\DownloadWare\Temp\tn.exe Infected: not-a-virus:AdWare.Win32.SmartPops.c 1
E:\Program Files\Comet\Bin\csbho.dll Infected: not-a-virus:AdWare.Win32.Comet.q 1
E:\Program Files\Comet\Bin\cscore.dll Infected: not-a-virus:AdWare.Win32.Comet.at 1
E:\Program Files\Comet\Bin\csietb.dll Infected: not-a-virus:AdWare.Win32.Comet.al 1
E:\Program Files\Comet\Bin\cseng.dll Infected: not-a-virus:AdWare.Win32.Comet.v 1
E:\Program Files\Comet\Bin\skinui.dll Infected: not-a-virus:AdWare.Win32.Comet.at 1
E:\Program Files\Comet\Bin\comet.exe Infected: not-a-virus:AdWare.Win32.Comet.c 1
E:\Program Files\Comet\Bin\csband.dll Infected: not-a-virus:AdWare.Win32.Comet.ab 1
E:\Program Files\Comet\Bin\csctx.dll Infected: not-a-virus:AdWare.Win32.Comet.at 1
E:\Program Files\Comet\Bin\fileutil.dll Infected: not-a-virus:AdWare.Win32.Comet.o 1
E:\Program Files\Comet\Bin\csbrange.dll Infected: not-a-virus:AdWare.Win32.Comet.q 1
E:\Program Files\Comet\Bin\csutil.dll Infected: not-a-virus:AdWare.Win32.Comet.v 1
E:\Program Files\Comet\Bin\csapputil.dll Infected: not-a-virus:AdWare.Win32.Comet.q 1
E:\Program Files\Comet\Bin\csinst.dll Infected: not-a-virus:AdWare.Win32.PurityScan.dc 1
E:\Program Files\Comet\Bin\comutil.dll Infected: not-a-virus:AdWare.Win32.Comet.ag 1
E:\Program Files\Comet\Bin\cstray.exe Infected: not-a-virus:AdWare.Win32.Comet.p 1
E:\Program Files\Comet\Bin\csadzap.dll Infected: not-a-virus:AdWare.Win32.Comet.v 1
E:\Program Files\Comet\Bin\autosearch.dll Infected: not-a-virus:AdWare.Win32.Comet.aa 1
E:\Program Files\Comet\Products\FunCursors\fclnk.exe Infected: not-a-virus:AdWare.Win32.Comet.p 1
E:\Program Files\Comet\Temp\43ProdDlls.exe Infected: not-a-virus:AdWare.Win32.Comet.o 1
E:\Program Files\Comet\Temp\43ProdDlls.exe Infected: not-a-virus:AdWare.Win32.Comet.v 2
E:\Program Files\Comet\Data\csres.dat Infected: not-a-virus:AdWare.Win32.Comet.at 1
E:\Program Files\se\v11\se.DLL Infected: not-a-virus:AdWare.Win32.WindowEnhancer 1
E:\Program Files\se\v11\se.EXE Infected: not-a-virus:AdWare.Win32.WindowEnhancer 1
E:\Program Files\CashBack\bin\cashback.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.j 1
E:\Program Files\CashBack\bin\cb.exe Infected: not-a-virus:AdWare.Win32.CashBack.b 1
E:\Program Files\CashBack\bin\flash.exe Infected: not-a-virus:AdWare.Win32.CashBack.d 1
E:\Program Files\CashBack\bbi8033.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.l 2
E:\Program Files\CashBack\bbi8033.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 4
E:\Program Files\CashBack\bbi8033.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 1
E:\Program Files\CashBack\bbi8033.exe Infected: Trojan-Clicker.Win32.VB.ex 1
E:\Program Files\CashBack\bbi8033.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.y 1
E:\Program Files\CashBack\cb8034.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.l 2
E:\Program Files\CashBack\cb8034.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 2
E:\Program Files\CashBack\cb8034.exe Infected: Trojan-Clicker.Win32.VB.ex 1
E:\Program Files\CashBack\cb8034.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 3
E:\Program Files\CashBack\cb8034.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.p 1
E:\Program Files\CashBack\cb8036.exe Infected: not-a-virus:AdWare.Win32.CashBack.b 1
E:\Program Files\CashBack\cb8036.exe Infected: not-a-virus:AdWare.Win32.CashBack.d 1
E:\Program Files\NaviSearch\nls8034.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 4
E:\Program Files\NaviSearch\nls8034.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 2
E:\Program Files\NaviSearch\nls8034.exe Infected: Trojan-Clicker.Win32.VB.ex 1
E:\Program Files\NaviSearch\bin\nls.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 1
E:\Program Files\BullsEye Network\bin\bargains.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 1
E:\Program Files\BullsEye Network\bin\adv.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 1
E:\Program Files\BullsEye Network\bin\adx.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 1
E:\Program Files\BullsEye Network\Uninstall.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.y 1
E:\System Volume Information\_restore{D29C36E0-A054-4AC3-8E60-7C35F3A99B95}\RP391\A0076660.exe Infected: not-a-virus:AdWare.Win32.Aureate.a 5

The selected area was scanned.







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:29:17 AM, on 2/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\mpssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.viewpoint.com/landing/v37b.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Don\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Google Updater.lnk.disabled
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.10/WinSSWebAgent.CAB
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} (GameTap Web Updater) - http://ll.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab
O16 - DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} (JInitiator 1.3.1.13) -
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8891 bytes
 
Yes, it can take some time if you have a lot of files.

Open notepad and copy/paste the text in the codebox below into it:

Code: 
File::
C:\Documents and Settings\Brittany\My Documents\My Music\Incomplete\T-3545425-only time techno.mp3 
C:\Documents and Settings\Don\My Documents\My Music\dj zinc.mp3 
C:\Documents and Settings\Drake\Desktop\PLAY_MP3.exe
C:\Documents and Settings\Drake\Desktop\setup.exe 
C:\Documents and Settings\Drake\xnetini.kdd 
E:\WINDOWS\SYSTEM\tfde.dll 
E:\WINDOWS\SYSTEM\htmdeng.exe 
E:\WINDOWS\SYSTEM\ipcclient.dll 
E:\WINDOWS\SYSTEM\msipcsv.exe 
E:\WINDOWS\SYSTEM\adimage.dll 
E:\WINDOWS\SYSTEM\stcloader.exe 
E:\WINDOWS\SYSTEM\exdl.exe 
E:\WINDOWS\SYSTEM\exdl0.exe 
E:\WINDOWS\SYSTEM\mqexdlm.srg 
E:\WINDOWS\SYSTEM\exul.exe 
E:\WINDOWS\SYSTEM\javexulm.vxd 
E:\WINDOWS\SYSTEM\nvms.dll 
E:\WINDOWS\SYSTEM\mscb.dll 
E:\WINDOWS\SYSTEM\exdl2.exe 
E:\WINDOWS\SYSTEM\exdl3.exe 
E:\WINDOWS\SYSTEM\exul1.exe 
E:\WINDOWS\SYSTEM\exul3.exe 
E:\WINDOWS\SYSTEM\exdl1.exe 
E:\WINDOWS\SYSTEM\exul2.exe 
E:\WINDOWS\SYSTEM\MSBE.DLL 
E:\WINDOWS\TEMP\i1BarStp.exe 
E:\WINDOWS\TEMP\AornumSP.exe 
E:\WINDOWS\TEMP\nst1325.EXE
E:\WINDOWS\Temporary Internet Files\Content.IE5\0T6R4PIR\tvmedia[1].exe Infected: Trojan.Win32.SecondThought.ab 1
E:\WINDOWS\Temporary Internet Files\Content.IE5\0T6R4PIR\mindset[1].exe
E:\WINDOWS\Temporary Internet Files\Content.IE5\0T6R4PIR\cb8034[1].exe
E:\WINDOWS\Temporary Internet Files\Content.IE5\0T6R4PIR\adp8038f[1].exe
E:\WINDOWS\Temporary Internet Files\Content.IE5\HRAKUVEO\nls8034[1].exe 
E:\WINDOWS\Temporary Internet Files\Content.IE5\4HIJ0LQ3\loader[1].exe 
E:\WINDOWS\Temporary Internet Files\Content.IE5\4HIJ0LQ3\webrebates[1].exe 
E:\WINDOWS\Temporary Internet Files\Content.IE5\4HIJ0LQ3\bbi8033[1].exe 
E:\WINDOWS\Temporary Internet Files\Content.IE5\4HIJ0LQ3\cb8034[1].exe
E:\WINDOWS\Temporary Internet Files\Content.IE5\4HIJ0LQ3\cb8036[1].exe 
E:\WINDOWS\Temporary Internet Files\Content.IE5\4HIJ0LQ3\cb8036[2].exe 
E:\WINDOWS\Temporary Internet Files\Content.IE5\GFG7EP87\bbi8032[1].exe
E:\WINDOWS\Temporary Internet Files\Content.IE5\GFG7EP87\cb8034[1].exe 1
E:\WINDOWS\Temporary Internet Files\Content.IE5\CPEF4HMF\qoologic[1].exe 
E:\WINDOWS\extract.exe
E:\WINDOWS\systb.dll 
E:\WINDOWS\wdskctl.exe 
E:\WINDOWS\msbb.exe 
E:\WINDOWS\msbbi.exe 
E:\WINDOWS\msbbhook.dll 
E:\WINDOWS\dwcg2.exe 
E:\WINDOWS\clipg.exe Inf
E:\WINDOWS\rgrt.exe 
E:\WINDOWS\bargain3.exe 
E:\WINDOWS\bargain3.exe 
E:\WINDOWS\bargain3.exe 
E:\WINDOWS\dez.exe 

Folder::
E:\Program Files\BullsEye Network
E:\Program Files\NaviSearch
E:\Program Files\CashBack
E:\Program Files\se
E:\Program Files\Comet
E:\Program Files\DownloadWare
E:\Program Files\iWon
E:\Program Files\STC

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
 
Here you are.

ComboFix 09-02-15.01 - Don 2009-02-15 16:55:47.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.615 [GMT -5:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Outdated)
AV: Windows Live OneCare Antivirus *On-access scanning disabled* (Outdated)
FW: Windows Live OneCare Firewall *enabled*
* Created a new restore point

FILE ::
c:\documents and settings\Brittany\My Documents\My Music\Incomplete\T-3545425-only time techno.mp3
c:\documents and settings\Don\My Documents\My Music\dj zinc.mp3
c:\documents and settings\Drake\Desktop\PLAY_MP3.exe
c:\documents and settings\Drake\Desktop\setup.exe
c:\documents and settings\Drake\xnetini.kdd
e:\windows\bargain3.exe
e:\windows\clipg.exe Inf
e:\windows\dez.exe
e:\windows\dwcg2.exe
e:\windows\extract.exe
e:\windows\msbb.exe
e:\windows\msbbhook.dll
e:\windows\msbbi.exe
e:\windows\rgrt.exe
e:\windows\systb.dll
e:\windows\SYSTEM\adimage.dll
e:\windows\SYSTEM\exdl.exe
e:\windows\SYSTEM\exdl0.exe
e:\windows\SYSTEM\exdl1.exe
e:\windows\SYSTEM\exdl2.exe
e:\windows\SYSTEM\exdl3.exe
e:\windows\SYSTEM\exul.exe
e:\windows\SYSTEM\exul1.exe
e:\windows\SYSTEM\exul2.exe
e:\windows\SYSTEM\exul3.exe
e:\windows\SYSTEM\htmdeng.exe
e:\windows\SYSTEM\ipcclient.dll
e:\windows\SYSTEM\javexulm.vxd
e:\windows\SYSTEM\mqexdlm.srg
e:\windows\SYSTEM\MSBE.DLL
e:\windows\SYSTEM\mscb.dll
e:\windows\SYSTEM\msipcsv.exe
e:\windows\SYSTEM\nvms.dll
e:\windows\SYSTEM\stcloader.exe
e:\windows\SYSTEM\tfde.dll
e:\windows\TEMP\AornumSP.exe
e:\windows\TEMP\i1BarStp.exe
e:\windows\TEMP\nst1325.EXE
e:\windows\Temporary Internet Files\Content.IE5\0T6R4PIR\adp8038f[1].exe
e:\windows\Temporary Internet Files\Content.IE5\0T6R4PIR\cb8034[1].exe
e:\windows\Temporary Internet Files\Content.IE5\0T6R4PIR\mindset[1].exe
e:\windows\Temporary Internet Files\Content.IE5\0T6R4PIR\tvmedia[1].exe Infected: Trojan.Win32.SecondThought.ab 1
e:\windows\Temporary Internet Files\Content.IE5\4HIJ0LQ3\bbi8033[1].exe
e:\windows\Temporary Internet Files\Content.IE5\4HIJ0LQ3\cb8034[1].exe
e:\windows\Temporary Internet Files\Content.IE5\4HIJ0LQ3\cb8036[1].exe
e:\windows\Temporary Internet Files\Content.IE5\4HIJ0LQ3\cb8036[2].exe
e:\windows\Temporary Internet Files\Content.IE5\4HIJ0LQ3\loader[1].exe
e:\windows\Temporary Internet Files\Content.IE5\4HIJ0LQ3\webrebates[1].exe
e:\windows\Temporary Internet Files\Content.IE5\CPEF4HMF\qoologic[1].exe
e:\windows\Temporary Internet Files\Content.IE5\GFG7EP87\bbi8032[1].exe
e:\windows\Temporary Internet Files\Content.IE5\GFG7EP87\cb8034[1].exe 1
e:\windows\Temporary Internet Files\Content.IE5\HRAKUVEO\nls8034[1].exe
e:\windows\wdskctl.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Brittany\My Documents\My Music\Incomplete\T-3545425-only time techno.mp3
c:\documents and settings\Don\My Documents\My Music\dj zinc.mp3
c:\documents and settings\Drake\Desktop\PLAY_MP3.exe
c:\documents and settings\Drake\Desktop\setup.exe
c:\documents and settings\Drake\xnetini.kdd
e:\program files\BullsEye Network
e:\program files\BullsEye Network\2005_01_05.data.zip
e:\program files\BullsEye Network\2005_01_07.data.zip
e:\program files\BullsEye Network\2005_02_05.data.zip
e:\program files\BullsEye Network\2005_03_27.data.zip
e:\program files\BullsEye Network\2005_04_26.data.zip
e:\program files\BullsEye Network\ad.dat
e:\program files\BullsEye Network\adp8034.exe
e:\program files\BullsEye Network\bin\adv.exe
e:\program files\BullsEye Network\bin\adx.exe
e:\program files\BullsEye Network\bin\bargains.exe
e:\program files\BullsEye Network\t1192385924.dec
e:\program files\BullsEye Network\t1193282610.dec
e:\program files\BullsEye Network\ub.dat
e:\program files\BullsEye Network\Uninstall.exe
e:\program files\CashBack
e:\program files\CashBack\ad.dat
e:\program files\CashBack\bb_auto_wider.swf
e:\program files\CashBack\bb_click_wider.swf
e:\program files\CashBack\bb_welcome.html
e:\program files\CashBack\bb_welcome1.swf
e:\program files\CashBack\bbi8033.exe
e:\program files\CashBack\bin\cashback.exe
e:\program files\CashBack\bin\cb.exe
e:\program files\CashBack\bin\flash.exe
e:\program files\CashBack\blank.gif
e:\program files\CashBack\cb8034.exe
e:\program files\CashBack\cb8036.exe
e:\program files\CashBack\icon.gif
e:\program files\CashBack\logo.gif
e:\program files\CashBack\t1099197286.dec
e:\program files\CashBack\t1099251783.dec
e:\program files\CashBack\t1104968039.dec
e:\program files\CashBack\t1105144797.dec
e:\program files\CashBack\t1111978303.dec
e:\program files\CashBack\t1114554344.dec
e:\program files\CashBack\t1116084897.dec
e:\program files\CashBack\t1118774620.dec
e:\program files\CashBack\t1118923041.dec
e:\program files\CashBack\t1119409134.dec
e:\program files\CashBack\t1192385898.dec
e:\program files\CashBack\t1193282608.dec
e:\program files\CashBack\template.html
e:\program files\CashBack\template_signin.html
e:\program files\CashBack\template2.html
e:\program files\CashBack\ub.dat
e:\program files\CashBack\Uninstall.exe
e:\program files\Comet
e:\program files\Comet\Bin\autosearch.dll
e:\program files\Comet\Bin\comet.exe
e:\program files\Comet\Bin\comutil.dll
e:\program files\Comet\Bin\csadzap.dll
e:\program files\Comet\Bin\csapputil.dll
e:\program files\Comet\Bin\csband.dll
e:\program files\Comet\Bin\csbho.dll
e:\program files\Comet\Bin\csbrange.dll
e:\program files\Comet\Bin\cscore.dll
e:\program files\Comet\Bin\csctx.dll
e:\program files\Comet\Bin\cseng.dll
e:\program files\Comet\Bin\csietb.dll
e:\program files\Comet\Bin\csinst.dll
e:\program files\Comet\Bin\csinstall.exe
e:\program files\Comet\Bin\cstray.exe
e:\program files\Comet\Bin\csutil.dll
e:\program files\Comet\Bin\fileutil.dll
e:\program files\Comet\Bin\skinui.dll
e:\program files\Comet\Bin\unins.ico
e:\program files\Comet\Data\csres.dat
e:\program files\Comet\Products\adzap\1b.gif
e:\program files\Comet\Products\adzap\1bl.gif
e:\program files\Comet\Products\adzap\1br.gif
e:\program files\Comet\Products\adzap\1l.gif
e:\program files\Comet\Products\adzap\1r.gif
e:\program files\Comet\Products\adzap\1t.gif
e:\program files\Comet\Products\adzap\1tl.gif
e:\program files\Comet\Products\adzap\1tr.gif
e:\program files\Comet\Products\adzap\adzap.html
e:\program files\Comet\Products\adzap\adzap.js
e:\program files\Comet\Products\adzap\adzap.lic
e:\program files\Comet\Products\adzap\adzap.wav
e:\program files\Comet\Products\adzap\adzap_tb.js
e:\program files\Comet\Products\adzap\azunins.js
e:\program files\Comet\Products\adzap\cap1a.gif
e:\program files\Comet\Products\adzap\cap1b.gif
e:\program files\Comet\Products\adzap\cap2a.gif
e:\program files\Comet\Products\adzap\cap2b.gif
e:\program files\Comet\Products\adzap\cap3a.gif
e:\program files\Comet\Products\adzap\cap3b.gif
e:\program files\Comet\Products\adzap\except.xml
e:\program files\Comet\Products\adzap\header.gif
e:\program files\Comet\Products\adzap\pubutton.bmp
e:\program files\Comet\Products\adzap\pubutton_alert.bmp
e:\program files\Comet\Products\adzap\pubutton_off.bmp
e:\program files\Comet\Products\adzap\scr_adzap.js
e:\program files\Comet\Products\adzap\sp4update.js
e:\program files\Comet\Products\adzap\sump.gif
e:\program files\Comet\Products\adzap\sys_except.xml
e:\program files\Comet\Products\adzap\zapometer.gif
e:\program files\Comet\Products\FunButton\funbutton.bmp
e:\program files\Comet\Products\FunCursors\angel.gif
e:\program files\Comet\Products\FunCursors\close.gif
e:\program files\Comet\Products\FunCursors\clsdown.gif
e:\program files\Comet\Products\FunCursors\clsmask.gif
e:\program files\Comet\Products\FunCursors\clsover.gif
e:\program files\Comet\Products\FunCursors\clsskin.gif
e:\program files\Comet\Products\FunCursors\czlink.gif
e:\program files\Comet\Products\FunCursors\def_arr.gif
e:\program files\Comet\Products\FunCursors\fclnk.exe
e:\program files\Comet\Products\FunCursors\friend.gif
e:\program files\Comet\Products\FunCursors\help.gif
e:\program files\Comet\Products\FunCursors\index.htm
e:\program files\Comet\Products\FunCursors\mcc2.ico
e:\program files\Comet\Products\FunCursors\mccmask.gif
e:\program files\Comet\Products\FunCursors\mccoff.js
e:\program files\Comet\Products\FunCursors\mccskin.gif
e:\program files\Comet\Products\FunCursors\nletter.gif
e:\program files\Comet\Products\FunCursors\onlinecheck.js
e:\program files\Comet\Products\FunCursors\pcursor.gif
e:\program files\Comet\Products\FunCursors\pix.gif
e:\program files\Comet\Products\FunCursors\scr_mcc.js
e:\program files\Comet\Products\FunCursors\scr_wait.js
e:\program files\Comet\Products\FunCursors\title.gif
e:\program files\Comet\Products\FunCursors\vdivider.gif
e:\program files\Comet\Products\FunCursors\wait.htm
e:\program files\Comet\Products\RefButton\refbutton.bmp
e:\program files\Comet\Products\RefButton\refbutton.js
e:\program files\Comet\Products\RelatedSearch\related.xml
e:\program files\Comet\Products\RelatedSearch\related.xsl
e:\program files\Comet\Products\Shared\autosrch.js
e:\program files\Comet\Products\Shared\related.js
e:\program files\Comet\Products\Shared\tbproducts.js
e:\program files\Comet\Products\ShopButton\shopbutton.bmp
e:\program files\Comet\Products\Travel\cars.xsl
e:\program files\Comet\Products\Travel\flights.xsl
e:\program files\Comet\Products\Travel\hotels.xsl
e:\program files\Comet\Products\Travel\orbitz.xsl
e:\program files\Comet\Products\Travel\travel.js
e:\program files\Comet\Products\Travel\travel_context.xml
e:\program files\Comet\Products\TravelButton\travelbutton.bmp
e:\program files\Comet\Products\WebButton\webbutton.bmp
e:\program files\Comet\Products\WebCursors\core.js
e:\program files\Comet\Services\43ProdConv.js
e:\program files\Comet\Services\AddRemove\addremove.htm
e:\program files\Comet\Services\AddRemove\addremove.js
e:\program files\Comet\Services\AddRemove\addremove_cc.js
e:\program files\Comet\Services\AddRemove\armask.gif
e:\program files\Comet\Services\AddRemove\arskin.gif
e:\program files\Comet\Services\AddRemove\cc3.ico
e:\program files\Comet\Services\AddRemove\strip.gif
e:\program files\Comet\Services\AddRemove\title_arui.gif
e:\program files\Comet\Services\AddRemove\titlelabel_ar.gif
e:\program files\Comet\Services\band.js
e:\program files\Comet\Services\brdwnld.js
e:\program files\Comet\Services\cnfmgr.js
e:\program files\Comet\Services\context.js
e:\program files\Comet\Services\controlpanel.js
e:\program files\Comet\Services\license.js
e:\program files\Comet\Services\License\adzap.lic
e:\program files\Comet\Services\logging.js
e:\program files\Comet\Services\LogQueue\p000058B6_o00754C00_logging_1119037237640_1.xml
e:\program files\Comet\Services\masterconfig.xml
e:\program files\Comet\Services\Messaging\Base\1line_left.gif
e:\program files\Comet\Services\Messaging\Base\1line_left_mask.gif
e:\program files\Comet\Services\Messaging\Base\1line_left_small.gif
e:\program files\Comet\Services\Messaging\Base\1line_left_small_mask.gif
e:\program files\Comet\Services\Messaging\Base\1line_right.gif
e:\program files\Comet\Services\Messaging\Base\1line_right_mask.gif
e:\program files\Comet\Services\Messaging\Base\1line_right_small.gif
e:\program files\Comet\Services\Messaging\Base\1line_right_small_mask.gif
e:\program files\Comet\Services\Messaging\Base\2line_left.gif
e:\program files\Comet\Services\Messaging\Base\2line_left_mask.gif
e:\program files\Comet\Services\Messaging\Base\2line_left_small.gif
e:\program files\Comet\Services\Messaging\Base\2line_left_small_mask.gif
e:\program files\Comet\Services\Messaging\Base\2line_right.gif
e:\program files\Comet\Services\Messaging\Base\2line_right_mask.gif
e:\program files\Comet\Services\Messaging\Base\2line_right_small.gif
e:\program files\Comet\Services\Messaging\Base\2line_right_small_mask.gif
e:\program files\Comet\Services\Messaging\Base\3line_left.gif
e:\program files\Comet\Services\Messaging\Base\3line_left_mask.gif
e:\program files\Comet\Services\Messaging\Base\3line_left_small.gif
e:\program files\Comet\Services\Messaging\Base\3line_left_small_mask.gif
e:\program files\Comet\Services\Messaging\Base\3line_right.gif
e:\program files\Comet\Services\Messaging\Base\3line_right_mask.gif
e:\program files\Comet\Services\Messaging\Base\3line_right_small.gif
e:\program files\Comet\Services\Messaging\Base\3line_right_small_mask.gif
e:\program files\Comet\Services\Messaging\Base\defaultbuttonmessage.xml
e:\program files\Comet\Services\Messaging\Base\message.js
e:\program files\Comet\Services\Messaging\Campaigns\AdZap\band_bubble.gif
e:\program files\Comet\Services\Messaging\Campaigns\AdZap\band_bubble_mask.gif
e:\program files\Comet\Services\Messaging\Campaigns\AdZap\bandmessage.xml
e:\program files\Comet\Services\Messaging\Campaigns\AdZap\buttonmessage.xml
e:\program files\Comet\Services\Messaging\Campaigns\dir_maker.txt
e:\program files\Comet\Services\Messaging\Listeners\adzap_0001.js
e:\program files\Comet\Services\Messaging\Listeners\travel_0001.js
e:\program files\Comet\Services\Messaging\messaging.js
e:\program files\Comet\Services\Messaging\settings.xml
e:\program files\Comet\Services\tbmgr.js
e:\program files\Comet\Services\toolbar.js
e:\program files\Comet\Services\update.js
e:\program files\Comet\Services\utillauncher.js
e:\program files\Comet\Services\winutil.js
e:\program files\Comet\Temp\43ProdDlls.exe
e:\program files\Comet\Temp\intro.js
e:\program files\Comet\Uninstall Comet Cursor Plus.lnk
e:\program files\Comet\Uninstall\un_adzap.xml
e:\program files\Comet\Uninstall\un_autosearch.xml
e:\program files\Comet\Uninstall\un_errorsearch.xml
e:\program files\Comet\Uninstall\un_funbutton.xml
e:\program files\Comet\Uninstall\un_funcursors.xml
e:\program files\Comet\Uninstall\un_platform.xml
e:\program files\Comet\Uninstall\un_refbutton.xml
e:\program files\Comet\Uninstall\un_relatedsearch.xml
e:\program files\Comet\Uninstall\un_searchassist.xml
e:\program files\Comet\Uninstall\un_shopbutton.xml
e:\program files\Comet\Uninstall\un_travel.xml
e:\program files\Comet\Uninstall\un_travelbutton.xml
e:\program files\Comet\Uninstall\un_webbutton.xml
e:\program files\Comet\Uninstall\un_webcursors.xml
e:\program files\Comet\Update\convsrch.exe
e:\program files\Comet\Update\luiclient.js
e:\program files\DownloadWare
e:\program files\DownloadWare\Cfg\1262.pid
e:\program files\DownloadWare\Cfg\1382.pid
e:\program files\DownloadWare\Cfg\172.dl
e:\program files\DownloadWare\Cfg\194.dl
e:\program files\DownloadWare\Cfg\201.dl
e:\program files\DownloadWare\Cfg\217.dl
e:\program files\DownloadWare\Cfg\235.dl
e:\program files\DownloadWare\Cfg\236.dl
e:\program files\DownloadWare\Cfg\264.dl
e:\program files\DownloadWare\Cfg\266.dl
e:\program files\DownloadWare\Cfg\267.dl
e:\program files\DownloadWare\Cfg\268.dl
e:\program files\DownloadWare\Cfg\global.cfg
e:\program files\DownloadWare\Cfg\status.cfg
e:\program files\DownloadWare\Cfg\user.cfg
e:\program files\DownloadWare\Downloads\201.dat
e:\program files\DownloadWare\Downloads\217.dat
e:\program files\DownloadWare\Downloads\236.dat
e:\program files\DownloadWare\Downloads\264.dat
e:\program files\DownloadWare\Downloads\267.dat
e:\program files\DownloadWare\Downloads\268.dat
e:\program files\DownloadWare\dw.exe.{70d0ab1e-a4cf-4e28-82ef-322ce26ddfe8}.QQQ
e:\program files\DownloadWare\Temp\cdm.exe
e:\program files\DownloadWare\Temp\seinst.exe
e:\program files\DownloadWare\Temp\tn.exe
e:\program files\iWon
e:\program files\iWon\iWonBar\1.bin\IWON2NS.EXE
e:\program files\iWon\iWonBar\1.bin\IWONBAR.DLL
e:\program files\iWon\iWonBar\1.bin\UNINSTALL.INF
e:\program files\iWon\iWonBar\Cache\0025C9C7.jsp
e:\program files\iWon\iWonBar\Cache\0025EF83.bmp
e:\program files\iWon\iWonBar\Cache\0025FB52.bmp
e:\program files\iWon\iWonBar\Cache\00260201.bmp
e:\program files\iWon\iWonBar\Cache\00260C4D.bmp
e:\program files\iWon\iWonBar\Cache\002618FA.bmp
e:\program files\iWon\iWonBar\Cache\00261D42.bmp
e:\program files\iWon\iWonBar\Cache\002622A6.bmp
e:\program files\iWon\iWonBar\Cache\files.ini
e:\program files\iWon\iWonSlot\3.bin\IWONSLOT.DLL
e:\program files\iWon\iWonSlot\3.bin\PM3.ICO
e:\program files\iWon\iWonSlot\3.bin\UNINSTALL.INF
e:\program files\iWon\iWonSlot\Cache\00136D49.bmp
e:\program files\iWon\iWonSlot\Cache\00137602.bmp
e:\program files\iWon\iWonSlot\Cache\00137C8D.bmp
e:\program files\iWon\iWonSlot\Cache\001384A4.bmp
e:\program files\iWon\iWonSlot\Cache\00138F92.bmp
e:\program files\iWon\iWonSlot\Cache\001398A0.bmp
e:\program files\iWon\iWonSlot\Cache\00139ECF.bmp
e:\program files\iWon\iWonSlot\Cache\0016BDAB.bmp
e:\program files\iWon\iWonSlot\Cache\0016C674.bmp
e:\program files\iWon\iWonSlot\Cache\0016D23E.bmp
e:\program files\iWon\iWonSlot\Cache\0016E0AD.bmp
e:\program files\iWon\iWonSlot\Cache\0016ED02.bmp
e:\program files\iWon\iWonSlot\Cache\00170248.bmp
e:\program files\iWon\iWonSlot\Cache\00170C87.bmp
e:\program files\iWon\iWonSlot\Cache\00172539.bmp
e:\program files\iWon\iWonSlot\Cache\00172F7D.bmp
e:\program files\iWon\iWonSlot\Cache\001761FE.bmp
e:\program files\iWon\iWonSlot\Cache\0017989B.bmp
e:\program files\iWon\iWonSlot\Cache\0017A8C7.bmp
e:\program files\iWon\iWonSlot\Cache\0017C671.bmp
e:\program files\iWon\iWonSlot\Cache\0017DB2F.wav
e:\program files\iWon\iWonSlot\Cache\0017F403.wav
e:\program files\iWon\iWonSlot\Cache\00182D6F.wav
e:\program files\iWon\iWonSlot\Cache\00184328.wav
e:\program files\iWon\iWonSlot\Cache\002B2F77.bmp
e:\program files\iWon\iWonSlot\Cache\002B3FAD.bmp
e:\program files\iWon\iWonSlot\Cache\03894989.bmp
e:\program files\iWon\iWonSlot\Cache\03895423.bmp
e:\program files\iWon\iWonSlot\Cache\04220E37.jsp
e:\program files\iWon\iWonSlot\Cache\0422181D.bmp
e:\program files\iWon\iWonSlot\Cache\04221FF3.bmp
e:\program files\iWon\iWonSlot\Cache\042226F5.bmp
e:\program files\iWon\iWonSlot\Cache\04223510.bmp
e:\program files\iWon\iWonSlot\Cache\04223BEB.bmp
e:\program files\iWon\iWonSlot\Cache\042246DB.bmp
e:\program files\iWon\iWonSlot\Cache\04224F10.bmp
e:\program files\iWon\iWonSlot\Cache\04225BD9.bmp
e:\program files\iWon\iWonSlot\Cache\04226B68.bmp
e:\program files\iWon\iWonSlot\Cache\04227AE4.bmp
e:\program files\iWon\iWonSlot\Cache\04270545
e:\program files\iWon\iWonSlot\Cache\057DCA41.bmp
e:\program files\iWon\iWonSlot\Cache\057DD0A8.bmp
e:\program files\iWon\iWonSlot\Cache\057DD7EB.bmp
e:\program files\iWon\iWonSlot\Cache\057DDE62.bmp
e:\program files\iWon\iWonSlot\Cache\057DE8E4.bmp
e:\program files\iWon\iWonSlot\Cache\057DF525.bmp
e:\program files\iWon\iWonSlot\Cache\057E02F8.bmp
e:\program files\iWon\iWonSlot\Cache\057E0AE9.bmp
e:\program files\iWon\iWonSlot\Cache\057E136A.bmp
e:\program files\iWon\iWonSlot\Cache\057E25C5.bmp
e:\program files\iWon\iWonSlot\Cache\057E2F89.bmp
e:\program files\iWon\iWonSlot\Cache\057E38FE.bmp
e:\program files\iWon\iWonSlot\Cache\057E40D0.bmp
e:\program files\iWon\iWonSlot\Cache\057E52FE.bmp
e:\program files\iWon\iWonSlot\Cache\057E5E24.bmp
e:\program files\iWon\iWonSlot\Cache\057E6B17.bmp
e:\program files\iWon\iWonSlot\Cache\057E717F.bmp
e:\program files\iWon\iWonSlot\Cache\057E8084.bmp
e:\program files\iWon\iWonSlot\Cache\057E88AA.bmp
e:\program files\iWon\iWonSlot\Cache\057ED538.bmp
e:\program files\iWon\iWonSlot\Cache\057F3921.bmp
e:\program files\iWon\iWonSlot\Cache\057FB5E0.bmp
e:\program files\iWon\iWonSlot\Cache\057FCB3F.bmp
e:\program files\iWon\iWonSlot\Cache\057FD4B3.bmp
e:\program files\iWon\iWonSlot\Cache\057FDEE1.bmp
e:\program files\iWon\iWonSlot\Cache\057FE9C7.bmp
e:\program files\iWon\iWonSlot\Cache\057FFC0D.bmp
e:\program files\iWon\iWonSlot\Cache\0580389B.bmp
e:\program files\iWon\iWonSlot\Cache\05808C2D.bmp
e:\program files\iWon\iWonSlot\Cache\0580AC3C.bmp
e:\program files\iWon\iWonSlot\Cache\05810774.bmp
e:\program files\iWon\iWonSlot\Cache\0581812E.bmp
e:\program files\iWon\iWonSlot\Cache\0581E3E7.bmp
e:\program files\iWon\iWonSlot\Cache\0581FD1A.bmp
e:\program files\iWon\iWonSlot\Cache\05822916
e:\program files\iWon\iWonSlot\Cache\08A9EC57.bmp
e:\program files\iWon\iWonSlot\Cache\08A9F8C6.bmp
e:\program files\iWon\iWonSlot\Cache\08AA0391.bmp
e:\program files\iWon\iWonSlot\Cache\08AA0F98.bmp
e:\program files\iWon\iWonSlot\Cache\08AA17B8.bmp
e:\program files\iWon\iWonSlot\Cache\08AA247C.bmp
e:\program files\iWon\iWonSlot\Cache\08AA3587.bmp
e:\program files\iWon\iWonSlot\Cache\08AA3D00.bmp
e:\program files\iWon\iWonSlot\Cache\08AA4425.bmp
e:\program files\iWon\iWonSlot\Cache\09CDFBD9.bmp
e:\program files\iWon\iWonSlot\Cache\09CE0978.bmp
e:\program files\iWon\iWonSlot\Cache\09CE13AD.bmp
e:\program files\iWon\iWonSlot\Cache\09CE23CC.bmp
e:\program files\iWon\iWonSlot\Cache\09CE2E9B.bmp
e:\program files\iWon\iWonSlot\Cache\09CE3F42.bmp
e:\program files\iWon\iWonSlot\Cache\09CE484A.bmp
e:\program files\iWon\iWonSlot\Cache\09CE5A6E.bmp
e:\program files\iWon\iWonSlot\Cache\09CE654F.bmp
e:\program files\iWon\iWonSlot\Cache\0A6D6100.bmp
e:\program files\iWon\iWonSlot\Cache\0A6D6A10.bmp
e:\program files\iWon\iWonSlot\Cache\0A6D750F.bmp
e:\program files\iWon\iWonSlot\Cache\0A6D7EB8.bmp
e:\program files\iWon\iWonSlot\Cache\0B1F7B2A
e:\program files\iWon\iWonSlot\Cache\0D585652.bmp
e:\program files\iWon\iWonSlot\Cache\0F04FCAB.bmp
e:\program files\iWon\iWonSlot\Cache\0F052D39.bmp
e:\program files\iWon\iWonSlot\Cache\102ABE49.bmp
e:\program files\iWon\iWonSlot\Cache\102AC6CC.bmp
e:\program files\iWon\iWonSlot\Cache\102ACEC2.bmp
e:\program files\iWon\iWonSlot\Cache\102AD638.bmp
e:\program files\iWon\iWonSlot\Cache\102ADE8A.bmp
e:\program files\iWon\iWonSlot\Cache\102AE6F0.bmp
e:\program files\iWon\iWonSlot\Cache\102AF00D.bmp
e:\program files\iWon\iWonSlot\Cache\102AF9F1.bmp
e:\program files\iWon\iWonSlot\Cache\102B0334.bmp
e:\program files\iWon\iWonSlot\Cache\102B0D79.bmp
e:\program files\iWon\iWonSlot\Cache\102B17C8.bmp
e:\program files\iWon\iWonSlot\Cache\102B2292.bmp
e:\program files\iWon\iWonSlot\Cache\102B2BBF.bmp
e:\program files\iWon\iWonSlot\Cache\102B3609.bmp
e:\program files\iWon\iWonSlot\Cache\102B4316.bmp
e:\program files\iWon\iWonSlot\Cache\102B4E08.wav
e:\program files\iWon\iWonSlot\Cache\102B5A40.wav
e:\program files\iWon\iWonSlot\Cache\102B6F6C.wav
e:\program files\iWon\iWonSlot\Cache\102B7ACD.wav
e:\program files\iWon\iWonSlot\Cache\1524B88A.bmp
e:\program files\iWon\iWonSlot\Cache\15280A50
e:\program files\iWon\iWonSlot\Cache\152946E6
e:\program files\iWon\iWonSlot\Cache\27BEA371.jsp
e:\program files\iWon\iWonSlot\Cache\61845CE2.bmp
e:\program files\iWon\iWonSlot\Cache\618466D8.bmp
e:\program files\iWon\iWonSlot\Cache\618470F7.bmp
e:\program files\iWon\iWonSlot\Cache\61847989.bmp
e:\program files\iWon\iWonSlot\Cache\61848382.bmp
e:\program files\iWon\iWonSlot\Cache\61848E29.bmp
e:\program files\iWon\iWonSlot\Cache\6184981C.bmp
e:\program files\iWon\iWonSlot\Cache\6184A4E4.bmp
e:\program files\iWon\iWonSlot\Cache\6184AEBE.bmp
e:\program files\iWon\iWonSlot\Cache\files.ini
e:\program files\iWon\iWonSlot\PM3.ico
e:\program files\NaviSearch
e:\program files\NaviSearch\ad.dat
e:\program files\NaviSearch\bin\nls.exe
e:\program files\NaviSearch\nls8034.exe
e:\program files\NaviSearch\nls8036.exe
e:\program files\NaviSearch\t1110047353.dec
e:\program files\NaviSearch\t1111978079.dec
e:\program files\NaviSearch\t1114554081.dec
e:\program files\NaviSearch\ub.dat
e:\program files\NaviSearch\Uninstall.exe
e:\program files\se
e:\program files\se\Data\app.dat
e:\program files\se\Data\bm.dat
e:\program files\se\v11\se.DLL
e:\program files\se\v11\se.EXE
e:\program files\STC
e:\program files\STC\bookedspace.exe
e:\program files\STC\BundleOuter2601031121.exe
e:\program files\STC\CSV5P070.exe.{6531e5ea-e660-481d-bb4f-5dd9128e1c57}.QQQ
e:\program files\STC\mindset.exe
e:\program files\STC\qoologic.exe
e:\program files\STC\slmss.exe.{f640ca51-086a-43f6-96a5-a1b42197ba9d}.QQQ
e:\program files\STC\spywarelabs.exe
e:\program files\STC\STC.exe
e:\program files\STC\tvmedia.exe
e:\program files\STC\vt_install.exe
e:\program files\STC\webrebates.exe
e:\windows\bargain3.exe
e:\windows\dez.exe
e:\windows\dwcg2.exe
e:\windows\extract.exe
e:\windows\msbb.exe
e:\windows\msbbhook.dll
e:\windows\msbbi.exe
e:\windows\rgrt.exe
e:\windows\systb.dll
e:\windows\SYSTEM\adimage.dll
e:\windows\SYSTEM\exdl.exe
e:\windows\SYSTEM\exdl0.exe
e:\windows\SYSTEM\exdl1.exe
e:\windows\SYSTEM\exdl2.exe
e:\windows\SYSTEM\exdl3.exe
e:\windows\SYSTEM\exul.exe
e:\windows\SYSTEM\exul1.exe
e:\windows\SYSTEM\exul2.exe
e:\windows\SYSTEM\exul3.exe
e:\windows\SYSTEM\htmdeng.exe
e:\windows\SYSTEM\ipcclient.dll
e:\windows\SYSTEM\javexulm.vxd
e:\windows\SYSTEM\mqexdlm.srg
e:\windows\SYSTEM\MSBE.DLL
e:\windows\SYSTEM\mscb.dll
e:\windows\SYSTEM\msipcsv.exe
e:\windows\SYSTEM\nvms.dll
e:\windows\SYSTEM\stcloader.exe
e:\windows\SYSTEM\tfde.dll
e:\windows\TEMP\AornumSP.exe
e:\windows\TEMP\i1BarStp.exe
e:\windows\TEMP\nst1325.EXE
e:\windows\Temporary Internet Files\Content.IE5\0T6R4PIR\adp8038f[1].exe
e:\windows\Temporary Internet Files\Content.IE5\0T6R4PIR\cb8034[1].exe
e:\windows\Temporary Internet Files\Content.IE5\0T6R4PIR\mindset[1].exe
e:\windows\Temporary Internet Files\Content.IE5\4HIJ0LQ3\bbi8033[1].exe
e:\windows\Temporary Internet Files\Content.IE5\4HIJ0LQ3\cb8034[1].exe
e:\windows\Temporary Internet Files\Content.IE5\4HIJ0LQ3\cb8036[1].exe
e:\windows\Temporary Internet Files\Content.IE5\4HIJ0LQ3\cb8036[2].exe
e:\windows\Temporary Internet Files\Content.IE5\4HIJ0LQ3\loader[1].exe
e:\windows\Temporary Internet Files\Content.IE5\4HIJ0LQ3\webrebates[1].exe
e:\windows\Temporary Internet Files\Content.IE5\CPEF4HMF\qoologic[1].exe
e:\windows\Temporary Internet Files\Content.IE5\GFG7EP87\bbi8032[1].exe
e:\windows\Temporary Internet Files\Content.IE5\HRAKUVEO\nls8034[1].exe
e:\windows\wdskctl.exe

.
((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.

2009-02-15 03:12 . 2009-02-15 03:12 <DIR> d-------- C:\INSURANCE AGENTS NEEDED FOR SUCCESSFUL FAST GROWING AGENCY_files
2009-02-15 03:12 . 2009-02-15 03:12 4,389 --a------ C:\INSURANCE AGENTS NEEDED FOR SUCCESSFUL FAST GROWING AGENCY.htm
2009-02-14 17:00 . 2009-02-14 17:00 82,038 --a------ C:\Letter_From_Sprint.rtf
2009-02-13 01:59 . 2009-02-15 16:53 2,923,783 -ra------ C:\ComboFix.exe
2009-02-10 18:34 . 2009-02-10 18:34 <DIR> d-------- C:\TELEMARKETING_files
2009-02-10 18:34 . 2009-02-10 18:34 4,140 --a------ C:\TELEMARKETING.htm
2009-02-10 02:42 . 2009-02-10 02:42 197 --a------ c:\windows\system32\MRT.INI
2009-02-08 12:21 . 2009-02-08 13:00 <DIR> d-------- C:\Sansa
2009-02-06 19:19 . 2009-02-06 19:19 <DIR> d-------- c:\program files\ERUNT
2009-02-03 23:13 . 2009-02-03 23:13 <DIR> d-------- c:\program files\The Weather Channel FW
2009-02-03 21:26 . 2009-02-03 21:26 <DIR> d-------- c:\program files\Common Files\xing shared
2009-02-03 21:23 . 2009-02-03 21:23 <DIR> d-------- c:\program files\Real
2009-02-03 19:12 . 2009-02-03 19:12 13,408 --a------ C:\2008_Federal_FAFSA.pdf
2009-02-02 23:43 . 2009-02-02 23:43 2,402,775 --a------ C:\mycheckbook-setup.exe
2009-01-31 13:12 . 2009-01-31 13:10 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-28 19:13 . 2009-01-28 19:13 <DIR> d-------- c:\program files\Opera
2009-01-15 14:31 . 2009-01-15 14:31 40,960 --a------ c:\windows\system32\jqgehrdy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 20:57 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-04 02:26 --------- d-----w c:\program files\Common Files\Real
2009-02-04 02:25 --------- d-----w c:\program files\Common Files\csshare
2009-02-03 04:56 --------- d-----w c:\program files\Document
2009-02-02 07:09 --------- d-----w c:\program files\icuii
2009-01-31 18:10 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-31 18:10 --------- d-----w c:\program files\Java
2009-01-13 20:47 --------- d-----w c:\documents and settings\Brittany\Application Data\DivX
2009-01-08 02:19 --------- d-----w c:\documents and settings\Joseph\Application Data\DivX
2009-01-07 05:22 --------- d-----w c:\program files\DivX
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-20 05:09 --------- d-----w c:\program files\Common Files\Adobe
2008-12-16 04:55 --------- d-----w c:\program files\Trend Micro
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-02-13_ 2.09.22.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 17:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\2-14-2009\ERDNT.EXE
+ 2009-02-14 19:52:00 8,470,528 ----a-w c:\windows\ERDNT\AutoBackup\2-14-2009\Users\00000001\NTUSER.DAT
+ 2009-02-14 19:52:02 274,432 ----a-w c:\windows\ERDNT\AutoBackup\2-14-2009\Users\00000002\UsrClass.dat
+ 2005-10-20 17:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\2-15-2009\ERDNT.EXE
+ 2009-02-15 19:26:30 8,470,528 ----a-w c:\windows\ERDNT\AutoBackup\2-15-2009\Users\00000001\NTUSER.DAT
+ 2009-02-15 19:26:30 274,432 ----a-w c:\windows\ERDNT\AutoBackup\2-15-2009\Users\00000002\UsrClass.dat
+ 2009-02-15 19:26:20 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_684.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]
"Google Update"="c:\documents and settings\Don\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-06 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-12-12 71328]
"NAV CfgWiz"="c:\program files\Common Files\Symantec Shared\CfgWiz.exe" [2003-08-15 124096]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2006-06-06 202032]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2006-05-28 100056]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-31 136600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-03 185896]

c:\documents and settings\Don\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinCinema Manager.lnk - c:\program files\Sandisk\Common\Bin\WinCinemaMgr.exe [2007-11-25 303104]
Google Updater.lnk.disabled [2007-08-13 920]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSMPSVC]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"="c:\program files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SoundMan"=SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 MPSHLPR;MPSHLPR;c:\windows\system32\drivers\mpshlpr.sys [2006-02-09 107008]
R2 MPSDrv;MPSDrv;c:\windows\system32\drivers\mpsdrv.sys [2006-02-09 83200]
R2 mpssvc;Microsoft Protection Service;c:\program files\Microsoft Windows OneCare Live\Firewall\mpssvc.exe [2006-02-09 838888]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-02-26 24652]
S3 PciTest;WinMTA PCI Service;c:\windows\system32\drivers\pcitest.sys [2004-05-10 6912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f81e8f3-9253-11dd-9353-00038a000015}]
\Shell\AutoRun\command - e:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - e:\system\viewer\FlipVideoforPC.exe
.
Contents of the 'Scheduled Tasks' folder

2008-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826549902-1532422000-2314379556-1007.job
- c:\documents and settings\Don\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 00:33]

2009-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-826549902-1532422000-2314379556-1008.job
- c:\documents and settings\Brittany\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-22 13:25]

2005-03-28 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Cindy.job
- c:\progra~1\NORTON~1\NAVW32.EXE [2003-12-04 17:22]

2009-02-07 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\Navw32.exe [2003-12-04 17:22]

2009-02-15 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-06-18 20:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.emachines.com/
uInternet Connection Wizard,ShellNext = hxxp://www.viewpoint.com/landing/v37b.html
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://ll.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab
FF - ProfilePath - c:\documents and settings\Don\Application Data\Mozilla\Firefox\Profiles\g0x035vn.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - component: c:\documents and settings\Don\Application Data\Mozilla\Firefox\Profiles\g0x035vn.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\documents and settings\Don\Application Data\Mozilla\Firefox\Profiles\g0x035vn.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 17:02:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-15 17:06:00
ComboFix-quarantined-files.txt 2009-02-15 22:05:41
ComboFix2.txt 2009-02-14 20:19:08
ComboFix3.txt 2009-02-13 22:47:58
ComboFix4.txt 2009-02-13 07:11:56
ComboFix5.txt 2009-02-15 21:54:14

Pre-Run: 3,503,271,936 bytes free
Post-Run: 3,534,696,448 bytes free

688 --- E O F --- 2009-02-11 22:03:19






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:07:29 PM, on 2/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\mpssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.viewpoint.com/landing/v37b.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Don\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Google Updater.lnk.disabled
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.10/WinSSWebAgent.CAB
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} (GameTap Web Updater) - http://ll.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab
O16 - DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} (JInitiator 1.3.1.13) -
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8891 bytes
 
Fantastic!
No, things seem fine and whereas Firefox and IE were screwed up before, now they seem to be back to normal.
THANK YOU!!!! :bigthumb:

I really appreciate your willingness to help out! It's very remarkable!
 
Great :)

You are running two antiviruses, Microsoft and norton.

Are both up-to-date?
 
OK, please then uninstall those, install McAfee and post back a fresh hijackthis log :)
 
You must log in or register to reply here.
Back
Top