Popups and can't turn on Automatic Update

Thanks in advance for any help. I'm getting random popups in Internet Explorer, my Microsoft Automatic Update keeps shutting itself off, my firewall keeps blocking randomly-named programs, and I can't read any mail in my hotmail account. Other than that, my computer is just fine.

I'm only using Microsoft OneCare, and it seems to think that nothing is wrong. (Although it keeps popping up to tell me that Automatic Update has been turned off.)

I've backed up my system registry.

My HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:57 AM, on 4/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\lxcfcoms.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Windows OneCare Live\WinSSUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Shawn\My Documents\download\open\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O2 - BHO: (no name) - {0650fe3f-a8d5-4257-aa41-b07021108d35} - C:\WINDOWS\system32\worufuvu.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {222c2c6c-7862-47c1-b108-2c3a7408759e} - C:\WINDOWS\system32\binupuji.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [wizafumifa] Rundll32.exe "C:\WINDOWS\system32\dupakoti.dll",s
O4 - HKLM\..\Run: [CPMc76aebb6] Rundll32.exe "c:\windows\system32\satulosu.dll",a
O4 - HKLM\..\Run: [c459d82a] rundll32.exe "C:\WINDOWS\system32\ruzunife.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [wizafumifa] Rundll32.exe "C:\WINDOWS\system32\dupakoti.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [wizafumifa] Rundll32.exe "C:\WINDOWS\system32\dupakoti.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-947512437-202339457-2450788053-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Lisa')
O4 - HKUS\S-1-5-21-947512437-202339457-2450788053-1008\..\Run: [wizafumifa] Rundll32.exe "C:\WINDOWS\system32\dupakoti.dll",s (User 'Lisa')
O4 - HKUS\S-1-5-21-947512437-202339457-2450788053-1008\..\Run: [c459d82a] rundll32.exe "C:\WINDOWS\system32\wenigewe.dll",b (User 'Lisa')
O4 - HKUS\S-1-5-21-947512437-202339457-2450788053-1008\..\Run: [CPMc76aebb6] Rundll32.exe "c:\windows\system32\memuviso.dll",a (User 'Lisa')
O4 - HKUS\S-1-5-21-947512437-202339457-2450788053-1010\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Adam')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222309078281
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\nehuvuri.dll C:\WINDOWS\system32\wujuleza.dll c:\windows\system32\satulosu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\satulosu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\satulosu.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Sundoihe - Sun Microsystems, Inc. - C:\WINDOWS\system32\javaw.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9734 bytes

Hi snagswolf


Your system is infected.

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.


Generate an Uninstall List

* Open HijackThis
* Click on Open Misc Tools Section
* Click on Open Uninstall Manager
* Click on Save list
* Save it to your Desktop
* Post it on your next reply.

Wow, thanks for the quick reply!

Ok, did a manual install of the Recovery Console, and then ran ComboFix. Here is the log:

ComboFix 09-04-21.06 - Shawn 04/20/2009 17:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.276 [GMT -4:00]
Running from: c:\documents and settings\Shawn\Desktop\ComboFix.exe
AV: Windows Live OneCare *On-access scanning disabled* (Updated)
FW: Windows Live OneCare Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Shawn\Application Data\inst.exe
c:\windows\system32\efinuzur.ini
c:\windows\system32\efinuzur.tmp
c:\windows\system32\efinuzur.tmp2
c:\windows\system32\ejizokeb.ini
c:\windows\system32\etayevek.ini
c:\windows\system32\eweginew.ini
c:\windows\system32\eweginew.ini2
c:\windows\system32\eweginew.tmp
c:\windows\system32\ibofivuz.ini
c:\windows\system32\idalapey.ini
c:\windows\system32\idalapey.ini2
c:\windows\system32\idalapey.tmp
c:\windows\system32\iloneluh.ini
c:\windows\system32\ilowoyuw.ini
c:\windows\system32\itureguw.ini
c:\windows\system32\izijahoy.ini
c:\windows\system32\jibogosu.dll
c:\windows\system32\niyihifi.dll
c:\windows\system32\onofavan.ini
c:\windows\system32\opusanug.ini
c:\windows\system32\pudovori.dll
c:\windows\system32\sehajiwi.dll
c:\windows\system32\suzisuha.dll
c:\windows\system32\wenigewe.dll
c:\windows\system32\wugeruti.dll
c:\windows\system32\yepaladi.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-03-20 to 2009-04-20 )))))))))))))))))))))))))))))))
.

2009-04-20 20:38 . 2009-04-20 20:38 8704 ----a-w c:\windows\instsp2.exe
2009-04-19 11:21 . 2009-04-19 11:22 -------- d-----w c:\program files\ERUNT
2009-04-15 19:07 . 2009-04-15 19:07 48 ----a-w c:\windows\wininit.ini
2009-04-14 19:16 . 2009-04-14 19:16 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-01 22:44 . 2009-04-01 22:44 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-04-01 22:31 . 2009-04-01 22:32 -------- dc-h--w c:\windows\ie8
2009-03-25 19:44 . 2009-03-25 19:44 -------- d-----w c:\documents and settings\Ryan\Application Data\Ulead Systems
2009-03-24 19:38 . 2008-04-13 18:46 38912 -c--a-w c:\windows\system32\dllcache\avc.sys
2009-03-24 19:38 . 2008-04-13 18:46 38912 ----a-w c:\windows\system32\drivers\avc.sys
2009-03-24 19:38 . 2008-04-13 18:46 48128 -c--a-w c:\windows\system32\dllcache\61883.sys
2009-03-24 19:38 . 2008-04-13 18:46 48128 ----a-w c:\windows\system32\drivers\61883.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-20 20:54 . 2008-12-29 17:11 -------- d-----w c:\program files\Microsoft Windows OneCare Live
2009-04-20 20:38 . 2009-01-20 20:38 63488 --sha-w c:\windows\system32\jeyanoyu.exe
2009-04-20 20:38 . 2009-01-20 20:38 99328 --sha-w c:\windows\system32\bohusika.dll
2009-04-20 20:38 . 2009-01-20 20:38 107520 --sha-w c:\windows\system32\kavunize.dll
2009-04-20 07:49 . 2008-10-26 05:41 -------- d-----w c:\program files\LimeWire
2009-04-20 07:49 . 2009-02-16 06:10 -------- d-----w c:\documents and settings\Adam\Application Data\LimeWire
2009-04-20 07:10 . 2009-01-20 07:10 107520 --sha-w c:\windows\system32\lejufomu.dll.vir
2009-04-20 07:10 . 2009-01-20 07:10 63488 --sha-w c:\windows\system32\tirujumu.exe
2009-04-20 07:10 . 2009-01-20 07:10 99328 --sha-w c:\windows\system32\gunasupo.dll
2009-04-19 19:09 . 2009-01-19 19:09 63488 --sha-w c:\windows\system32\kadavasu.exe
2009-04-19 19:09 . 2009-01-19 19:09 107520 --sha-w c:\windows\system32\sepowumu.dll
2009-04-19 07:09 . 2009-01-19 07:09 107520 --sha-w c:\windows\system32\satulosu.dll
2009-04-19 07:09 . 2009-01-19 07:09 63488 --sha-w c:\windows\system32\medizija.exe
2009-04-18 19:09 . 2009-01-18 19:09 99328 --sha-w c:\windows\system32\mipisifo.dll
2009-04-18 19:09 . 2009-01-18 19:09 63488 --sha-w c:\windows\system32\rogavove.exe
2009-04-18 19:09 . 2009-01-18 19:09 107520 --sha-w c:\windows\system32\memuviso.dll
2009-04-18 07:09 . 2009-01-18 07:09 107520 --sha-w c:\windows\system32\vefegonu.dll
2009-04-18 07:09 . 2009-01-18 07:09 99328 ------w c:\windows\system32\navafono.dll
2009-04-18 07:09 . 2009-01-18 07:09 63488 --sha-w c:\windows\system32\fujayagi.exe
2009-04-17 19:08 . 2009-01-17 19:08 99328 ------w c:\windows\system32\yohajizi.dll
2009-04-17 19:08 . 2009-01-17 19:08 107520 --sha-w c:\windows\system32\nevipepi.dll
2009-04-17 19:08 . 2009-01-17 19:08 63488 --sha-w c:\windows\system32\vunipoti.exe
2009-04-17 07:08 . 2009-01-17 07:08 107008 --sha-w c:\windows\system32\vosoleda.dll
2009-04-15 19:07 . 2009-01-15 19:07 99840 --sha-w c:\windows\system32\wuyowoli.dll
2009-04-15 07:07 . 2009-01-15 07:07 101888 ------w c:\windows\system32\bekozije.dll
2009-04-14 19:07 . 2009-01-14 19:07 69120 --sha-w c:\windows\system32\jijivafo.dll
2009-04-14 19:07 . 2009-01-14 19:07 101888 --sha-w c:\windows\system32\zuvifobi.dll
2009-04-14 07:06 . 2009-01-14 07:06 99840 --sha-w c:\windows\system32\keveyate.dll
2009-04-14 07:06 . 2009-01-14 07:06 65024 --sha-w c:\windows\system32\fagozatu.exe
2009-04-14 07:06 . 2009-01-14 07:06 109568 --sha-w c:\windows\system32\fanilupe.dll
2009-04-13 23:04 . 2009-01-26 21:51 -------- d-----w c:\documents and settings\Shawn\Application Data\Apple Computer
2009-04-13 22:08 . 2008-09-25 01:14 -------- d-----w c:\program files\Napster
2009-03-27 21:02 . 2008-10-03 20:35 84344 ----a-w c:\documents and settings\Ryan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-19 09:29 . 2009-01-26 07:22 -------- d-----w c:\documents and settings\Adam\Application Data\uTorrent
2009-03-11 07:03 . 2008-09-26 00:43 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-08 08:34 . 2008-09-25 00:33 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2008-09-25 00:30 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2008-09-25 00:26 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2008-09-25 00:33 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2008-09-25 00:26 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2008-09-25 00:28 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2008-09-25 00:28 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2008-09-25 00:30 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2008-09-25 00:30 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2008-09-25 00:31 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 02:17 . 2008-11-21 22:41 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-03-01 12:54 . 2008-09-25 04:28 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-26 08:00 . 2009-01-26 22:18 -------- d-----w c:\documents and settings\Adam\Application Data\Apple Computer
2009-02-26 07:55 . 2008-10-02 16:00 84344 ----a-w c:\documents and settings\Adam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-23 06:35 . 2009-02-23 06:35 -------- d-----w c:\documents and settings\Adam\Application Data\Ulead Systems
2009-02-22 12:49 . 2009-02-22 12:49 -------- d-----w c:\program files\AutoStitch
2009-02-21 05:05 . 2009-02-21 05:05 -------- d-----w c:\documents and settings\Lisa\Application Data\Ulead Systems
2009-02-21 05:04 . 2008-09-30 17:56 84344 ----a-w c:\documents and settings\Lisa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-20 23:20 . 2009-02-20 23:20 -------- d-----w c:\program files\TCWorks
2009-02-20 23:20 . 2008-09-25 01:19 -------- d-----w c:\program files\Common Files\Adobe
2009-02-20 23:12 . 2009-02-20 23:04 -------- d-----w c:\documents and settings\Shawn\Application Data\Ulead Systems
2009-02-20 23:07 . 2008-09-25 02:16 84344 ----a-w c:\documents and settings\Shawn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-20 23:04 . 2009-02-20 22:51 -------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2009-02-20 22:53 . 2009-02-20 22:53 -------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-02-20 22:53 . 2008-09-25 01:02 -------- d--h--w c:\program files\InstallShield Installation Information
2009-02-20 22:53 . 2009-02-20 22:53 -------- d-----w c:\program files\Windows Media Components
2009-02-20 22:51 . 2009-02-20 22:51 -------- d-----w c:\program files\Common Files\Ulead Systems
2009-02-20 22:51 . 2009-02-20 22:51 -------- d-----w c:\program files\Ulead Systems
2009-02-20 22:51 . 2008-09-25 01:01 -------- d-----w c:\program files\Common Files\InstallShield
2009-02-09 11:13 . 2008-09-25 00:33 1846784 ----a-w c:\windows\system32\win32k.sys
2009-01-25 18:57 . 2009-01-25 18:57 160263 ----a-w c:\windows\Sqirlz Morph Uninstaller.exe
2009-01-15 20:47 . 2009-01-15 20:47 414669 ----a-w c:\documents and settings\All Users\SPL25.tmp
2008-10-28 21:13 . 2008-09-25 04:48 47360 ----a-w c:\documents and settings\Shawn\Application Data\pcouffin.sys
2008-09-26 05:56 . 2008-09-26 05:40 24 --sh--w c:\windows\S4EA88343.tmp
2009-01-14 19:07 . 2009-01-14 19:07 69120 --sha-w c:\windows\system32\binupuji.dll
2009-01-14 19:07 . 2009-01-14 19:07 69120 --sha-w c:\windows\system32\dupakoti.dll
2006-05-03 09:06 . 2008-12-06 01:17 163328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2008-12-06 01:17 31232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2008-12-06 01:17 216064 --sh--r c:\windows\system32\nbDX.dll
2009-01-14 19:07 . 2009-01-14 19:07 69120 --sha-w c:\windows\system32\wujuleza.dll.vir
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{222c2c6c-7862-47c1-b108-2c3a7408759e}]
2009-01-14 19:07 69120 --sha-w c:\windows\system32\binupuji.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-09 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-18 339968]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-30 185872]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-03-22 63864]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"wizafumifa"="c:\windows\system32\dupakoti.dll" [2009-01-14 69120]
"CPMc76aebb6"="c:\windows\system32\kavunize.dll" [2009-04-20 107520]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 77824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-17 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2008-9-24 1742384]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-25 106560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"= "c:\windows\system32\kavunize.dll" [2009-04-20 107520]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"= {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kavunize.dll [2009-04-20 107520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\kavunize.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\wujuleza.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1222305373\\EE\\AOLServiceHost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\lxcfcoms.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\explorer.exe"=

R3 Sundoihe;Sundoihe;c:\windows\system32\javaw.exe [2005-03-04 49250]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]
S1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2001-12-19 8576]
S2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [2009-03-22 24936]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f689524-bffb-11dd-90ed-0013d3a36fa9}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0650fe3f-a8d5-4257-aa41-b07021108d35} - c:\windows\system32\worufuvu.dll
HKLM-Run-NWEReboot - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-20 17:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3268)
c:\windows\system32\kavunize.dll
c:\windows\system32\dupakoti.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\lxcfcoms.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\StkASv2K.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\windows\system32\searchindexer.exe
c:\program files\Microsoft Windows OneCare Live\winss.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-04-20 17:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-20 21:33

Pre-Run: 12,656,324,608 bytes free
Post-Run: 17,577,021,440 bytes free

278 --- E O F --- 2009-04-01 22:18


Ran HijackThis, and here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:38:41 PM, on 4/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\lxcfcoms.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Shawn\My Documents\download\open\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {222c2c6c-7862-47c1-b108-2c3a7408759e} - C:\WINDOWS\system32\binupuji.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [wizafumifa] Rundll32.exe "C:\WINDOWS\system32\dupakoti.dll",s
O4 - HKLM\..\Run: [CPMc76aebb6] Rundll32.exe "c:\windows\system32\kavunize.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222309078281
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: c:\windows\system32\kavunize.dll,C:\WINDOWS\system32\wujuleza.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kavunize.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kavunize.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Sundoihe - Sun Microsystems, Inc. - C:\WINDOWS\system32\javaw.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8197 bytes


Here is the HijackThis Uninstall Manager list:

Sansa Media Converter
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player 10 ActiveX
Adobe MPEG Encoder
Adobe Photoshop CS
Adobe Premiere 6.5
Adobe Reader 7.0
Adobe Shockwave Player
Advanced RealMedia Export Plug-in for Premiere 6.0
America Online (Choose which version to remove)
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
BigFix
Bonjour
CloneCD
Cool Edit Pro 2.0
Critical Update for Windows Media Player 11 (KB959772)
Crystal Reports Basic for Visual Studio 2008
Digital Media Reader
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.0
DVDx
eMedia Guitar Method
ERUNT 1.1j
GDR 3077 for SQL Server Database Services 2005 ENU (KB960089)
GTOneCare
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB952241)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Infragistics NetAdvantage for .NET 2008 Vol. 2 CLR 3.5 Help
Infragistics NetAdvantage for ASP.NET 2008 Vol. 2 CLR 3.5
iTunes
J2SE Runtime Environment 5.0 Update 2
Lexmark 730 Series
LimeWire 4.18.8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Device Emulator version 3.0 - ENU
Microsoft Digital Image Starter Edition 2006
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Protection Service
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Backward compatibility
Microsoft SQL Server 2005 Books Online (English)
Microsoft SQL Server 2005 Express Edition
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Tools
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Premier Partner Edition - ENU
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows Live OneCare Resources v2.5.2900.24
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install
Microsoft Windows OneCare Live v2.5.2900.24
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
MSDN Library for Visual Studio 2008 - ENU
MSDN Library for Visual Studio 2008 - ENU
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
Nero 7 Ultra Edition
Nero BurnRights
NHL® 08
Photo Viewer 2.4
POV-Ray for Windows v3.6.1b
PowerDVD
Pure Networks Port Magic
PX Engine
QuickTime
RealPlayer
Realtek AC'97 Audio
Retriever
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB947738)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Shockwave
Singing Coach
SoftV92 Data Fax Modem with SmartCP
Sqirlz Morph
SQLXML4
SUPER © Version 2008.bld.33 (Sep 2, 2008)
TC Native Essentials 2.02
TextPad
TurboCAD Deluxe 14
TurboCAD Symbols
Ulead VideoStudio SE DVD
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB2.0 Capture Device
Version 3.0a
Viewpoint Media Player
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Windows Backup Utility
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows Search 4.0
Windows XP Service Pack 3
WinZip
Xvid 1.1.3 final uninstall



I turned on OneCare's virus protection and firewall, and it looks like Automatic Updates are staying on, so far.

I REALLY appreciate your help here, Blade81. Thank you very much.

I'll check back and see if you have any other steps for me.

Whoops, spoke too soon. Automatic Updates have turned back off again on their own, and OneCare is complaining about it.

Hi

There's still bad stuff left there.

Upload following file to http://www.virustotal.com and post back the results:
c:\windows\system32\javaw.exe


IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.


LimeWire


I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).


After that:



Open notepad and copy/paste the text in the quotebox below into it:



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader!


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 13.
• Click the
  Download
  button to the right.
• Select Windows on platform combobox and check the box that says:
  Accept License Agreement. Click continue.
  
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh hjt log and above mentioned ComboFix resultant log.

Thanks again for your timely response Blade81.

Whew, that took a while!

Ok, here's the result of virustotal.com:

======================================================================================

File javaw.exe received on 04.21.2009 23:30:29 (CET)
Current status: finished


Result: 0/40 (0%)

Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.04.21 -
AhnLab-V3 5.0.0.2 2009.04.21 -
AntiVir 7.9.0.148 2009.04.21 -
Antiy-AVL 2.0.3.1 2009.04.21 -
Authentium 5.1.2.4 2009.04.21 -
Avast 4.8.1335.0 2009.04.21 -
AVG 8.5.0.287 2009.04.21 -
BitDefender 7.2 2009.04.21 -
CAT-QuickHeal 10.00 2009.04.21 -
ClamAV 0.94.1 2009.04.21 -
Comodo 1124 2009.04.21 -
DrWeb 4.44.0.09170 2009.04.21 -
eSafe 7.0.17.0 2009.04.21 -
eTrust-Vet 31.6.6440 2009.04.20 -
F-Prot 4.4.4.56 2009.04.21 -
F-Secure 8.0.14470.0 2009.04.21 -
Fortinet 3.117.0.0 2009.04.21 -
GData 19 2009.04.21 -
Ikarus T3.1.1.49.0 2009.04.21 -
K7AntiVirus 7.10.710 2009.04.21 -
Kaspersky 7.0.0.125 2009.04.21 -
McAfee 5591 2009.04.21 -
McAfee+Artemis 5591 2009.04.21 -
McAfee-GW-Edition 6.7.6 2009.04.21 -
Microsoft 1.4602 2009.04.21 -
NOD32 4026 2009.04.21 -
Norman 6.00.06 2009.04.21 -
nProtect 2009.1.8.0 2009.04.21 -
Panda 10.0.0.14 2009.04.21 -
PCTools 4.4.2.0 2009.04.21 -
Prevx1 V2 2009.04.21 -
Rising 21.26.14.00 2009.04.21 -
Sophos 4.40.0 2009.04.21 -
Sunbelt 3.2.1858.2 2009.04.21 -
Symantec 1.4.4.12 2009.04.21 -
TheHacker 6.3.4.0.312 2009.04.21 -
TrendMicro 8.700.0.1004 2009.04.21 -
VBA32 3.12.10.2 2009.04.21 -
ViRobot 2009.4.21.1702 2009.04.21 -
VirusBuster 4.6.5.0 2009.04.21 -

Additional information

File size: 49250 bytes
MD5...: 1c2ee8afcec1025bba61242084f45b4a
SHA1..: f057e32c7fe152c5be9a429d379e7870384eab83
SHA256: 4732683b37a4d9bee513f3f231ba0cd236be5b3bf61a25d2d8f1240754ed2787
SHA512: 07a145b70dbb1fdd5ddc9428786e3e27e10f19bbf1da5b8db1ddf72450423558
5ea0a6be989e65b98562a88764d740c30060cd849246cbccd07adb5274c926b7
ssdeep: 768:RWXhxp6bl3g2B9xUAaI49BJUG/x6y97xP7kaD:RWXghxF43JULE

PEiD..: Armadillo v1.71
TrID..: File type identification
Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x642a
timedatestamp.....: 0x4228334b (Fri Mar 04 10:07:07 2005)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x55c0 0x6000 6.20 e0a1c4a6040efe182b4c3a7bc52f8e00
.rdata 0x7000 0x86c 0x1000 2.70 d314d2fe0297277d0f5efeebfc074d81
.data 0x8000 0x2f54 0x3000 4.66 1075278f1aed6c7b888ad0f8fe03a550
.rsrc 0xb000 0x3e8 0x1000 1.05 f586b983314127dc8ceb6862ad48c2bc

( 4 imports )
> ADVAPI32.dll: RegOpenKeyExA, RegQueryValueExA, RegEnumKeyA, RegCloseKey
> USER32.dll: MessageBoxA
> MSVCRT.dll: free, perror, malloc, fclose, fwrite, fread, strncmp, fopen, strspn, strcspn, fgets, strchr, strrchr, __p___argc, __p___argv, exit, __p__environ, _putenv, printf, getenv, _pctype, sprintf, __mb_cur_max, calloc, _exit, _XcptFilter, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _iob, fprintf, memmove, strpbrk, __initenv, _isctype, _strnicmp, _stricmp, _strdup, _stat, _spawnv, _read, _close, _open, _lseek
> KERNEL32.dll: GetStartupInfoA, QueryPerformanceFrequency, GetModuleHandleA, GetModuleFileNameA, LoadLibraryA, GetProcAddress, QueryPerformanceCounter

( 0 exports )

PDFiD.: -
RDS...: NSRL Reference Data Set
-
======================================================================================


Next, I got rid of LimeWire.

Then, dropped the script file onto ComboFix. Didn't have to end any of the processes mentioned.

Here's the ComboFix log:

======================================================================================

ComboFix 09-04-22.02 - Shawn 04/21/2009 17:53.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.314 [GMT -4:00]
Running from: c:\documents and settings\Shawn\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Shawn\Desktop\CFScript.txt
AV: Windows Live OneCare *On-access scanning disabled* (Updated)
FW: Windows Live OneCare Firewall *disabled*
* Created a new restore point

FILE ::
c:\documents and settings\All Users\SPL25.tmp
c:\windows\S4EA88343.tmp
c:\windows\system32\bekozije.dll
c:\windows\system32\binupuji.dll
c:\windows\system32\bohusika.dll
c:\windows\system32\dupakoti.dll
c:\windows\system32\fagozatu.exe
c:\windows\system32\fanilupe.dll
c:\windows\system32\fujayagi.exe
c:\windows\system32\gunasupo.dll
c:\windows\system32\jeyanoyu.exe
c:\windows\system32\jijivafo.dll
c:\windows\system32\kadavasu.exe
c:\windows\system32\kavunize.dll
c:\windows\system32\keveyate.dll
c:\windows\system32\lejufomu.dll.vir
c:\windows\system32\medizija.exe
c:\windows\system32\memuviso.dll
c:\windows\system32\mipisifo.dll
c:\windows\system32\navafono.dll
c:\windows\system32\nevipepi.dll
c:\windows\system32\rogavove.exe
c:\windows\system32\satulosu.dll
c:\windows\system32\sepowumu.dll
c:\windows\system32\tirujumu.exe
c:\windows\system32\vefegonu.dll
c:\windows\system32\vosoleda.dll
c:\windows\system32\vunipoti.exe
c:\windows\system32\wujuleza.dll.vir
c:\windows\system32\wuyowoli.dll
c:\windows\system32\yohajizi.dll
c:\windows\system32\zuvifobi.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Adam\Application Data\LimeWire
c:\documents and settings\Adam\Application Data\LimeWire\.AppSpecialShare\Another Happy Ending.torrent
c:\documents and settings\Adam\Application Data\LimeWire\.AppSpecialShare\Between Now And Then.torrent
c:\documents and settings\Adam\Application Data\LimeWire\.AppSpecialShare\Styx-The Best Of Styx - 2008 - Zz.torrent
c:\documents and settings\Adam\Application Data\LimeWire\.AppSpecialShare\Styx-The Best Of Styx - 2008 - Zz.torrent.bak
c:\documents and settings\Adam\Application Data\LimeWire\active.mojito
c:\documents and settings\Adam\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Adam\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Adam\Application Data\LimeWire\downloads.dat
c:\documents and settings\Adam\Application Data\LimeWire\fileurns.bak
c:\documents and settings\Adam\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Adam\Application Data\LimeWire\filters.props
c:\documents and settings\Adam\Application Data\LimeWire\gnutella.net
c:\documents and settings\Adam\Application Data\LimeWire\installation.props
c:\documents and settings\Adam\Application Data\LimeWire\library.dat
c:\documents and settings\Adam\Application Data\LimeWire\limewire.props
c:\documents and settings\Adam\Application Data\LimeWire\mojito.props
c:\documents and settings\Adam\Application Data\LimeWire\passive.mojito
c:\documents and settings\Adam\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Adam\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Adam\Application Data\LimeWire\promotion\promodb.lck
c:\documents and settings\Adam\Application Data\LimeWire\promotion\promodb.log
c:\documents and settings\Adam\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Adam\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Adam\Application Data\LimeWire\questions.props
c:\documents and settings\Adam\Application Data\LimeWire\responses.cache
c:\documents and settings\Adam\Application Data\LimeWire\simpp.xml
c:\documents and settings\Adam\Application Data\LimeWire\simpp.xml45217tmp
c:\documents and settings\Adam\Application Data\LimeWire\spam.dat
c:\documents and settings\Adam\Application Data\LimeWire\tables.props
c:\documents and settings\Adam\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\Adam\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\Adam\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\Adam\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\Adam\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\Adam\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\Adam\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\Adam\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\Adam\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\Adam\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\Adam\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\Adam\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\Adam\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\Adam\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\Adam\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\Adam\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\Adam\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\Adam\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\Adam\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\Adam\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\Adam\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\Adam\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\Adam\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\Adam\Application Data\LimeWire\ttrees.cache
c:\documents and settings\Adam\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Adam\Application Data\LimeWire\version.xml
c:\documents and settings\Adam\Application Data\LimeWire\versions.props
c:\documents and settings\Adam\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\Adam\Application Data\LimeWire\xml\data\video.sxml2
c:\documents and settings\Adam\Application Data\uTorrent
c:\documents and settings\Adam\Application Data\uTorrent\2007 - MK II (256k).torrent
c:\documents and settings\Adam\Application Data\uTorrent\2008 - Perpetual Flame.torrent
c:\documents and settings\Adam\Application Data\uTorrent\30 Seconds To Mars.torrent
c:\documents and settings\Adam\Application Data\uTorrent\ANBERLIN - DISCOGRAPHY [CHANNEL NEO].torrent
c:\documents and settings\Adam\Application Data\uTorrent\Avenged Sevenfold - Sounding the Seventh Trumpet.1.torrent
c:\documents and settings\Adam\Application Data\uTorrent\Avenged Sevenfold - Sounding the Seventh Trumpet.torrent
c:\documents and settings\Adam\Application Data\uTorrent\dht.dat
c:\documents and settings\Adam\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Adam\Application Data\uTorrent\Don't You Fake It [Deluxe Edition].torrent
c:\documents and settings\Adam\Application Data\uTorrent\Dragonforce - Ultra Beatdown [2008].torrent
c:\documents and settings\Adam\Application Data\uTorrent\Guns N' Roses - Appetite For Destruction (1987) {Original} [EAC - Lame V0].torrent
c:\documents and settings\Adam\Application Data\uTorrent\Guns n' Roses - Chinese Democracy [2008].[MP3 CBR 320]-RoCK&BlueLadyRG.torrent
c:\documents and settings\Adam\Application Data\uTorrent\HEROES Season 3 Episode 1 to 6 by deathmule.torrent
c:\documents and settings\Adam\Application Data\uTorrent\HEROES SEASON 3 Episode 7 to 10 by deathmule.torrent
c:\documents and settings\Adam\Application Data\uTorrent\Jason Mraz - We Sing We Dance We Steal Things [2008].torrent
c:\documents and settings\Adam\Application Data\uTorrent\Masterplan - 2003 - Masterplan.torrent
c:\documents and settings\Adam\Application Data\uTorrent\Masterplan - 2005 - Aeronautics.torrent
c:\documents and settings\Adam\Application Data\uTorrent\Masterplan - Masterplan 2003.torrent
c:\documents and settings\Adam\Application Data\uTorrent\Motley Crue - Too Fast For Love {Original master} (1982) [EAC - VBR HQ mp3s].torrent
c:\documents and settings\Adam\Application Data\uTorrent\New Found Glory - Complete Discography [CHANNEL NEO].torrent
c:\documents and settings\Adam\Application Data\uTorrent\Papa_Roach-Metamorphosis-2009.[www.Mixermusic.net].torrent
c:\documents and settings\Adam\Application Data\uTorrent\resume.dat
c:\documents and settings\Adam\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Adam\Application Data\uTorrent\rss.dat
c:\documents and settings\Adam\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Adam\Application Data\uTorrent\settings.dat
c:\documents and settings\Adam\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Adam\Application Data\uTorrent\Sixx_A.M.-The_Heroin_Diaries-(Deluxe_Edition)-2CD-2008-MTD.torrent
c:\documents and settings\Adam\Application Data\uTorrent\The Used.torrent
c:\documents and settings\Adam\Application Data\uTorrent\Three Days Grace - discography.torrent
c:\documents and settings\All Users\SPL25.tmp
c:\program files\LimeWire
c:\program files\LimeWire\hs_err_pid5360.log
c:\program files\LimeWire\hs_err_pid5892.log
c:\program files\LimeWire\hs_err_pid7860.log
c:\windows\system32\bekozije.dll
c:\windows\system32\binupuji.dll
c:\windows\system32\bohusika.dll
c:\windows\system32\dupakoti.dll
c:\windows\system32\fagozatu.exe
c:\windows\system32\fanilupe.dll
c:\windows\system32\fujayagi.exe
c:\windows\system32\gunasupo.dll
c:\windows\system32\jeyanoyu.exe
c:\windows\system32\jijivafo.dll
c:\windows\system32\kadavasu.exe
c:\windows\system32\kavunize.dll
c:\windows\system32\keveyate.dll
c:\windows\system32\lejufomu.dll.vir
c:\windows\system32\medizija.exe
c:\windows\system32\memuviso.dll
c:\windows\system32\mipisifo.dll
c:\windows\system32\navafono.dll
c:\windows\system32\nevipepi.dll
c:\windows\system32\omonegiy.ini
c:\windows\system32\rogavove.exe
c:\windows\system32\satulosu.dll
c:\windows\system32\sepowumu.dll
c:\windows\system32\tirujumu.exe
c:\windows\system32\vefegonu.dll
c:\windows\system32\vosoleda.dll
c:\windows\system32\vunipoti.exe
c:\windows\system32\wegumida.dll
c:\windows\system32\wujuleza.dll.vir
c:\windows\system32\wuyowoli.dll
c:\windows\system32\yohajizi.dll
c:\windows\system32\zuvifobi.dll
c:\windows\S4EA88343.tmp . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2009-03-21 to 2009-04-21 )))))))))))))))))))))))))))))))
.

2009-04-21 22:09 . 2009-04-21 22:09 0 ------w c:\windows\S4EA88343.tmp
2009-04-21 13:35 . 2009-04-21 13:35 1408516 --sh--w c:\windows\system32\omonegiy.tmp
2009-04-20 20:38 . 2009-04-20 20:38 8704 ----a-w c:\windows\instsp2.exe
2009-04-19 11:21 . 2009-04-19 11:22 -------- d-----w c:\program files\ERUNT
2009-04-15 19:07 . 2009-04-21 20:39 86 ----a-w c:\windows\wininit.ini
2009-04-14 19:16 . 2009-04-14 19:16 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-01 22:44 . 2009-04-01 22:44 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-04-01 22:31 . 2009-04-01 22:32 -------- dc-h--w c:\windows\ie8
2009-03-25 19:44 . 2009-03-25 19:44 -------- d-----w c:\documents and settings\Ryan\Application Data\Ulead Systems
2009-03-24 19:38 . 2008-04-13 18:46 38912 -c--a-w c:\windows\system32\dllcache\avc.sys
2009-03-24 19:38 . 2008-04-13 18:46 38912 ----a-w c:\windows\system32\drivers\avc.sys
2009-03-24 19:38 . 2008-04-13 18:46 48128 -c--a-w c:\windows\system32\dllcache\61883.sys
2009-03-24 19:38 . 2008-04-13 18:46 48128 ----a-w c:\windows\system32\drivers\61883.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 22:14 . 2009-04-21 22:13 1399323 --sh--w c:\windows\system32\omonegiy.ini2
2009-04-21 20:39 . 2009-01-21 20:39 108032 --sha-w c:\windows\system32\liseruka.dll
2009-04-21 20:39 . 2009-01-21 20:39 64000 --sha-w c:\windows\system32\gaduvoma.exe
2009-04-21 08:39 . 2009-01-21 08:39 63488 --sha-w c:\windows\system32\yoguvesi.exe
2009-04-21 08:39 . 2009-01-21 08:39 99328 ------w c:\windows\system32\yigenomo.dll
2009-04-21 08:39 . 2009-01-21 08:39 107520 --sha-w c:\windows\system32\nugedezo.dll.vir
2009-04-20 23:14 . 2008-12-29 17:11 -------- d-----w c:\program files\Microsoft Windows OneCare Live
2009-04-13 23:04 . 2009-01-26 21:51 -------- d-----w c:\documents and settings\Shawn\Application Data\Apple Computer
2009-04-13 22:08 . 2008-09-25 01:14 -------- d-----w c:\program files\Napster
2009-03-27 21:02 . 2008-10-03 20:35 84344 ----a-w c:\documents and settings\Ryan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-11 07:03 . 2008-09-26 00:43 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-08 08:34 . 2008-09-25 00:33 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2008-09-25 00:30 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2008-09-25 00:26 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2008-09-25 00:33 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2008-09-25 00:26 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2008-09-25 00:28 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2008-09-25 00:28 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2008-09-25 00:30 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2008-09-25 00:30 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2008-09-25 00:31 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 02:17 . 2008-11-21 22:41 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-03-01 12:54 . 2008-09-25 04:28 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-26 08:00 . 2009-01-26 22:18 -------- d-----w c:\documents and settings\Adam\Application Data\Apple Computer
2009-02-26 07:55 . 2008-10-02 16:00 84344 ----a-w c:\documents and settings\Adam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-23 06:35 . 2009-02-23 06:35 -------- d-----w c:\documents and settings\Adam\Application Data\Ulead Systems
2009-02-22 12:49 . 2009-02-22 12:49 -------- d-----w c:\program files\AutoStitch
2009-02-21 05:05 . 2009-02-21 05:05 -------- d-----w c:\documents and settings\Lisa\Application Data\Ulead Systems
2009-02-21 05:04 . 2008-09-30 17:56 84344 ----a-w c:\documents and settings\Lisa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-20 23:20 . 2009-02-20 23:20 -------- d-----w c:\program files\TCWorks
2009-02-20 23:20 . 2008-09-25 01:19 -------- d-----w c:\program files\Common Files\Adobe
2009-02-20 23:12 . 2009-02-20 23:04 -------- d-----w c:\documents and settings\Shawn\Application Data\Ulead Systems
2009-02-20 23:07 . 2008-09-25 02:16 84344 ----a-w c:\documents and settings\Shawn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-20 23:04 . 2009-02-20 22:51 -------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2009-02-20 22:53 . 2009-02-20 22:53 -------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-02-20 22:53 . 2008-09-25 01:02 -------- d--h--w c:\program files\InstallShield Installation Information
2009-02-20 22:53 . 2009-02-20 22:53 -------- d-----w c:\program files\Windows Media Components
2009-02-20 22:51 . 2009-02-20 22:51 -------- d-----w c:\program files\Common Files\Ulead Systems
2009-02-20 22:51 . 2009-02-20 22:51 -------- d-----w c:\program files\Ulead Systems
2009-02-20 22:51 . 2008-09-25 01:01 -------- d-----w c:\program files\Common Files\InstallShield
2009-02-09 11:13 . 2008-09-25 00:33 1846784 ----a-w c:\windows\system32\win32k.sys
2009-01-25 18:57 . 2009-01-25 18:57 160263 ----a-w c:\windows\Sqirlz Morph Uninstaller.exe
2008-10-28 21:13 . 2008-09-25 04:48 47360 ----a-w c:\documents and settings\Shawn\Application Data\pcouffin.sys
2006-05-03 09:06 . 2008-12-06 01:17 163328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2008-12-06 01:17 31232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2008-12-06 01:17 216064 --sh--r c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-20_21.23.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-21 21:25 . 2009-04-21 21:25 16384 c:\windows\Temp\Perflib_Perfdata_820.dat
+ 2009-04-21 22:12 . 2009-04-21 22:12 16384 c:\windows\Temp\Perflib_Perfdata_640.dat
+ 2009-04-21 22:09 . 2009-04-21 22:09 16384 c:\windows\Temp\Perflib_Perfdata_180.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-09 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-18 339968]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-30 185872]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-03-22 63864]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"c459d82a"="c:\windows\system32\yigenomo.dll" [2009-04-21 99328]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 77824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-17 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2008-9-24 1742384]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-25 106560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1222305373\\EE\\AOLServiceHost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\lxcfcoms.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=

R3 Sundoihe;Sundoihe;c:\windows\system32\javaw.exe [2005-03-04 49250]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]
S1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2001-12-19 8576]
S2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [2009-03-22 24936]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f689524-bffb-11dd-90ed-0013d3a36fa9}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 18:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\omonegiy.ini2 1399323 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3176)
c:\windows\system32\yigenomo.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\lxcfcoms.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\StkASv2K.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\program files\Microsoft Windows OneCare Live\winss.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-04-21 18:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-21 22:21
ComboFix2.txt 2009-04-20 21:33

Pre-Run: 9,809,444,864 bytes free
Post-Run: 17,547,558,912 bytes free

375 --- E O F --- 2009-04-01 22:18

======================================================================================

Uninstalled the Adobe Reader and installed the new version.

Uninstalled the Java Runtime. (Note: When I rebooted after uninstalling, the system decided to install 9 updates as the machine shut down, which I guess had been backed up since Automatic Updates hadn't been working. Not sure which updates were installed.)

Installed the latest Java Runtime.

Downloaded and ran the ATF Cleaner as instructed.

Ran the Kaspersky Online Scanner. The first time I ran it, the machine shut down in the middle of it. This happens frequently with my computer, and I'm not sure if it's software or hardward related.

Re-ran the Kaspersky Online Scanner. It ran overnight, and here's the log:

======================================================================================

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, April 22, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, April 22, 2009 02:42:33
Records in database: 2067570
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 431542
Threat name: 3
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 04:13:34


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\bohusika.dll.vir Infected: Trojan.Win32.Monder.byqu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\keveyate.dll.vir Infected: Trojan-Downloader.Win32.Agent.bqxc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\mipisifo.dll.vir Infected: Trojan.Win32.Monder.byqu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wegumida.dll.vir Infected: Trojan.Win32.Monder.byqu 1
D:\i386\Apps\App03130\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The selected area was scanned.

======================================================================================

Then ran HijackThis, and here's the log:

======================================================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:35:55 AM, on 4/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcfcoms.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\TextPad 4\TextPad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Shawn\My Documents\download\open\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [c459d82a] rundll32.exe "C:\WINDOWS\system32\yigenomo.dll",b
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222309078281
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Sundoihe - Sun Microsystems, Inc. - C:\WINDOWS\system32\javaw.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8335 bytes

======================================================================================

Turned back on the virus protection for OneCare. (The OneCare firewall seems to have come on by itself.)

Automatic Updates seems to be working, so far.

I'm now able to get into my hotmail.

Thanks again for all your help Blade81. You're a good human.

I'll check back to see if there's more I have to do.

Hi again

There's still something left to do.

Ran the Kaspersky Online Scanner. The first time I ran it, the machine shut down in the middle of it. This happens frequently with my computer, and I'm not sure if it's software or hardward related.

Click to expand...

That could be overheating problem. When temperature rises too much motherboard turns the power off to prevent damage.


Open notepad and copy/paste the text in the quotebox below into it:



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & a fresh hjt log.

Ok, here's the log from ComboFix:

=========================================================

ComboFix 09-04-22.02 - Shawn 04/22/2009 17:16.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.318 [GMT -4:00]
Running from: c:\documents and settings\Shawn\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Shawn\Desktop\CFScript.txt
AV: Windows Live OneCare *On-access scanning disabled* (Updated)
FW: Windows Live OneCare Firewall *disabled*
* Created a new restore point

FILE ::
c:\windows\instsp2.exe
c:\windows\S4EA88343.tmp
c:\windows\system32\gaduvoma.exe
c:\windows\system32\liseruka.dll
c:\windows\system32\nugedezo.dll.vir
c:\windows\system32\omonegiy.ini2
c:\windows\system32\omonegiy.tmp
c:\windows\system32\yigenomo.dll
c:\windows\system32\yoguvesi.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\gaduvoma.exe
c:\windows\system32\liseruka.dll
c:\windows\system32\nugedezo.dll.vir
c:\windows\system32\omonegiy.ini
c:\windows\system32\omonegiy.ini2
c:\windows\system32\omonegiy.tmp
c:\windows\system32\omonegiy.tmp2
c:\windows\system32\yigenomo.dll
c:\windows\system32\yoguvesi.exe
c:\windows\S4EA88343.tmp . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2009-03-22 to 2009-04-22 )))))))))))))))))))))))))))))))
.

2009-04-22 21:31 . 2009-04-22 21:31 0 ------w c:\windows\S4EA88343.tmp
2009-04-21 23:04 . 2009-04-21 23:04 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-21 23:04 . 2009-04-21 23:04 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-19 11:21 . 2009-04-19 11:22 -------- d-----w c:\program files\ERUNT
2009-04-19 01:14 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-19 01:14 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-19 01:14 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-19 01:14 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-19 01:14 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-19 01:14 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-19 01:14 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-19 01:14 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-19 01:14 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-19 01:13 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-19 01:13 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-19 01:13 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 19:07 . 2009-04-21 20:39 86 ----a-w c:\windows\wininit.ini
2009-04-14 19:16 . 2009-04-14 19:16 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-01 22:44 . 2009-04-01 22:44 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-04-01 22:31 . 2009-04-01 22:32 -------- dc-h--w c:\windows\ie8
2009-03-25 19:44 . 2009-03-25 19:44 -------- d-----w c:\documents and settings\Ryan\Application Data\Ulead Systems
2009-03-24 19:38 . 2008-04-13 18:46 38912 -c--a-w c:\windows\system32\dllcache\avc.sys
2009-03-24 19:38 . 2008-04-13 18:46 38912 ----a-w c:\windows\system32\drivers\avc.sys
2009-03-24 19:38 . 2008-04-13 18:46 48128 -c--a-w c:\windows\system32\dllcache\61883.sys
2009-03-24 19:38 . 2008-04-13 18:46 48128 ----a-w c:\windows\system32\drivers\61883.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 02:15 . 2008-12-29 17:11 -------- d-----w c:\program files\Microsoft Windows OneCare Live
2009-04-21 23:03 . 2008-09-25 01:13 -------- d-----w c:\program files\Java
2009-04-21 22:52 . 2008-09-26 00:43 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-21 22:39 . 2008-09-25 01:19 -------- d-----w c:\program files\Common Files\Adobe
2009-04-13 23:04 . 2009-01-26 21:51 -------- d-----w c:\documents and settings\Shawn\Application Data\Apple Computer
2009-04-13 22:08 . 2008-09-25 01:14 -------- d-----w c:\program files\Napster
2009-03-27 21:02 . 2008-10-03 20:35 84344 ----a-w c:\documents and settings\Ryan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-08 08:34 . 2008-09-25 00:33 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2008-09-25 00:30 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2008-09-25 00:26 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2008-09-25 00:33 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2008-09-25 00:26 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2008-09-25 00:28 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2008-09-25 00:28 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2008-09-25 00:30 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2008-09-25 00:30 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2008-09-25 00:31 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2008-09-25 00:32 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 02:17 . 2008-11-21 22:41 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-03-01 12:54 . 2008-09-25 04:28 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-26 08:00 . 2009-01-26 22:18 -------- d-----w c:\documents and settings\Adam\Application Data\Apple Computer
2009-02-26 07:55 . 2008-10-02 16:00 84344 ----a-w c:\documents and settings\Adam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-23 06:35 . 2009-02-23 06:35 -------- d-----w c:\documents and settings\Adam\Application Data\Ulead Systems
2009-02-22 12:49 . 2009-02-22 12:49 -------- d-----w c:\program files\AutoStitch
2009-02-21 05:04 . 2008-09-30 17:56 84344 ----a-w c:\documents and settings\Lisa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-20 23:07 . 2008-09-25 02:16 84344 ----a-w c:\documents and settings\Shawn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-09 12:10 . 2008-09-25 00:30 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2008-09-25 00:32 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2008-09-25 00:31 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2008-09-25 00:26 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2008-09-25 00:33 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2008-09-25 00:43 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2008-09-25 00:32 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2008-09-25 00:31 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2008-09-25 00:32 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2008-09-25 00:32 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-25 18:57 . 2009-01-25 18:57 160263 ----a-w c:\windows\Sqirlz Morph Uninstaller.exe
2008-10-28 21:13 . 2008-09-25 04:48 47360 ----a-w c:\documents and settings\Shawn\Application Data\pcouffin.sys
2006-05-03 09:06 . 2008-12-06 01:17 163328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2008-12-06 01:17 31232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2008-12-06 01:17 216064 --sh--r c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2004-08-04 19:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\SP2GDR\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\SP2QFE\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll

[-] 2004-08-04 19:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll

[-] 2004-09-29 18:27 656896 2C07195588D69A067C2AFDAA31759295 c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
[-] 2005-01-27 17:08 657920 A8EAC5330876548E9966A7D13025D196 c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
[-] 2005-05-02 20:57 658944 E1E18136F9DD3DF1AD9C82193A5898A6 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[-] 2005-03-10 07:43 657920 C8663B488996E89A84C3D17C1D12B79E c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
[-] 2008-06-23 16:12 667136 611ACE3F4201E9610AF8452F7C268995 c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll
[-] 2008-06-23 15:09 666112 F12FBB673DE9CC802C5DC518FE99AA2F c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
[-] 2008-06-23 14:54 666624 972299B7241EC325D8C7E5638C884925 c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
[-] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-06-23 15:38 659456 9EEA04BC4C3FA521D256D89940FAB4DB c:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\$NtUninstallKB953838$\wininet.dll
[-] 2005-05-02 20:52 657920 1A078AF3F85D10BA56444C23B3A18E74 c:\windows\$NtUninstallKB953838_0$\wininet.dll
[-] 2008-06-23 15:09 666112 F12FBB673DE9CC802C5DC518FE99AA2F c:\windows\ie7\wininet.dll
[-] 2007-08-13 22:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie8\wininet.dll
[-] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\SoftwareDistribution\Download\13d5d266d7681d26b42f8dff88cadc20\SP2GDR\wininet.dll
[-] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\SoftwareDistribution\Download\13d5d266d7681d26b42f8dff88cadc20\SP2QFE\wininet.dll
[-] 2009-03-08 08:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\system32\wininet.dll
[-] 2009-03-08 08:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\system32\dllcache\wininet.dll

[-] 2005-03-14 01:17 359936 6129E70F3D2F1E60860C930EBEAF92C2 c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[-] 2004-08-04 19:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe

[-] 2004-08-04 19:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[-] 2004-08-04 19:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-01 23:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 19:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-02-28 08:38 2057600 515D30E2C90A3665A2739309334C9283 c:\windows\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntkrnlpa.exe
[-] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[-] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[-] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[-] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2004-08-03 22:59 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\ntkrnlpa.exe

[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2009-02-07 23:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 20:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2007-02-28 09:10 2180352 582A8DBAA58C3B1F176EB2817DAEE77C c:\windows\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntoskrnl.exe
[-] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[-] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[-] 2009-02-07 23:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\ntoskrnl.exe
[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2004-08-04 19:00 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\ntoskrnl.exe

[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2004-08-04 19:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe

[-] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2004-08-04 19:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtServicePackUninstall$\services.exe
[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe
[-] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
[-] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
[-] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
[-] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
[-] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe
[-] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe

[-] 2004-08-04 19:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe

[-] 2004-08-04 19:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe

[-] 2004-08-04 19:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\sp2gdr\spoolsv.exe
[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\sp2qfe\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe

[-] 2004-08-04 19:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe

[-] 2004-08-04 19:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll

[-] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2004-08-04 19:00 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dll
[-] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3qfe\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\SoftwareDistribution\Download\c1835c8cb0bb13f938a8a983ca5edea4\sp2gdr\kernel32.dll
[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\SoftwareDistribution\Download\c1835c8cb0bb13f938a8a983ca5edea4\sp2qfe\kernel32.dll
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll

[-] 2004-08-04 19:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll

[-] 2004-08-04 19:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll

[-] 2004-08-04 19:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-04-20_21.23.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-22 21:31 . 2009-04-22 21:31 16384 c:\windows\Temp\Perflib_Perfdata_e8.dat
+ 2009-04-22 21:32 . 2009-04-22 21:32 16384 c:\windows\Temp\Perflib_Perfdata_640.dat
+ 2009-04-22 21:35 . 2009-04-22 21:35 16384 c:\windows\Temp\Perflib_Perfdata_5e0.dat
+ 2008-09-25 00:31 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2008-09-25 00:31 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
- 2008-09-25 00:31 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
+ 2008-09-25 00:31 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
- 2008-09-25 00:30 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll
+ 2008-09-25 00:30 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
+ 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2008-09-25 00:32 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2008-09-28 11:02 . 2009-03-11 07:03 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-09-28 11:02 . 2009-04-21 22:52 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-09-28 11:02 . 2009-03-11 07:03 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-09-28 11:02 . 2009-04-21 22:52 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-09-28 11:02 . 2009-04-21 22:52 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-09-28 11:02 . 2009-03-11 07:03 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-09-25 00:33 . 2008-04-14 00:12 354304 c:\windows\system32\winhttp.dll
+ 2008-09-25 00:33 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
+ 2008-09-25 00:33 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2008-09-25 00:33 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2008-09-25 00:28 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
- 2004-08-26 16:12 . 2009-03-08 14:11 592488 c:\windows\system32\perfh009.dat
+ 2004-08-26 16:12 . 2009-04-21 23:02 592488 c:\windows\system32\perfh009.dat
- 2004-08-26 16:12 . 2009-03-08 14:11 122716 c:\windows\system32\perfc009.dat
+ 2004-08-26 16:12 . 2009-04-21 23:02 122716 c:\windows\system32\perfc009.dat
- 2008-09-25 00:30 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll
+ 2008-09-25 00:30 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
- 2008-09-25 00:30 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll
+ 2008-09-25 00:30 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
+ 2008-09-25 00:30 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
+ 2009-04-21 23:04 . 2009-04-21 23:04 148888 c:\windows\system32\javaws.exe
+ 2009-04-21 23:04 . 2009-04-21 23:04 144792 c:\windows\system32\javaw.exe
+ 2009-04-21 23:04 . 2009-04-21 23:04 144792 c:\windows\system32\java.exe
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
- 2008-09-28 11:02 . 2009-03-11 07:03 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-09-28 11:02 . 2009-04-21 22:52 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-09-28 11:02 . 2009-04-21 22:52 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2008-09-28 11:02 . 2009-03-11 07:03 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-09-28 11:02 . 2009-04-21 22:52 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2008-09-28 11:02 . 2009-03-11 07:03 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2008-09-28 11:02 . 2009-03-11 07:03 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-09-28 11:02 . 2009-04-21 22:52 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-09-28 11:02 . 2009-04-21 22:52 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2008-09-28 11:02 . 2009-03-11 07:03 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2008-09-28 11:02 . 2009-03-11 07:03 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-09-28 11:02 . 2009-04-21 22:52 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2008-09-28 11:02 . 2009-03-11 07:03 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\Icon.F60662AD.732D.48D1.97A1.488FCBF8848B.exe
+ 2008-09-28 11:02 . 2009-04-21 22:52 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\Icon.F60662AD.732D.48D1.97A1.488FCBF8848B.exe
+ 2008-09-28 11:02 . 2009-04-21 22:52 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\Icon.C0BF9AC7.9665.4BDB.AE4E.70E471637B45.exe
- 2008-09-28 11:02 . 2009-03-11 07:03 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\Icon.C0BF9AC7.9665.4BDB.AE4E.70E471637B45.exe
- 2008-09-28 11:02 . 2009-03-11 07:03 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\Icon.A26328F7.684C.4A20.99D7.415BE7BFC5AD.exe
+ 2008-09-28 11:02 . 2009-04-21 22:52 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\Icon.A26328F7.684C.4A20.99D7.415BE7BFC5AD.exe
+ 2008-09-28 11:02 . 2009-04-21 22:52 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\Icon.72A1BA26.FD08.458B.AFFB.3B5ACAE2523F.exe
- 2008-09-28 11:02 . 2009-03-11 07:03 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\Icon.72A1BA26.FD08.458B.AFFB.3B5ACAE2523F.exe
+ 2008-09-28 11:02 . 2009-04-21 22:52 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\Icon.019F70A4.209C.4D98.96CB.C01CB1515590.exe
- 2008-09-28 11:02 . 2009-03-11 07:03 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\Icon.019F70A4.209C.4D98.96CB.C01CB1515590.exe
- 2008-09-25 00:32 . 2008-05-07 05:12 1288192 c:\windows\system32\quartz.dll
+ 2008-09-25 00:32 . 2008-12-20 22:14 1288192 c:\windows\system32\quartz.dll
+ 2008-09-25 01:55 . 2008-12-20 22:14 1288192 c:\windows\system32\dllcache\quartz.dll
- 2008-09-25 01:55 . 2008-05-07 05:12 1288192 c:\windows\system32\dllcache\quartz.dll
+ 2008-10-15 06:43 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-15 06:43 . 2008-08-14 09:33 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-15 06:43 . 2008-08-14 10:09 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-15 06:43 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-09-28 11:02 . 2009-04-21 22:52 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-09-28 11:02 . 2009-03-11 07:03 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-09-28 11:02 . 2009-04-21 22:52 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\Icon.B0D4E3DD.C4B8.48BE.B274.2FDB3085C8A8.exe
- 2008-09-28 11:02 . 2009-03-11 07:03 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\Icon.B0D4E3DD.C4B8.48BE.B274.2FDB3085C8A8.exe
+ 2008-09-28 11:02 . 2009-04-21 22:52 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\Icon.6DC80DCC.B16A.4D92.9E65.0044D441A542.exe
- 2008-09-28 11:02 . 2009-03-11 07:03 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\Icon.6DC80DCC.B16A.4D92.9E65.0044D441A542.exe
+ 2008-09-28 11:02 . 2009-04-21 22:52 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2008-09-28 11:02 . 2009-03-11 07:03 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-10-15 06:43 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-15 06:43 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-15 06:43 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-15 06:43 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-04-21 22:53 . 2009-04-06 11:57 24921544 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-09 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-18 339968]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-30 185872]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-03-22 63864]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-21 148888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 77824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-17 113664]
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2008-9-24 1742384]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-25 106560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1222305373\\EE\\AOLServiceHost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\lxcfcoms.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=

R3 Sundoihe;Sundoihe;c:\windows\system32\javaw.exe [2009-04-21 144792]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]
S1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2001-12-19 8576]
S2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [2009-03-22 24936]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f689524-bffb-11dd-90ed-0013d3a36fa9}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-22 17:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(480)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxcfcoms.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\StkASv2K.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\program files\Microsoft Windows OneCare Live\winss.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-04-22 17:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-22 21:50
ComboFix2.txt 2009-04-21 22:21
ComboFix3.txt 2009-04-20 21:33

Pre-Run: 16,855,121,920 bytes free
Post-Run: 16,869,134,336 bytes free

460 --- E O F --- 2009-04-21 22:55

=========================================================

And here's the HijackThis log:

=========================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:55 PM, on 4/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcfcoms.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Shawn\My Documents\download\open\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222309078281
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Sundoihe - Sun Microsystems, Inc. - C:\WINDOWS\system32\javaw.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8248 bytes

=========================================================

Thanks! I'll check back and see if there's anything else.

Hi

Sorry for a delayed response. There was something I had to check regarding the results.

Click start->run and write:
services.msc + press enter. Is Cryptographic Services listed and what is its status? If it's different from "Started", double click the service name and select startup type: "Automatic" & click "Start". Click ok to close the window.

Let me know how that goes.

No problem at all.

Cryptographic Services's Status is 'Started', and its Startup Type is 'Automatic. (Didn't have to start it.)

Thanks!

Ok. Seems like some update, might had been IE 8 in your case, caused some odd looking things to appear in your log. How's the system running now?

Seems like it's running fine. All of the symptoms I listed are now gone.

Only a couple of weird things:

When I logged on as my son, I got two popup error boxes, reading:

"Error loading C:\Windows\System32\ruzunife.dll"
and
"Error loading C:\Windows\System32\nugedezo.dll"

So, I went into the registry and took at look at:

HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run

and both dll's were listed there, plus a third, 'dupakoti.dll'.

Removed them all from the registry.

I guess now I'm wondering why it didn't get an error when trying to run dupakoti.dll.

It just occurred to me that maybe you wouldn't want me to remove these. Sorry about that.


One other weird thing, and I'm not sure if it's related to any of this, but sometimes the windows logon screen - where all users are shown and when you click on one, you get to enter the password - it shows the password box, but it doesn't give you a cursor in the box, and you can't click on it to enter a password. I have to click on a user that doesn't have a password, then log off that user, and then it allows me to log on. It's been doing this for a few months now.

Just in case you wanted it, here a fresh HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:31:30 PM, on 4/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcfcoms.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\regedit.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Shawn\My Documents\download\open\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-21-947512437-202339457-2450788053-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Ryan')
O4 - HKUS\S-1-5-21-947512437-202339457-2450788053-1009\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Ryan')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222309078281
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Sundoihe - Sun Microsystems, Inc. - C:\WINDOWS\system32\javaw.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8363 bytes



Thanks again!

It just occurred to me that maybe you wouldn't want me to remove these. Sorry about that.

Click to expand...

Hi

Yes, modifying registry manually is risky. If you see any other similar things post back here, please. That way we can make sure cleaning process goes as safely as possible

One other weird thing, and I'm not sure if it's related to any of this, but sometimes the windows logon screen - where all users are shown and when you click on one, you get to enter the password - it shows the password box, but it doesn't give you a cursor in the box, and you can't click on it to enter a password. I have to click on a user that doesn't have a password, then log off that user, and then it allows me to log on. It's been doing this for a few months now.

Click to expand...

Is it same user account that's causing this? Is it some general account or some that has been created by yourself? If it's the latter, could you delete and then re-create the account?

The log itself looks good

Blade81 said:

Is it same user account that's causing this? Is it some general account or some that has been created by yourself? If it's the latter, could you delete and then re-create the account?

Click to expand...

It doesn't happen every time, and I'm not sure if it's one account always causing it. I'll try to keep an eye on it and see if I can notice a pattern.

Again, thanks for all your help Blade81. Is there another step I have to take?

Is there another step I have to take?

Click to expand...

Hi

Yes, ComboFix uninstallation must be done

• Click START then RUN
• Now type Combofix /u in the runbox and click OK

Blade81 said:

Yes, ComboFix uninstallation must be done

Click to expand...

Ok, ran that. ComboFix complained that OneCare was running, but I ignored that warning since I figured ComboFix was just uninstalling.

Good. Did c:\QooBox folder get removed? Just wanting to make sure uninstalling was successful.

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.