Im sure this does not surprise you, noticed that this bug is on here a lot.
I have read some of the posts. Have had this thing for quite some time now.
Tried to understand and do some of the stuff that I had seen posted, seemed to work at first. But to be honest, really don't know anything about this and really not sure of what i'm doing...Please Help!


What do I need to do 1st?

Hello

Please download ComboFix from Here (http://subs.geekstogo.com/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

-----------------------------------------------------------


Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.


-----------------------------------------------------------
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

I did as you asked. Downloaded combofix.exe. Ran it, It only lasted about 3 sec. a blue screen appeared then disappeared. that was it.. No report? I looked for it in c\combofix There's a lot of files in there but no .txt file. I did however get the hijack this report and i also have a smitfraudfix.txt if it will help? Also a deckards system scan?

Here is the HijackThis report

Do this(don't attach the logs though)

Please download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) and save it to your Desktop.
Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
-- System Information ----------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) M processor 1.60GHz
Percentage of Memory in Use: 73%
Physical Memory (total/avail): 446.17 MiB / 120.11 MiB
Pagefile Memory (total/avail): 1055.78 MiB / 639.33 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1891.16 MiB

C: is Fixed (NTFS) - 51.59 GiB total, 14.44 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK6026GAX - 55.89 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 51.59 GiB - C:
\PARTITION1 - Unknown - 4.29 GiB

-- Security Center --------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton 360 v2007 (SYMANTEC Corporation) Disabled
AV: Norton 360 v2007 (SYMANTEC Corperation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"="C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"="C:\\TOSHIBA\\IVP\\ISM\\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\SymplisIT\\DriverMagic\\DriverMagic.exe"="C:\\Program Files\\SymplisIT\\DriverMagic\\DriverMagic.exe:*:Enabled:DriverMagic Utilities"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

-- Environment Variables --------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\rent-a-center\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DON
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA18
FP_NO_HOST_CHECK=NO
GETMODEL=Satellite L25
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\rent-a-center
LOGONSERVER=\\DON
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\RENT-A~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\RENT-A~1\LOCALS~1\Temp
USERDOMAIN=DON
USERNAME=rent-a-center
USERPROFILE=C:\Documents and Settings\rent-a-center
windir=C:\WINDOWS

-- User Profiles ----------------------------------------------------------
rent-a-center (admin)
Georgia
Administrator (new local, admin)
Guest (guest)

-- Add/Remove Programs ------------------------------------------------
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
--> MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
AC97 Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_FF311179\HXFSETUP.EXE -U -ItosEW6mk.INF
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ArcSoft PhotoImpression --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{708D25B0-6071-441E-AC17-AAA7ABBB0C4A}\setup.exe" -l0x9 -uninst
AT&T Connection Services Manager --> C:\WINDOWS\WNBackup\WnClient62\unwise32.exe /Z /U C:\WINDOWS\WNBackup\WnClient62\install.log "AT&T Connection Services Manager"
Atheros Client Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}\setup.exe" -l0x9
Atheros Wireless LAN MiniPCI card Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}\Setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Backup --> MsiExec.exe /I{24DF7221-644B-4C3A-A478-459502D40522}
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
CDCheck --> "C:\Program Files\CDCheck\uninst.exe"
Conexant AC-Link Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -ItosEW6a.INF
DiscAPI (Studio 10) --> MsiExec.exe /X{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD-RAM Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
GearDrvs --> MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Hard Disk Recovery Utilities --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Toshiba\Hard Disk Recovery Utilities\Uninst.isu"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp instant support --> C:\PROGRA~1\HEWLET~1\hpis\Uninstall.exe /s CeS
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 1200 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1200 series --> MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD for TOSHIBA --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Location Finder --> MsiExec.exe /I{8D6AE289-7A5E-41B4-A7F0-687C2DAB1B87}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Streets & Trips 2006 --> MsiExec.exe /I{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MS Access 97 SP2 --> C:\Program Files\Microsoft Office\setup\setup.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_0_0_242\Setup.exe" /X
Norton 360 HTMLHelp --> MsiExec.exe /I{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Notebook Maximizer --> C:\WINDOWS\iun6002.exe "C:\Program Files\Notebook Maximizer\irunin.ini"
PC-Cleaner --> C:\Program Files\PC-Cleaner\Uninstall.exe
PhoTags Express --> C:\PROGRA~1\PHOTAG~1\Setup.exe /remove /q0
Pinnacle Instant DVD Recorder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\Setup.exe" -l0x9 UNINSTALL
PlayLinc --> MsiExec.exe /I{9CCE527D-356F-41A8-9718-77A68AC065FB}
proDAD Heroglyph 2.5 --> "C:\Program Files\proDAD\Heroglyph-2.5\uninstall.exe" uninstall spcp PATHVERSION 2.5 MAINNAME Heroglyph
Pure Networks Port Magic --> C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Uninstall -ShowUI
Quicken 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RAPID (Studio 10) --> MsiExec.exe /X{EEECE229-49F6-4851-A73A-99B058221F8C}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sony Ericsson Device Data --> MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers --> MsiExec.exe /I{CA621297-7883-4C7B-919D-90CB90D1CFF0}
Sony Ericsson PC Suite --> C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\setup.exe /uninstall
Sony Ericsson PC Suite --> MsiExec.exe /I{52D44F93-8FA9-4945-A817-0E98669CCE03}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Studio 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup2.exe" -l0x9 UNINSTALL
Studio 10 Bonus DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6A012D9C-2E2E-405A-B87C-E909F5297C3F}\Setup.exe" -l0x9 UNINSTALL
Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Symantec Technical Support Controls --> MsiExec.exe /I{45690715-80A6-4445-B61D-ADEC5888E8CD}
Symantec Technical Support Web Controls --> MsiExec.exe /X{5FCDE341-328B-434B-9F21-AF5BADB57852}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TOSHIBA Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
TOSHIBA ConfigFree --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA PC Diagnostic Tool --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
Toshiba Registration --> MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74}
TOSHIBA Software Upgrades --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Speech System Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
Toshiba Tbiosdrv Driver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Toshiba\Toshiba Tbiosdrv Driver\Tbiosdrv.isu"
Toshiba Touchpad Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA} /l1033
Toshiba Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{099D12EC-0321-4CAC-A0CC-33D020156FCD} /l1033
TOSHIBA Zooming Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe"
Touch and Launch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\Setup.exe"
Verizon Games on Demand Player --> "C:\Program Files\Verizon Games on Demand Player\Uninstall.exe"
Verizon Online Help and Support --> C:\PROGRA~1\Verizon\UNWISE.EXE C:\PROGRA~1\Verizon\INSTALL.LOG
Verizon Servicepoint 1.3.21 --> "C:\Program Files\Verizon\Servicepoint\unins000.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Wireless Keyboard --> C:\Program Files\Micro Innovations\Wireless Keyboard\uninst00.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

-- Application Event Log -------------------------------------------------------

Event Record #/Type26911 / Error
Event Submitted/Written: 03/29/2008 10:04:30 PM
Event ID/Source: 11905 / MsiInstaller
Event Description:
Product: URGE -- Error 1905.Module C:\WINDOWS\system32\Macromed\Flash\Flash8c.ocx failed to unregister. HRESULT -2147220472. Contact your support personnel.

Event Record #/Type26052 / Warning
Event Submitted/Written: 03/25/2008 03:03:24 AM
Event ID/Source: 4353 / EventSystem
Event Description:
The COM+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.

Event Record #/Type26051 / Warning
Event Submitted/Written: 03/25/2008 03:03:24 AM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject returned HRESULT 8007041F.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

Both those threads were the extra.txt. for i could not fit it all in one thread(more than 20000 charachters)
Now i will try to perform sending you the maine.txt in one thread, Lets see.

And thank you for all this....very much, Thank you!

Deckard's System Scanner v20071014.68
Run by rent-a-center on 2008-03-31 22:56:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
93: 2008-04-01 02:56:59 UTC - RP250 - Deckard's System Scanner Restore Point
92: 2008-03-30 14:00:26 UTC - RP249 - Norton 360 Registry Clean
91: 2008-03-30 04:04:30 UTC - RP248 - Norton 360 Registry Clean
90: 2008-03-30 02:00:31 UTC - RP247 - Removed URGE
89: 2008-03-30 01:56:23 UTC - RP246 - Configured Verizon PC Security Checkup


-- First Restore Point --
1: 2008-01-09 08:00:37 UTC - RP158 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-31 23:00:00
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\All Users\Application Data\sretexsf\izwrwzav.exe
C:\Program Files\Micro Innovations\Wireless Keyboard\KBDAP32A.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\opabonan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\rent-a-center\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {10F0C2A9-8E38-43e3-204D-45524C494E20} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: GNX Bingo - {B2DCA34E-9D1C-4EDA-A1BE-C24D1B4AAE55} - C:\WINDOWS\kdftlboepta.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Micro Innovations\Wireless Keyboard\KbdAp32A.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [nwchtosu] C:\WINDOWS\system32\opabonan.exe
O4 - HKCU\..\Run: [ozeoxwqq] C:\WINDOWS\system32\fazapkdu.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [w3SnA6V6U0] C:\Documents and Settings\All Users\Application Data\sretexsf\izwrwzav.exe
O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options Group: [TABS] Tabbed Browsing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155489492140
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179065876500
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: dwnrpofk - {1B540E3A-23E1-4D11-BBA8-A1ED73A42BF0} - C:\WINDOWS\dwnrpofk.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


--
End of file - 10036 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsushita Electric Industrial Co.,Ltd.; >
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R2 TBiosDrv - c:\windows\system32\drivers\tbiosdrv.sys
R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>

S3 hamachi_oem (PlayLinc Adapter) - c:\windows\system32\drivers\gan_adapter.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver, OEM>
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys (file missing)
S3 qkbfiltr (Quanta HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\qkbfiltr.sys <Not Verified; Quanta Computer, Inc.; Quanta HotKey Keyboard Filter Driver>
S3 qmofiltr (Quanta HotKey Mouse Filter Driver) - c:\windows\system32\drivers\qmofiltr.sys <Not Verified; Quanta Computer, Inc.; Quanta Mouse Filter Device Driver>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsushita Electric Industrial Co., Ltd.; >


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_FF311179&REV_10\4&13826118&0&10A4
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_FF311179&REV_10\4&13826118&0&10A4
Service: RTL8023xp

Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: Communications Port
Device ID: ROOT\PORTS\0000
Manufacturer: (Standard port types)
Name: Communications Port (COM4)
PNP Device ID: ROOT\PORTS\0000
Service: Serial

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description:
Device ID: ROOT\WPD\0000
Manufacturer:
Name:
PNP Device ID: ROOT\WPD\0000
Service:

-- Files created between 2008-02-29 and 2008-03-31 -----------------------------

2008-03-31 22:04:27 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-31 22:04:27 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-31 22:04:27 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-31 22:04:27 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-31 22:04:27 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-31 22:04:27 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-31 22:04:27 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-31 21:59:51 94208 --a------ C:\WINDOWS\system32\lejmtiho.exe
2008-03-31 21:41:12 2102 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-31 20:51:11 0 d-------- C:\VundoFix Backups
2008-03-31 20:50:45 147456 --a------ C:\VundoFix.exe <Not Verified; Atribune.org; VundoFix>
2008-03-30 22:29:59 0 d-------- C:\Program Files\PC-Cleaner
2008-03-30 20:44:15 98304 --a------ C:\WINDOWS\system32\jihybcdg.exe
2008-03-30 07:08:37 98304 --a------ C:\WINDOWS\system32\fazapkdu.exe
2008-03-29 23:42:51 106496 --a------ C:\WINDOWS\system32\opabonan.exe
2008-03-29 15:24:01 0 dr------- C:\Documents and Settings\NetworkService\My Documents
2008-03-29 15:17:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Verizon
2008-03-29 06:28:06 114688 --a------ C:\WINDOWS\system32\luzkjqlq.exe
2008-03-28 13:39:07 94208 --a------ C:\WINDOWS\system32\epepmzmh.exe
2008-03-27 19:10:40 90112 --a------ C:\WINDOWS\system32\zinunujq.exe
2008-03-25 17:30:24 110592 --a------ C:\WINDOWS\system32\haxofcdw.exe
2008-03-23 22:57:21 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-03-23 22:57:21 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-03-23 22:57:21 4096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-03-23 22:57:21 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-03-23 22:57:20 4096 --a------ C:\WINDOWS\system32taack.exe
2008-03-23 22:57:20 4096 --a------ C:\WINDOWS\system32taack.dat
2008-03-23 22:57:20 4096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-03-23 22:57:20 4096 --a------ C:\WINDOWS\system32sncntr.exe
2008-03-23 22:57:20 0 d-------- C:\WINDOWS\system32smp
2008-03-23 22:57:20 4096 --a------ C:\WINDOWS\system32psoft1.exe
2008-03-23 22:57:20 4096 --a------ C:\WINDOWS\system32psof1.exe
2008-03-23 22:57:20 4096 --a------ C:\WINDOWS\system32ps1.exe
2008-03-23 22:57:20 4096 --a------ C:\WINDOWS\system32mwin32.exe
2008-03-23 22:57:20 4096 --a------ C:\WINDOWS\system32msnbho.dll
2008-03-23 22:57:20 4096 --a------ C:\WINDOWS\system32medup020.dll
2008-03-23 22:57:20 4096 --a------ C:\WINDOWS\system32medup012.dll
2008-03-23 22:57:20 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-03-23 22:57:20 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-03-23 22:57:20 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-03-23 22:57:20 4096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-03-23 22:57:20 4096 --a------ C:\WINDOWS\a.bat
2008-03-23 22:57:20 0 d-------- C:\Documents and Settings\rent-a-center\Desktopvirii
2008-03-23 22:57:19 4096 --a------ C:\WINDOWS\system32thun32.dll
2008-03-23 22:57:19 4096 --a------ C:\WINDOWS\system32thun.dll
2008-03-23 22:57:19 4096 --a------ C:\WINDOWS\system32temp#01.exe
2008-03-23 22:57:19 4096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-03-23 22:57:19 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-03-23 22:57:19 4096 --a------ C:\WINDOWS\system32regm64.dll
2008-03-23 22:57:19 4096 --a------ C:\WINDOWS\system32regc64.dll
2008-03-23 22:57:19 4096 --a------ C:\WINDOWS\system32netode.exe
2008-03-23 22:57:19 4096 --a------ C:\WINDOWS\system32mtr2.exe
2008-03-23 22:57:19 4096 --a------ C:\WINDOWS\system32msvchost.exe
2008-03-23 22:57:19 4096 --a------ C:\WINDOWS\system32msgp.exe
2008-03-23 22:57:19 4096 --a------ C:\WINDOWS\system32h@tkeysh@@k.dll
2008-03-23 22:57:19 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-03-23 22:57:19 4096 --a------ C:\Documents and Settings\rent-a-center\Desktopfilemanagerclient.exe
2008-03-23 22:57:18 4096 --a------ C:\WINDOWS\winsystem.exe
2008-03-23 22:57:18 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-03-23 22:57:18 4096 --a------ C:\WINDOWS\system32winsystem.exe
2008-03-23 22:57:18 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-03-23 22:57:18 4096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-03-23 22:57:18 4096 --a------ C:\WINDOWS\system32sysreq.exe
2008-03-23 22:57:18 4096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-03-23 22:57:18 4096 --a------ C:\WINDOWS\system32newsd32.exe
2008-03-23 22:57:18 4096 --a------ C:\WINDOWS\system32mssecu.exe
2008-03-23 22:57:18 4096 --a------ C:\WINDOWS\system32emesx.dll
2008-03-23 22:57:18 4096 --a------ C:\WINDOWS\system32bdn.com
2008-03-23 22:57:18 4096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-03-23 22:57:18 4096 --a------ C:\WINDOWS\system32anticipator.dll
2008-03-23 22:57:18 4096 --a------ C:\WINDOWS\system32akttzn.exe
2008-03-23 22:57:18 4096 --a------ C:\WINDOWS\mssecu.exe
2008-03-23 22:57:18 4096 --a------ C:\WINDOWS\bdn.com
2008-03-23 22:57:18 4096 --a------ C:\Documents and Settings\rent-a-center\DesktopFWebdEditor.exe
2008-03-23 22:57:18 4096 --a------ C:\Documents and Settings\rent-a-center\Desktopfwebd.exe
2008-03-23 22:56:41 0 d-------- C:\Documents and Settings\All Users\Application Data\sretexsf
2008-03-23 22:55:15 270336 --a------ C:\WINDOWS\vbgtorfd.dll
2008-03-23 22:55:15 249856 --a------ C:\WINDOWS\dwnrpofk.dll
2008-03-23 22:55:14 184320 --a------ C:\WINDOWS\qvdntlmw.dll
2008-03-23 22:55:14 94208 --a------ C:\WINDOWS\norlatmx.exe
2008-03-23 22:55:14 249856 --a------ C:\WINDOWS\kdftlboepta.dll
2008-03-16 10:35:25 0 d-------- C:\Program Files\RegistrySmart
2008-03-11 06:31:18 0 d-------- C:\Program Files\Windows Sidebar
2008-03-11 06:28:29 0 d-------- C:\Program Files\Symantec
2008-03-11 06:28:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec


-- Find3M Report ---------------------------------------------------------------

2008-03-31 22:04:09 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-29 21:59:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-29 21:59:18 0 d-------- C:\Program Files\Common Files
2008-03-29 21:58:22 0 d-------- C:\Program Files\Verizon
2008-03-28 14:34:16 0 d-------- C:\Documents and Settings\rent-a-center\Application Data\Real
2008-03-26 16:13:27 0 d-------- C:\Program Files\Yahoo!
2008-03-16 08:09:51 0 d-------- C:\Program Files\Norton 360
2008-03-14 07:04:12 29364 --a----c- C:\Documents and Settings\rent-a-center\Application Data\wklnhst.dat
2008-03-13 20:28:46 0 d-------- C:\Documents and Settings\rent-a-center\Application Data\Yahoo!
2008-03-12 22:43:11 0 d-------- C:\Documents and Settings\rent-a-center\Application Data\LimeWire
2008-03-12 22:41:08 0 d-------- C:\Program Files\LimeWire
2008-03-12 14:45:23 0 d-------- C:\Documents and Settings\rent-a-center\Application Data\Macromedia
2008-03-12 14:43:03 0 d-------- C:\Program Files\Google
2008-03-12 12:42:52 0 d-------- C:\Documents and Settings\rent-a-center\Application Data\Adobe
2008-03-11 06:35:44 0 d-------- C:\Documents and Settings\rent-a-center\Application Data\Symantec
2008-02-17 18:46:46 0 d-------- C:\Program Files\Common Files\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
02/23/2008 10:08 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
03/11/2008 06:32 AM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2DCA34E-9D1C-4EDA-A1BE-C24D1B4AAE55}]
03/23/2008 08:11 PM 249856 --a------ C:\WINDOWS\kdftlboepta.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [02/23/2008 10:08 PM 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FLMK08KB"="C:\Program Files\Micro Innovations\Wireless Keyboard\KbdAp32A.exe" [07/13/2007 10:39 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/18/2007 11:16 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [02/26/2008 10:50 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [08/09/2005 06:47 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/18/2008 03:37 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"nwchtosu"="C:\WINDOWS\system32\opabonan.exe" [03/29/2008 11:42 PM]
"ozeoxwqq"="C:\WINDOWS\system32\fazapkdu.exe" [03/30/2008 07:08 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [4/6/2003 1:17:18 AM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [4/6/2003 1:06:58 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"w3SnA6V6U0"=C:\Documents and Settings\All Users\Application Data\sretexsf\izwrwzav.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"dwnrpofk"= {1B540E3A-23E1-4D11-BBA8-A1ED73A42BF0} - C:\WINDOWS\dwnrpofk.dll [03/23/2008 08:11 PM 249856]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SMC2532W-B 2.4GHz High Power WLAN Utility.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rent-a-center^Start Menu^Programs^Startup^wkcalrem.LNK]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notebook Maximizer]
C:\Program Files\Notebook Maximizer\maximizer_startup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
c:\toshiba\ivp\ism\pinger.exe /run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Hotkey Utility]
"c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
C:\Program Files\Verizon\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-03-31 23:02:05 ------------

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {10F0C2A9-8E38-43e3-204D-45524C494E20} - (no file)
O2 - BHO: GNX Bingo - {B2DCA34E-9D1C-4EDA-A1BE-C24D1B4AAE55} - C:\WINDOWS\kdftlboepta.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKCU\..\Run: [nwchtosu] C:\WINDOWS\system32\opabonan.exe
O4 - HKCU\..\Run: [ozeoxwqq] C:\WINDOWS\system32\fazapkdu.exe
O4 - HKLM\..\Policies\Explorer\Run: [w3SnA6V6U0] C:\Documents and Settings\All Users\Application Data\sretexsf\izwrwzav.exe
O21 - SSODL: dwnrpofk - {1B540E3A-23E1-4D11-BBA8-A1ED73A42BF0} - C:\WINDOWS\dwnrpofk.dll

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download the OTMoveIt2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe).

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):



[kill explorer]
C:\WINDOWS\kdftlboepta.dll
C:\Documents and Settings\All Users\Application Data\sretexsf
C:\WINDOWS\dwnrpofk.dll
C:\WINDOWS\system32\lejmtiho.exe
C:\Program Files\PC-Cleaner
C:\WINDOWS\system32\luzkjqlq.exe
C:\WINDOWS\system32\jihybcdg.exe
C:\WINDOWS\system32\fazapkdu.exe
C:\WINDOWS\system32\opabonan.exe
C:\WINDOWS\system32\epepmzmh.exe
C:\WINDOWS\system32\zinunujq.exe
C:\WINDOWS\system32\haxofcdw.exe
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\a.bat
C:\Documents and Settings\rent-a-center\Desktopvirii
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32dpcproxy.exe
C:\Documents and Settings\rent-a-center\Desktopfilemanagerclient.exe
C:\WINDOWS\winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\bdn.com
C:\Documents and Settings\rent-a-center\DesktopFWebdEditor.exe
C:\Documents and Settings\rent-a-center\Desktopfwebd.exe
C:\Documents and Settings\All Users\Application Data\sretexsf
C:\WINDOWS\vbgtorfd.dll
C:\WINDOWS\dwnrpofk.dll
C:\WINDOWS\qvdntlmw.dll
C:\WINDOWS\norlatmx.exe
C:\WINDOWS\kdftlboepta.dll
purity
[start explorer]


Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Reboot and post a new DSS log

I brought up HijackThis ran it and searched for the items you sugested. I found them all except:

O4 - HKCU\..\Run: [nwchtosu] C:\WINDOWS\system32\opabonan.exe
O4 - HKCU\..\Run: [ozeoxwqq] C:\WINDOWS\system32\fazapkdu.exe
O4 - HKLM\..\Policies\Explorer\Run: [w3SnA6V6U0] C:\Documents and Settings\All Users\Application Data\sretexsf\izwrwzav.exe

At this point I chose not to do anything just yet until i hear from you!

Nothing to worry about

You can go on with the rest of the steps

Explorer killed successfully
File/Folder C:\WINDOWS\kdftlboepta.dll not found.
C:\Documents and Settings\All Users\Application Data\sretexsf moved successfully.
File/Folder C:\WINDOWS\dwnrpofk.dll not found.
C:\WINDOWS\system32\lejmtiho.exe moved successfully.
C:\Program Files\PC-Cleaner moved successfully.
C:\WINDOWS\system32\luzkjqlq.exe moved successfully.
C:\WINDOWS\system32\jihybcdg.exe moved successfully.
File/Folder C:\WINDOWS\system32\fazapkdu.exe not found.
File/Folder C:\WINDOWS\system32\opabonan.exe not found.
C:\WINDOWS\system32\epepmzmh.exe moved successfully.
C:\WINDOWS\system32\zinunujq.exe moved successfully.
C:\WINDOWS\system32\haxofcdw.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\userconfig9x.dll NOT unregistered.
C:\WINDOWS\userconfig9x.dll moved successfully.
C:\WINDOWS\system32winlogonpc.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hoproxy.dll NOT unregistered.
C:\WINDOWS\system32hoproxy.dll moved successfully.
C:\WINDOWS\FVProtect.exe moved successfully.
C:\WINDOWS\system32taack.exe moved successfully.
C:\WINDOWS\system32taack.dat moved successfully.
LoadLibrary failed for C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssurf022.dll NOT unregistered.
C:\WINDOWS\system32ssurf022.dll moved successfully.
C:\WINDOWS\system32sncntr.exe moved successfully.
C:\WINDOWS\system32smp moved successfully.
C:\WINDOWS\system32psoft1.exe moved successfully.
C:\WINDOWS\system32psof1.exe moved successfully.
C:\WINDOWS\system32ps1.exe moved successfully.
C:\WINDOWS\system32mwin32.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32msnbho.dll NOT unregistered.
C:\WINDOWS\system32msnbho.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32medup020.dll NOT unregistered.
C:\WINDOWS\system32medup020.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup012.dll NOT unregistered.
C:\WINDOWS\system32medup012.dll moved successfully.
C:\WINDOWS\system32hxiwlgpm.exe moved successfully.
C:\WINDOWS\system32hxiwlgpm.dat moved successfully.
C:\WINDOWS\system32bsva-egihsg52.exe moved successfully.
C:\WINDOWS\iTunesMusic.exe moved successfully.
C:\WINDOWS\a.bat moved successfully.
C:\Documents and Settings\rent-a-center\Desktopvirii moved successfully.
LoadLibrary failed for C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32thun32.dll NOT unregistered.
C:\WINDOWS\system32thun32.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun.dll NOT unregistered.
C:\WINDOWS\system32thun.dll moved successfully.
C:\WINDOWS\system32temp#01.exe moved successfully.
C:\WINDOWS\system32ssvchost.exe moved successfully.
C:\WINDOWS\system32ssvchost.com moved successfully.
LoadLibrary failed for C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32regm64.dll NOT unregistered.
C:\WINDOWS\system32regm64.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regc64.dll NOT unregistered.
C:\WINDOWS\system32regc64.dll moved successfully.
C:\WINDOWS\system32netode.exe moved successfully.
C:\WINDOWS\system32mtr2.exe moved successfully.
C:\WINDOWS\system32msvchost.exe moved successfully.
C:\WINDOWS\system32msgp.exe moved successfully.
< C:\WINDOWS\system32h@tkeysh@@k.dll >
LoadLibrary failed for C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32h@tkeysh@@k.dll NOT unregistered.
C:\WINDOWS\system32h@tkeysh@@k.dll moved successfully.
C:\WINDOWS\system32dpcproxy.exe moved successfully.
C:\Documents and Settings\rent-a-center\Desktopfilemanagerclient.exe moved successfully.
C:\WINDOWS\winsystem.exe moved successfully.
C:\WINDOWS\system32WINWGPX.EXE moved successfully.
C:\WINDOWS\system32winsystem.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32vcatchpi.dll NOT unregistered.
C:\WINDOWS\system32vcatchpi.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vbsys2.dll NOT unregistered.
C:\WINDOWS\system32vbsys2.dll moved successfully.
C:\WINDOWS\system32sysreq.exe moved successfully.
C:\WINDOWS\system32Rundl1.exe moved successfully.
C:\WINDOWS\system32newsd32.exe moved successfully.
C:\WINDOWS\system32mssecu.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32emesx.dll NOT unregistered.
C:\WINDOWS\system32emesx.dll moved successfully.
C:\WINDOWS\system32bdn.com moved successfully.
LoadLibrary failed for C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32awtoolb.dll NOT unregistered.
C:\WINDOWS\system32awtoolb.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32anticipator.dll NOT unregistered.
C:\WINDOWS\system32anticipator.dll moved successfully.
C:\WINDOWS\system32akttzn.exe moved successfully.
C:\WINDOWS\mssecu.exe moved successfully.
C:\WINDOWS\bdn.com moved successfully.
C:\Documents and Settings\rent-a-center\DesktopFWebdEditor.exe moved successfully.
C:\Documents and Settings\rent-a-center\Desktopfwebd.exe moved successfully.
File/Folder C:\Documents and Settings\All Users\Application Data\sretexsf not found.
File/Folder C:\WINDOWS\vbgtorfd.dll not found.
File/Folder C:\WINDOWS\dwnrpofk.dll not found.
File/Folder C:\WINDOWS\qvdntlmw.dll not found.
File/Folder C:\WINDOWS\norlatmx.exe not found.
File/Folder C:\WINDOWS\kdftlboepta.dll not found.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04082008_203515

Hello again,



My PC restarted and windows put up a message: Viruses were removed from your computer click to see details.............
trojan: win 32/virtumande.b removed
trojan; win32/vundo.bh removed


the rest said that they were not infected.....

Post a new DSS log there

Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.