Infected With Browser New Screen Ad Pop-ups, Do not know how to remove it - help! [Archive]

View Full Version : Infected With Browser New Screen Ad Pop-ups, Do not know how to remove it - help!

sirwin

2008-05-08, 05:32

Our Windows XP computer is infected with malware that pop-ups ads in new browser screens. After shutting a number of them down, the computer will eventually freeze and require warm or (usually) cold re-boot. I'd greatly appreciate help erradicating this malware.

Here are the DSS/HJT reports:

Main.txt DSS Notepad:

Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-04-20 10:07:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

-- Last 5 Restore Point(s) --
99: 2008-04-20 15:00:32 UTC - RP821 - Deckard's System Scanner Restore Point
98: 2008-04-19 19:49:15 UTC - RP820 - System Checkpoint
97: 2008-04-17 23:31:40 UTC - RP819 - System Checkpoint
96: 2008-04-16 16:46:41 UTC - RP818 - System Checkpoint
95: 2008-04-15 16:24:24 UTC - RP817 - System Checkpoint

-- First Restore Point --
1: 2008-03-28 14:00:31 UTC - RP723 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as HP_Owner.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:42 AM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\DRIVERS\dcfssvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\nda.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
O1 - Hosts: 127.0.1.35 ehrc1
O1 - Hosts: 127.0.1.32 ordms
O1 - Hosts: 127.0.1.26 codms
O1 - Hosts: 127.0.1.31 nydms
O1 - Hosts: 127.0.1.36 bhte
O1 - Hosts: 127.0.1.25 cmdms
O1 - Hosts: 127.0.1.21 orrdms1
O1 - Hosts: 127.0.1.23 cldmweb1
O1 - Hosts: 127.0.1.14 lardms1
O1 - Hosts: 127.0.1.22 dcrdms1
O1 - Hosts: 127.0.1.20 derdms1
O1 - Hosts: 127.0.1.33 baker380
O1 - Hosts: 127.0.1.17 cirdms1
O1 - Hosts: 127.0.1.24 cidms
O1 - Hosts: 127.0.1.15 cmrdms1
O1 - Hosts: 127.0.1.16 cordms1
O1 - Hosts: 127.0.1.28 dedms
O1 - Hosts: 127.0.1.18 hordms1
O1 - Hosts: 127.0.1.29 hodms
O1 - Hosts: 127.0.1.34 bhweb1
O1 - Hosts: 127.0.1.11 cldms
O1 - Hosts: 127.0.1.30 ladms
O1 - Hosts: 127.0.1.13 cldms2
O1 - Hosts: 127.0.1.27 dcdms
O1 - Hosts: 127.0.1.19 nyrdms1
O1 - Hosts: 127.0.1.12 cldms1
O1 - Hosts: 127.0.1.37 bhte1
O1 - Hosts: 127.0.1.10 baker500
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B22B590-F73E-4FF9-BFF0-C29BC9C19C68} - C:\WINDOWS\system32\opnmMdDs.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {2729112d-08fb-c919-dfe4-49b723f12a69} - {96a21f32-7b94-4efd-919c-bf80d2119272} - C:\WINDOWS\system32\edbgmray.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~2.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [BarbieGirlsTray] C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [7894640e] rundll32.exe "C:\WINDOWS\system32\qxpcyijb.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Malware Sweeper] C:\Program Files\MalwareSweeper.com\MalwareSweeper\MalSwep.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [POSTRBT] C:\Program Files\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bc.edu/bc_org/avp/law/lwsch/jou...er/tdserver.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...l?noreloadredir
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133327129531
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9F51E426-6EED-11D3-80B8-00C04F610DBB} (WebTransferCtrl Class) - https://bhvpn.bakerlaw.com/worksite/bin/iMa...dmweb1,CT=java+
O16 - DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} (LogData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.125 85.255.112.214
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.125 85.255.112.214
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\system32\DRIVERS\dcfssvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 16707 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 DcCam (Kodak Camera Proxy) - c:\windows\system32\drivers\dccam.sys <Not Verified; Eastman Kodak Company; Kodak Digital Camera Driver>
R2 BrPar - c:\windows\system32\drivers\brpar.sys <Not Verified; Brother Industries Ltd.; Brother Parallel Class Driver>
R2 DCFS2k - c:\windows\system32\drivers\dcfs2k.sys <Not Verified; Eastman Kodak Company; Kodak DC File System Driver (NT)>
R3 DcLps (Legacy Polling Service) - c:\windows\system32\drivers\dclps.sys <Not Verified; Eastman Kodak Company; Kodak Digital Camera LPS Driver>
R3 RT73 (Belkin USB Network Adapter) - c:\windows\system32\drivers\rt73.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>
R3 smserial - c:\windows\system32\drivers\smserial.sys <Not Verified; Motorola Inc.; Motorola SM56 Modem>

S1 Exportit - c:\windows\system32\drivers\exportit.sys <Not Verified; Eastman Kodak Company; Kodak DC File System driver>
S1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
S3 CA561 (ICatch (VI) PC Camera) - c:\windows\system32\drivers\spca561.sys (file missing)
S3 DcFpoint - c:\windows\system32\drivers\dcfpoint.sys <Not Verified; Eastman Kodak Company; Kodak Digital Camera FP Driver>
S3 DcPTP (%DcPTP.SvcDesc%) - c:\windows\system32\drivers\dcptp.sys <Not Verified; Eastman Kodak Company; Kodak Digital Camera PTP Driver>
S3 Ser2pl (Prolific2 Serial port driver) - c:\windows\system32\drivers\ser2pl.sys <Not Verified; Prolific Technology Inc.; Prolific USB-to-Serial Bridge Cable>
S3 SQTECH907B (EZCam(PID_907B_00)) - c:\windows\system32\drivers\capt907b.sys <Not Verified; Service & Quality Technology.; SQ907B>
S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Belkin Wireless USB Network Adapter Service (Belkin Wireless USB Network Adapter) - c:\program files\belkin\belkin wireless network utility\wlservice.exe
R2 Dcfssvc - c:\windows\system32\drivers\dcfssvc.exe <Not Verified; Eastman Kodak Company; Kodak DC File System Driver (Win32)>
R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>
R3 lxcg_device - c:\windows\system32\lxcgcoms.exe -service <Not Verified; ; Printer Communication System>

S0 Pml Driver HPZ12 - \systemroot\c:\windows\system32\hpzipm12.exe (file missing)
S2 Automatic LiveUpdate Scheduler - "c:\program files\symantec\liveupdate\aluschedulersvc.exe" (file missing)
S3 LiveUpdate - "c:\progra~1\symantec\liveup~1\lucoms~1.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-04-14 07:37:35 414 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-04-11 15:46:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-01 01:00:16 358 --a------ C:\WINDOWS\Tasks\McQcTask.job
2007-12-15 02:13:21 356 --a------ C:\WINDOWS\Tasks\McDefragTask.job

-- Files created between 2008-03-20 and 2008-04-20 -----------------------------

2008-04-20 09:31:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-20 09:31:25 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-20 01:20:31 87616 --a------ C:\WINDOWS\system32\qxpcyijb.dll
2008-04-14 21:02:50 3648 --a------ C:\WINDOWS\system32\dqekbmyv.dll
2008-04-13 20:00:56 3648 --a------ C:\WINDOWS\system32\uchvsyxp.dll
2008-04-12 15:07:09 3648 --a------ C:\WINDOWS\system32\yeoiwyqn.dll
2008-04-11 09:51:42 3648 --a------ C:\WINDOWS\system32\qkiilkuy.dll
2008-04-10 15:13:22 93248 --a------ C:\WINDOWS\system32\edbgmray.dll
2008-04-10 09:50:30 3648 --a------ C:\WINDOWS\system32\inmrrrxu.dll
2008-04-09 08:17:09 90688 --a------ C:\WINDOWS\system32\rbbtcpig.dll
2008-04-09 08:05:37 3648 --a------ C:\WINDOWS\system32\iwvhjrli.dll
2008-04-07 22:36:11 90176 --a------ C:\WINDOWS\system32\vumavcqh.dll
2008-04-07 07:48:49 0 d-------- C:\Program Files\Trend Micro
2008-04-06 22:38:59 89664 --a------ C:\WINDOWS\system32\kjrnmtuf.dll
2008-04-06 22:37:37 0 d-------- C:\Program Files\Lavasoft
2008-04-06 22:37:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-06 22:36:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-05 12:57:10 89664 --a------ C:\WINDOWS\system32\bchmulbe.dll
2008-04-04 08:50:16 90688 --a------ C:\WINDOWS\system32\cystdcgp.dll
2008-04-03 22:34:59 138752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-03 22:34:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-04-03 22:34:52 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Spyware Terminator
2008-04-03 22:34:46 0 d-------- C:\Program Files\Spyware Terminator
2008-04-03 20:42:43 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-04-03 20:42:42 10752 --a------ C:\WINDOWS\system32\md5.dll <Not Verified; ; MD5 Maker>
2008-04-03 20:42:41 0 d-------- C:\Program Files\MalwareSweeper.com
2008-04-03 08:45:32 89152 --a------ C:\WINDOWS\system32\ivolojuu.dll
2008-04-03 06:03:43 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-02 08:49:58 91712 --a------ C:\WINDOWS\system32\ygickovg.dll
2008-04-01 14:10:18 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Move Networks
2008-04-01 08:45:42 90688 --a------ C:\WINDOWS\system32\lbjysnkh.dll
2008-03-31 08:45:30 90688 --a------ C:\WINDOWS\system32\pmypliap.dll
2008-03-31 08:39:39 90688 --a------ C:\WINDOWS\system32\vewuygxo.dll
2008-03-30 08:01:13 90176 --a------ C:\WINDOWS\system32\eoontnuu.dll
2008-03-29 11:40:59 0 d-------- C:\WINDOWS\system32\QuickTime
2008-03-29 11:40:19 0 d-------- C:\Program Files\Broderbund
2008-03-28 09:00:47 6815744 --a------ C:\Documents and Settings\HP_Owner\ntuser.dat
2008-03-28 09:00:20 316294 --ahs---- C:\WINDOWS\system32\sDdMmnpo.ini2
2008-03-28 09:00:15 273920 --a------ C:\WINDOWS\system32\opnmMdDs.dll

-- Find3M Report ---------------------------------------------------------------

2008-04-20 10:07:13 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Skype
2008-04-20 10:05:26 3645 --a------ C:\WINDOWS\viassary-hp.reg
2008-04-20 00:44:20 0 d-------- C:\Program Files\Lx_cats
2008-04-13 18:00:02 0 d-------- C:\Program Files\Norton Security Scan
2008-04-06 22:36:46 0 d-------- C:\Program Files\Common Files
2008-04-02 23:05:16 0 d-------- C:\Program Files\McAfee
2008-03-28 20:53:26 0 d-------- C:\Program Files\The Learning Company
2008-03-14 11:47:39 0 d-------- C:\Program Files\iTunes
2008-03-14 11:46:58 0 d-------- C:\Program Files\iPod
2008-03-14 11:44:41 0 d-------- C:\Program Files\QuickTime
2008-03-12 21:38:50 0 d-------- C:\Program Files\THQ
2008-02-28 11:08:45 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Adobe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B22B590-F73E-4FF9-BFF0-C29BC9C19C68}]
03/28/2008 09:00 AM 273920 --a------ C:\WINDOWS\system32\opnmMdDs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96a21f32-7b94-4efd-919c-bf80d2119272}]
04/10/2008 03:13 PM 93248 --a------ C:\WINDOWS\system32\edbgmray.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/26/2005 12:34 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [05/12/2005 08:12 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/19/2005 06:06 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [07/19/2007 12:34 PM]
"CMPDPSRV"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE" [10/31/2001 01:25 PM]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [07/20/2005 12:48 PM]
"lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [07/21/2005 01:07 AM]
"EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [08/01/2005 07:05 AM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [07/12/2005 08:36 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 02:33 AM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 05:33 PM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [10/25/2007 05:37 PM]
"BarbieGirlsTray"="C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe" [03/14/2007 09:59 PM]
"@"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/31/2008 11:13 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
"7894640e"="C:\WINDOWS\system32\qxpcyijb.dll" [04/20/2008 01:20 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [12/18/2006 05:32 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/05/2007 11:57 AM]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe" [02/01/2005 04:43 PM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"Malware Sweeper"="C:\Program Files\MalwareSweeper.com\MalwareSweeper\MalSwep.exe" [11/11/2007 04:20 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
"POSTRBT"=C:\Program Files\Norton AntiVirus\Navw32.exe /REMEDIATE

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [9/19/2005 6:25:42 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [9/19/2005 6:26:07 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Wallpaper"=C:\WINDOWS\desktop.html

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\opnmMdDs.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

-- Hosts -----------------------------------------------------------------------

127.0.1.35 ehrc1
127.0.0.1 clmail3
127.0.0.1 clmail2
127.0.0.1 clmail1
127.0.1.32 ordms
127.0.1.26 codms
127.0.0.1 ormail1
127.0.1.31 nydms
127.0.0.1 clconn
127.0.1.36 bhte

46 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-04-20 10:10:55 ------------

Extra.txt DSS Notepad:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3200+
Percentage of Memory in Use: 56%
Physical Memory (total/avail): 958.48 MiB / 415.8 MiB
Pagefile Memory (total/avail): 2312.59 MiB / 1805.37 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1916.34 MiB

C: is Fixed (NTFS) - 178.79 GiB total, 158.53 GiB free.
D: is Fixed (FAT32) - 7.5 GiB total, 1.66 GiB free.
E: is CDROM (CDFS)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (FAT32)
K: is Removable (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SP2004C - 186.31 GiB - 2 partitions
\PARTITION0 - Unknown - 7.51 GiB - D:
\PARTITION1 (bootable) - Installable File System - 178.79 GiB - C:

\\.\PHYSICALDRIVE4 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE6 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE1 - Mattel Barbie Girl USB Device - 486.34 MiB - 1 partition
\PARTITION0 (bootable) - Unknown - 493.36 MiB - J:

\\.\PHYSICALDRIVE2 - Mattel Barbie Girl USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CMpdpsrv.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CMpdpsrv.exe:*:Enabled:PDP RPC Server"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-27E1513D96
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Owner
LOGONSERVER=\\YOUR-27E1513D96
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp
USERDOMAIN=YOUR-27E1513D96
USERNAME=HP_Owner
USERPROFILE=C:\Documents and Settings\HP_Owner
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

HP_Owner (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Groove Playback Engine --> RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E629851A-1B1A-4671-961A-A9AF549E03A2}\SETUP.EXE" -l0x9
Arthur's Premium CD --> C:\Program Files\The Learning Company\Arthur's Premium CD\uninstal.exe
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Barbie Girls --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{16B18999-56D7-4E8F-A40C-385E68A6D0CD}
Beauty and the Beast Magical Ballroom --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\DISNEY~1\BEAUTY~1\DeIsL1.isu
Belkin 54g USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Belkin\Belkin Wireless Network Utility\setup.exe" -l0x9
Blue's Kindergarten --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Infogrames Interactive\Blue's Kindergarten\DeIsL1.isu"
Brother 1440 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Brother\BRHL1440\DeIsL1.isu" -cbrunin144.dll
BZFlag 2.0.10 (remove only) --> "C:\Program Files\BZFlag2.0.10\uninstall.exe"
Cinderella's Dollhouse --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\DISNEY~1\DISNEY~4\DeIsL1.isu
Compaq IJ650 Inkjet Printer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88739060-F683-11D3-B761-00105AD153C7}\Setup.exe" UNINSTALL
Curious George Reading and Phonics --> C:\Program Files\Common Files\Knowledge Adventure\Uninstall\CGLearnUn.exe
D.W. the Picky Eater --> C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\LIVING~1\DW0A6E~1.THE\DeIsL1.isu"
Disney's Lilo and Stitch Hawaiian Adventure --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F82EB619-2205-11D6-B2F7-0002A5E32BEF}\setup.exe" Disney's Lilo and Stitch Hawaiian Adventure
Disney's Magic Artist Cartoon Maker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C468F15-CC56-11D5-AA2E-0008C760B784}\setup.exe" Disney's Magic Artist Cartoon Maker
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
EZCam --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93E582AF-E067-4603-BA27-866001B8BFE9}\Setup.exe" -l0x9
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Boot Optimizer --> MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
JumpStart Baby Connect and Play --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Knowledge Adventure\JSBBIICP\DeIsL1.isu"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KODAK DC4800 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{313F731E-E2D9-486F-8352-4C59EC57D139}\setup.exe"
Lexmark 2300 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcgUNST.EXE -NOLICENSE
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe
Little Mermaid II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE90BF5F-501C-4893-A7D7-44C64FC2308C}\setup.exe" -l0x9 Little Mermaid II
Little Shop of Treasures --> "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\Little Shop of Treasures.rguninst"
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Legacy USB Camera Driver Package --> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\10.51.2023\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"legacyqcam_10.51" /clone_wait /hide_progress
Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Logitech QuickCam Driver Package --> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Malware Sweeper 2.3.0.1 --> "C:\Program Files\MalwareSweeper.com\MalwareSweeper\unins000.exe"
Math Missions Grades 3-5 --> C:\PROGRA~1\SCHOLA~1\MATHMI~1\UNWISE.EXE /U C:\PROGRA~1\SCHOLA~1\MATHMI~1\INSTALL.LOG
Math Missions Grades K-2 --> C:\PROGRA~1\SCHOLA~1\MATHMI~2\UNWISE.EXE /U C:\PROGRA~1\SCHOLA~1\MATHMI~2\INSTALL.LOG
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Command & Control Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mscnc.inf, Uninstall
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Small Business --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Dancer LE --> MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Speech API 3.0 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\spchapi.inf, Uninstall
Microsoft Speech Lexicon --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mslex.inf, Uninstall
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mighty Math Zoo Zillions --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E21C6EB0-7C25-4214-B054-760CA14A1AC8}
Miuchiz - Planet Mion --> C:\PROGRA~1\Miuchiz\UNWISE.EXE C:\PROGRA~1\Miuchiz\INSTALL.LOG
Miuchiz TM Update --> MsiExec.exe /X{9A413E96-21B7-4BE1-9466-5A001D29D6B2}
Motorola SM56 Speakerphone Modem --> C:\WINDOWS\Motorola\SMSERIAL\sm56unst.exe
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
My Scene Goes Hollywood™ CD-ROM --> C:\Program Files\Common Files\Vivendi Universal Games\Uninstall\MySceneHWUn.exe
Nick Aracde Toolbar --> C:\Program Files\nickarcade\uninstall.exe -uninstall -prompt
NickToons Winners Cup Racing --> C:\Program Files\THQ\NickToons Winners Cup Racing\Uninstall.exe
Norton Security Scan --> MsiExec.exe /I{48B82226-75E3-4E90-92CC-D30F79EA6380}
Office 2003 Tour --> MsiExec.exe /I{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}
Oregon Trail 5 --> C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Oregon Trail 5\Uninstall.xml"
PhotoShow Deluxe 3 --> "C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\Uninstall.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Reader Rabbit Personalized Kindergarten --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The Learning Company\Reader Rabbit Personalized Kindergarten\Uninst.isu"
RealArcade --> "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sesame Street Toddler --> C:\Program Files\The Learning Company\Sesame Street\Toddler\uninstal.exe
Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype add-on for IE --> rundll32 "C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll",FriendlyUnregisterServer 0
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Spyware Terminator --> "C:\Program Files\Spyware Terminator\unins000.exe"
Thomas & Friends - Trouble on the Tracks --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Thomas & Friends - Trouble on the Tracks\Uninst.isu"
Toy Story 2 Activity Center --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\DISNEY~1\TOYSTO~1\DeIsL1.isu
TurboTax Deluxe 2005 --> C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
Updates from HP (remove only) --> C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}

-- Application Event Log -------------------------------------------------------

Event Record #/Type30198 / Warning
Event Submitted/Written: 04/20/2008 10:06:37 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{3BBB8098-03C8-48DC-AA83-9B2159E12E0D}'

Event Record #/Type30197 / Warning
Event Submitted/Written: 04/20/2008 10:06:37 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' does not exist.

Event Record #/Type30196 / Warning
Event Submitted/Written: 04/20/2008 10:06:36 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{3BBB8098-03C8-48DC-AA83-9B2159E12E0D}'

Event Record #/Type30195 / Warning
Event Submitted/Written: 04/20/2008 10:06:36 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' does not exist.

Event Record #/Type30189 / Success
Event Submitted/Written: 04/20/2008 10:06:30 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type92076 / Error
Event Submitted/Written: 04/20/2008 10:10:04 AM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.

Event Record #/Type92040 / Error
Event Submitted/Written: 04/20/2008 10:04:04 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Automatic LiveUpdate Scheduler service failed to start due to the following error:
%%3

Event Record #/Type92026 / Error
Event Submitted/Written: 04/20/2008 09:53:01 AM
Event ID/Source: 1001 / Dhcp
Event Description:
Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 00173F495CF0. The following error
occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type91995 / Error
Event Submitted/Written: 04/20/2008 09:51:56 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Automatic LiveUpdate Scheduler service failed to start due to the following error:
%%3

Event Record #/Type91991 / Warning
Event Submitted/Written: 04/20/2008 09:51:33 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00173F495CF0. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

-- End of Deckard's System Scanner: finished at 2008-04-20 10:10:55 ------------

Blade81

2008-05-08, 08:23

Hi

You may want to print out these instructions for reference, since you
will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make
sure Run fixit is checked and click Finish. The fix will
begin; follow the prompts. You will be asked to reboot your computer;
please do so. Your system may take longer than usual to load; this is
normal.

At the end of the fix, you may need to restart your computer again.

Finally, please post the contents of
the logfile C:\fixwareout\report.txt

Then we continue with ComboFix

1. Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log & a fresh hjt log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

sirwin

2008-05-13, 04:34

In order as you requested. What's next? Scott

Documents and Settings\HP_Owner\neoteris_read_27811128.reg
2005-12-13 19:20 3,321,638 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_8140933.reg
2005-12-07 14:02 3,321,638 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_26564976.reg
2005-11-26 15:55 184 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2001-05-21 14:54 3,932 ------w C:\Documents and Settings\HP_Owner\Application Data\CMLayout.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 17:32 25365032]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 11:57 68856]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe" [2005-02-01 16:43 163840]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"Malware Sweeper"="C:\Program Files\MalwareSweeper.com\MalwareSweeper\MalSwep.exe" [2007-11-11 16:20 696320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 00:34 245760]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 08:12 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-09-19 18:06 180269]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-19 12:34 1836544]
"CMPDPSRV"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE" [2001-10-31 13:25 45056]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 12:48 73728]
"lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 01:07 200704]
"EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 07:05 94208]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 08:36 299008]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 02:33 582992]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"BarbieGirlsTray"="C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe" [2007-03-14 21:59 24576]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 07:00 53760 C:\WINDOWS\system32\narrator.exe]
"POSTRBT"="C:\Program Files\Norton AntiVirus\Navw32.exe" [ ]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2005-09-19 18:25:42 36864]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2005-09-19 18:26:07 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CMpdpsrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 bb-run;Promise driver accelerator;C:\WINDOWS\system32\DRIVERS\bb-run.sys [2003-11-05 17:45]
R0 ftsata2;ftsata2;C:\WINDOWS\system32\DRIVERS\ftsata2.sys [2005-04-14 23:12]
R0 iaStor;Intel RAID Controller;C:\WINDOWS\system32\DRIVERS\iaStor.sys [2005-03-09 20:09]
R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\system32\DRIVERS\DcCam.sys [2000-06-08 16:22]
R1 eeCtrl;Symantec Eraser Control driver;C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-01-22 17:46]
R2 Apple Mobile Device;Apple Mobile Device;"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [2007-10-31 15:09]
R2 BrPar;BrPar;C:\WINDOWS\system32\drivers\BrPar.sys [2000-07-24 01:01]
R2 DCFS2k;DCFS2k;C:\WINDOWS\system32\DRIVERS\DCFS2k.sys [2000-05-29 18:57]
R2 Dcfssvc;dcfssvc;C:\WINDOWS\system32\DRIVERS\dcfssvc.exe [2000-05-18 15:00]
R2 LVCOMSer;LVCOMSer;"C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe" [2007-10-19 14:17]
R2 LVPrcSrv;Process Monitor;"C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" [2007-10-19 14:19]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service;"C:\Program Files\Spyware Terminator\sp_rsser.exe" [2008-04-03 22:35]
R2 WMDM PMSP Service;WMDM PMSP Service;C:\WINDOWS\system32\MsPMSPSv.exe [2001-05-01 17:06]
R3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 16:05]
R3 DcLps;Legacy Polling Service;C:\WINDOWS\system32\DRIVERS\DcLps.sys [2000-06-08 16:22]
R3 lvpopflt;Logitech POP Suppression Filter;C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-10-11 20:59]
R3 LVUVC;Logitech QuickCam Pro 5000(UVC);C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-10-11 21:00]
R3 RT73;Belkin USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-08-02 23:00]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 13:10]
R3 smserial;smserial;C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-01-25 08:56]
S1 Exportit;Exportit;C:\WINDOWS\system32\DRIVERS\exportit.sys [2000-06-27 10:59]
S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S2 LVSrvLauncher;LVSrvLauncher;C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 14:21]
S3 CA561;ICatch (VI) PC Camera;C:\WINDOWS\system32\Drivers\SPCA561.SYS []
S3 DcFpoint;DcFpoint;C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2000-06-08 16:22]
S3 DcPTP;%DcPTP.SvcDesc%;C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2000-06-08 16:22]
S3 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe [2004-08-04 07:00]
S3 FilterService;UVC Filter Service;C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-10-11 21:01]
S3 GoogleDesktopManager;GoogleDesktopManager;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-19 12:34]
S3 NdisIP;Microsoft TV/Video Connection;C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 23:10]
S3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 16:27]
S3 RimUsb;BlackBerry Device;C:\WINDOWS\system32\Drivers\RimUsb.sys [2006-04-11 16:43]
S3 Ser2pl;Prolific2 Serial port driver;C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-11-30 21:54]
S3 SLIP;BDA Slip De-Framer;C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 23:10]
S3 SQTECH907B;EZCam(PID_907B_00);C:\WINDOWS\system32\Drivers\Capt907B.sys [2005-05-10 15:12]
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 15:09]
S3 WpdUsb;WpdUsb;C:\WINDOWS\system32\Drivers\wpdusb.sys [2005-01-28 22:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-04-11 20:46:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-15 07:13:21 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-04-01 06:00:16 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-04-21 12:52:35 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 19:46:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-12 19:50:13
ComboFix-quarantined-files.txt 2008-05-13 00:49:49

Pre-Run: 169,878,278,144 bytes free
Post-Run: 169,863,626,752 bytes free

289 --- E O F --- 2008-03-23 20:43:13

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:03 PM, on 5/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\DRIVERS\dcfssvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\nda.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~2.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [BarbieGirlsTray] C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Malware Sweeper] C:\Program Files\MalwareSweeper.com\MalwareSweeper\MalSwep.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [POSTRBT] C:\Program Files\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bc.edu/bc_org/avp/law/lwsch/jou...er/tdserver.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...l?noreloadredir
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133327129531
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9F51E426-6EED-11D3-80B8-00C04F610DBB} (WebTransferCtrl Class) - https://bhvpn.bakerlaw.com/worksite/bin/iMa...dmweb1,CT=java+
O16 - DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} (LogData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\system32\DRIVERS\dcfssvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 15102 bytes

Blade81

2008-05-13, 07:15

Hi

You didn't post fixwareout report (contents of C:\fixwareout\report.txt file) and also ComboFix log (c:\ComboFix.txt file) beginning part was missing. Please post complete contents of those logs.

sirwin

2008-05-13, 07:19

Username "HP_Owner" - 05/12/2008 19:04:39 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.113.125 85.255.112.214" <Value cleared.

Successfully flushed the DNS Resolver Cache.

System was rebooted successfully.

~~~~~ Postrun check
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "xqesc" Value deleted
HKCR\CLSID\{60C4F75A-07A1-4F2E-AB1A-6357BC636256}\_h\4 Deleted.
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
48,50,5c,48,50,20,53,6f,66,74,77,61,72,65,20,55,70,64,61,74,65,5c,48,50,77,\
75,53,63,68,64,32,2e,65,78,65,00
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"CMPDPSRV"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\CMPDPSRV.EXE"
"LXCGCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCGtime.dll,_RunDLLEntry@16"
"lxcgmon.exe"="\"C:\\Program Files\\Lexmark 2300 Series\\lxcgmon.exe\""
"EzPrint"="\"C:\\Program Files\\Lexmark 2300 Series\\ezprint.exe\""
"FaxCenterServer"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s"
"mcagent_exe"="C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe /runkey"
"LogitechCommunicationsManager"="\"C:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\Communications_Helper.exe\""
"LogitechQuickCamRibbon"="\"C:\\Program Files\\Logitech\\QuickCam\\Quickcam.exe\" /hide"
"BarbieGirlsTray"="C:\\Program Files\\Mattel\\Barbie Girls\\Mattel.BarbieGirls.Tray.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"7894640e"="rundll32.exe \"C:\\WINDOWS\\system32\\ysywqiuo.dll\",b"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\SIMPLE~1\\PHOTOS~1\\data\\xtras\\mssysmgr.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Malware Sweeper"="C:\\Program Files\\MalwareSweeper.com\\MalwareSweeper\\MalSwep.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

ComboFix 08-05-12.1 - HP_Owner 2008-05-12 19:39:11.2 - NTFSx86
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Desktop\Online Security Guide.url
C:\Documents and Settings\All Users\Desktop\Security Troubleshooting.url
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\aunqajql.ini
C:\WINDOWS\system32\bchmulbe.dll
C:\WINDOWS\system32\bjiycpxq.ini
C:\WINDOWS\system32\bpuqxssh.ini
C:\WINDOWS\system32\bqqgykeh.ini
C:\WINDOWS\system32\ckosgoey.ini
C:\WINDOWS\system32\clfvlwyu.ini
C:\WINDOWS\system32\cystdcgp.dll
C:\WINDOWS\system32\dathoame.ini
C:\WINDOWS\system32\dqekbmyv.dll
C:\WINDOWS\system32\edbgmray.dll
C:\WINDOWS\system32\eoontnuu.dll
C:\WINDOWS\system32\ffckcouw.ini
C:\WINDOWS\system32\ftpuhsnd.ini
C:\WINDOWS\system32\hljnwvgh.ini
C:\WINDOWS\system32\hlvbcqru.ini
C:\WINDOWS\system32\inmrrrxu.dll
C:\WINDOWS\system32\ivolojuu.dll
C:\WINDOWS\system32\iwvhjrli.dll
C:\WINDOWS\system32\jrbmntrk.ini
C:\WINDOWS\system32\jwvqmpqp.ini
C:\WINDOWS\system32\kjrnmtuf.dll
C:\WINDOWS\system32\kpxqhryq.ini
C:\WINDOWS\system32\kwsqaekf.ini
C:\WINDOWS\system32\lbjysnkh.dll
C:\WINDOWS\system32\loeictww.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ogopvwip.ini
C:\WINDOWS\system32\opnmMdDs.dll
C:\WINDOWS\system32\orwupydd.ini
C:\WINDOWS\system32\ouiqwysy.ini
C:\WINDOWS\system32\phajqjuf.ini
C:\WINDOWS\system32\pmypliap.dll
C:\WINDOWS\system32\qkiilkuy.dll
C:\WINDOWS\system32\rbbtcpig.dll
C:\WINDOWS\system32\sDdMmnpo.ini
C:\WINDOWS\system32\sDdMmnpo.ini2
C:\WINDOWS\system32\sqoheqgm.ini
C:\WINDOWS\system32\sytfrtwr.ini
C:\WINDOWS\system32\tcpcmbwq.ini
C:\WINDOWS\system32\uchvsyxp.dll
C:\WINDOWS\system32\vewuygxo.dll
C:\WINDOWS\system32\vumavcqh.dll
C:\WINDOWS\system32\wkjmyjis.ini
C:\WINDOWS\system32\wxjmgpok.ini
C:\WINDOWS\system32\yeoiwyqn.dll
C:\WINDOWS\system32\ygickovg.dll
C:\WINDOWS\system32\ysywqiuo.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 )))))))))))))))))))))))))))))))
.

2008-05-12 19:42 . 2008-05-12 19:42 <DIR> d-------- C:\4d9232dfc5dcb5052bb7cd652be2
2008-05-12 19:38 . 2008-05-12 19:38 <DIR> d-------- C:\WINDOWS\LastGood
2008-05-12 19:37 . 2004-08-04 07:00 388,608 --a------ C:\WINDOWS\system32\CF11361.exe
2008-05-12 19:04 . 2008-05-12 19:09 <DIR> d-------- C:\fixwareout
2008-05-07 20:57 . 2008-05-07 20:57 <DIR> d-------- C:\Program Files\CCleaner
2008-05-07 20:48 . 2008-05-07 20:48 0 --a------ C:\WINDOWS\system32\sytfrtwr.tmp
2008-04-20 10:00 . 2008-04-20 10:00 <DIR> d-------- C:\Deckard
2008-04-20 09:31 . 2008-04-20 09:31 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-20 09:31 . 2008-04-20 09:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 00:42 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Skype
2008-05-13 00:33 3,645 ----a-w C:\WINDOWS\viassary-hp.reg
2008-05-13 00:30 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-05-13 00:30 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad
2008-05-08 16:00 --------- d-----w C:\Program Files\Lx_cats
2008-04-23 01:30 --------- d-----w C:\Program Files\McAfee
2008-04-20 23:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-04-07 12:48 --------- d-----w C:\Program Files\Trend Micro
2008-04-07 03:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-07 03:37 --------- d-----w C:\Program Files\Lavasoft
2008-04-07 03:36 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 13:30 --------- d-----w C:\Program Files\Spyware Terminator
2008-04-04 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-04-04 13:23 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Spyware Terminator
2008-04-04 03:34 138,752 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-04 01:42 --------- d-----w C:\Program Files\MalwareSweeper.com
2008-04-03 11:29 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Move Networks
2008-04-03 11:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-29 16:40 --------- d-----w C:\Program Files\Broderbund
2008-03-29 01:53 --------- d-----w C:\Program Files\The Learning Company
2008-03-14 16:47 --------- d-----w C:\Program Files\iTunes
2008-03-14 16:46 --------- d-----w C:\Program Files\iPod
2008-03-14 16:44 --------- d-----w C:\Program Files\QuickTime
2008-03-13 02:38 --------- d-----w C:\Program Files\THQ
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\SETC.tmp
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\SETB4.tmp
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\SETD.tmp
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\SETB5.tmp
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-01-15 03:27 92,528 ----a-w C:\Documents and Settings\HP_Owner\Application Data\GDIPFONTCACHEV1.DAT
2006-07-14 19:20 3,426,032 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_17010151.reg
2006-07-11 17:44 3,423,062 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_1067475.reg
2006-07-05 05:37 3,420,454 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_22992473.reg
2006-07-03 11:50 3,420,478 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_2830910.reg
2006-07-02 20:31 3,420,478 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_11733267.reg
2006-07-01 18:35 3,420,478 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_17815542.reg
2006-07-01 15:11 3,420,478 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_5285449.reg
2006-07-01 14:00 3,420,478 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_12206609.reg
2006-06-30 21:28 3,420,478 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_9716945.reg
2006-06-29 13:15 3,420,454 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_7488714.reg
2006-06-19 16:41 3,420,572 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_13961193.reg
2006-06-19 14:52 3,420,572 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_26117441.reg
2006-06-16 21:28 3,419,334 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_17818297.reg
2006-06-16 03:01 3,421,470 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_8703610.reg
2006-06-14 23:48 3,421,494 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_24778599.reg
2006-06-14 01:48 3,415,106 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_1635615.reg
2006-06-08 14:04 3,415,106 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_10127976.reg
2006-05-19 13:36 3,415,106 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_10769718.reg
2006-05-16 18:40 3,415,106 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_9296972.reg
2006-05-10 15:33 3,414,104 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_3299256.reg
2006-04-28 21:13 3,336,568 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_8755816.reg
2006-04-28 19:07 3,336,568 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_20280994.reg
2006-04-26 16:01 3,336,568 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_11800260.reg
2006-04-24 13:29 3,335,578 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_25383640.reg
2006-04-21 19:14 3,335,578 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_25621063.reg
2006-04-19 17:04 3,335,578 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_23257749.reg
2006-04-18 14:25 3,335,578 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_21565109.reg
2006-04-17 17:23 3,335,514 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_9194103.reg
2006-04-11 20:50 3,331,506 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_25857250.reg
2006-04-11 17:40 3,331,506 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_8406772.reg
2006-04-04 02:59 3,331,506 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_14050342.reg
2006-03-27 05:03 3,331,506 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_20843194.reg
2006-03-21 15:12 3,330,468 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_15020576.reg
2006-03-18 01:37 3,330,468 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_23376028.reg
2006-03-06 13:20 3,330,468 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_15354046.reg
2006-02-17 15:30 3,326,066 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_9299042.reg
2006-02-14 15:53 3,326,042 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_24374386.reg
2006-02-03 18:14 3,326,066 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_26009930.reg
2005-12-19 16:10 3,323,670 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_27811128.reg
2005-12-13 19:20 3,321,638 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_8140933.reg
2005-12-07 14:02 3,321,638 ----a-w C:\Documents and Settings\HP_Owner\neoteris_read_26564976.reg
2005-11-26 15:55 184 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2001-05-21 14:54 3,932 ------w C:\Documents and Settings\HP_Owner\Application Data\CMLayout.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 17:32 25365032]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 11:57 68856]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe" [2005-02-01 16:43 163840]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"Malware Sweeper"="C:\Program Files\MalwareSweeper.com\MalwareSweeper\MalSwep.exe" [2007-11-11 16:20 696320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 00:34 245760]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 08:12 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-09-19 18:06 180269]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-19 12:34 1836544]
"CMPDPSRV"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE" [2001-10-31 13:25 45056]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 12:48 73728]
"lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 01:07 200704]
"EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 07:05 94208]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 08:36 299008]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 02:33 582992]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"BarbieGirlsTray"="C:\Program Files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe" [2007-03-14 21:59 24576]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 07:00 53760 C:\WINDOWS\system32\narrator.exe]
"POSTRBT"="C:\Program Files\Norton AntiVirus\Navw32.exe" [ ]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2005-09-19 18:25:42 36864]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2005-09-19 18:26:07 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CMpdpsrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 bb-run;Promise driver accelerator;C:\WINDOWS\system32\DRIVERS\bb-run.sys [2003-11-05 17:45]
R0 ftsata2;ftsata2;C:\WINDOWS\system32\DRIVERS\ftsata2.sys [2005-04-14 23:12]
R0 iaStor;Intel RAID Controller;C:\WINDOWS\system32\DRIVERS\iaStor.sys [2005-03-09 20:09]
R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\system32\DRIVERS\DcCam.sys [2000-06-08 16:22]
R1 eeCtrl;Symantec Eraser Control driver;C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-01-22 17:46]
R2 Apple Mobile Device;Apple Mobile Device;"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [2007-10-31 15:09]
R2 BrPar;BrPar;C:\WINDOWS\system32\drivers\BrPar.sys [2000-07-24 01:01]
R2 DCFS2k;DCFS2k;C:\WINDOWS\system32\DRIVERS\DCFS2k.sys [2000-05-29 18:57]
R2 Dcfssvc;dcfssvc;C:\WINDOWS\system32\DRIVERS\dcfssvc.exe [2000-05-18 15:00]
R2 LVCOMSer;LVCOMSer;"C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe" [2007-10-19 14:17]
R2 LVPrcSrv;Process Monitor;"C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" [2007-10-19 14:19]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service;"C:\Program Files\Spyware Terminator\sp_rsser.exe" [2008-04-03 22:35]
R2 WMDM PMSP Service;WMDM PMSP Service;C:\WINDOWS\system32\MsPMSPSv.exe [2001-05-01 17:06]
R3 Afc;PPdus ASPI Shell;C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 16:05]
R3 DcLps;Legacy Polling Service;C:\WINDOWS\system32\DRIVERS\DcLps.sys [2000-06-08 16:22]
R3 lvpopflt;Logitech POP Suppression Filter;C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-10-11 20:59]
R3 LVUVC;Logitech QuickCam Pro 5000(UVC);C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-10-11 21:00]
R3 RT73;Belkin USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-08-02 23:00]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 13:10]
R3 smserial;smserial;C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-01-25 08:56]
S1 Exportit;Exportit;C:\WINDOWS\system32\DRIVERS\exportit.sys [2000-06-27 10:59]
S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S2 LVSrvLauncher;LVSrvLauncher;C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 14:21]
S3 CA561;ICatch (VI) PC Camera;C:\WINDOWS\system32\Drivers\SPCA561.SYS []
S3 DcFpoint;DcFpoint;C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2000-06-08 16:22]
S3 DcPTP;%DcPTP.SvcDesc%;C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2000-06-08 16:22]
S3 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe [2004-08-04 07:00]
S3 FilterService;UVC Filter Service;C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-10-11 21:01]
S3 GoogleDesktopManager;GoogleDesktopManager;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-19 12:34]
S3 NdisIP;Microsoft TV/Video Connection;C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 23:10]
S3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 16:27]
S3 RimUsb;BlackBerry Device;C:\WINDOWS\system32\Drivers\RimUsb.sys [2006-04-11 16:43]
S3 Ser2pl;Prolific2 Serial port driver;C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-11-30 21:54]
S3 SLIP;BDA Slip De-Framer;C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 23:10]
S3 SQTECH907B;EZCam(PID_907B_00);C:\WINDOWS\system32\Drivers\Capt907B.sys [2005-05-10 15:12]
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 15:09]
S3 WpdUsb;WpdUsb;C:\WINDOWS\system32\Drivers\wpdusb.sys [2005-01-28 22:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-04-11 20:46:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-15 07:13:21 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-04-01 06:00:16 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-04-21 12:52:35 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 19:46:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-12 19:50:13
ComboFix-quarantined-files.txt 2008-05-13 00:49:49

Pre-Run: 169,878,278,144 bytes free
Post-Run: 169,863,626,752 bytes free

289 --- E O F --- 2008-03-23 20:43:13

Blade81

2008-05-13, 08:51

Hi

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\sytfrtwr.tmp
C:\WINDOWS\viassary-hp.reg
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\WINDOWS\system32\drivers\logiflt.iad

Save this as
CFScript

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Run Kaspersky online scanner and post back its report & a fresh hjt log (without forgetting above meantioned ComboFix resultant log).

Blade81

2008-05-19, 21:27

Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.

Edit:
http://forums.spybot.info/showthread.php?t=28291

-tashi