BucNut

Here I thought we were going to have to reformat the hard drive! You're help was unbelievable, and my grandson and I want to thank you so very much for all your help. We've already downloaded ERUNT and are taking care of the other options to eliminate the need for full panic mode again. Thank you, thank you, thank you and have a wonderful weekend! BucNut

Good morning! The computer is running very well, and you've impressed a 12 year old grandson and his MaMae with your incredible knowledge! Again, you have gone above and beyond and I can't begin to tell you how much your hard work is appreciated. RunMe.bat file report: -c----w 502,272 2004-08-04 10:00:00 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe ----a-w 507,904 2008-04-14 00:12:39 C:\WINDOWS\ERDNT\cache\winlogon.exe -c----w 507,904 2008-04-14 00:12:39 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe ------w 507,904 2008-04-14 00:12:39 C:\WINDOWS\system32\winlogon.exe ----a-w 507,904 2008-04-14 00:12:39 C:\WINDOWS\system32\dllcache\winlogon.exe Entries: 5 (5) Directories: 0 Files: 5 Bytes: 2,533,888 Blocks: 4,949

ComboFix 09-09-18.01 - Gary McClellan 09/18/2009 23:57.2.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.453 [GMT -4:00] Running from: c:\documents and settings\Gary McClellan\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Gary McClellan\Desktop\CFScript.txt FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\TEMP\logishrd\LVPrcInj01.dll C:\winlogon.exe . --------------- FCopy --------------- c:\windows\ServicePackFiles\i386\winlogon.exe --> c:\windows\system32\winlogon.exe . ((((((((((((((((((((((((( Files Created from 2009-08-19 to 2009-09-19 ))))))))))))))))))))))))))))))) . 2009-09-18 22:15 . 2009-09-18 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2009-09-18 20:54 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe 2009-09-18 19:34 . 2009-09-18 19:34 -------- d-----w- c:\windows\{D9FAE986-A4C1-4A2D-8B20-60F92F4222AD} 2009-09-18 17:30 . 2009-09-18 17:30 -------- d-----w- c:\documents and settings\Gary McClellan\Application Data\Malwarebytes 2009-09-18 17:30 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-18 17:30 . 2009-09-18 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-18 17:30 . 2009-09-18 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-18 17:30 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-18 16:11 . 2008-04-14 00:12 14336 ----a-w- c:\windows\system32\svchost.exe 2009-09-18 16:11 . 2008-04-14 00:12 14336 ----a-w- c:\windows\system32\dllcache\svchost.exe 2009-09-16 19:44 . 2009-09-16 19:44 -------- d-----w- c:\program files\Trend Micro 2009-09-12 23:03 . 2009-09-12 23:03 -------- d-----w- c:\documents and settings\Administrator.GARY\Application Data\Simply Super Software 2009-09-12 23:01 . 2009-09-12 23:01 -------- d-----w- c:\documents and settings\Administrator.GARY\Local Settings\Application Data\Mozilla 2009-09-12 22:34 . 2009-09-12 23:04 100536 ----a-w- c:\documents and settings\Administrator.GARY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-12 22:34 . 2006-11-30 21:31 -------- d--h--w- c:\documents and settings\Administrator.GARY\Application Data\Gtek 2009-09-12 22:34 . 2006-11-30 21:29 -------- d-----w- c:\documents and settings\Administrator.GARY\Application Data\InstallShield 2009-09-12 21:28 . 2009-07-28 20:09 55552 ----a-w- c:\windows\system32\drivers\tdifw_drv.sys 2009-09-12 18:30 . 2009-09-12 18:30 -------- d-----w- c:\program files\Screaming Bee LLC 2009-09-12 17:17 . 2009-09-12 17:17 -------- d-----w- c:\documents and settings\Gary McClellan\Local Settings\Application Data\IsolatedStorage 2009-09-12 17:09 . 2009-09-12 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Screaming Bee 2009-09-11 00:00 . 2009-09-11 00:00 41872 ----a-w- c:\windows\system32\xfcodec.dll 2009-09-07 05:28 . 2009-09-07 06:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment 2009-09-07 03:00 . 2009-09-12 17:10 -------- d-----w- c:\documents and settings\Gary McClellan\Application Data\Screaming Bee 2009-09-07 02:57 . 2009-09-12 17:25 -------- d-----w- c:\program files\Screaming Bee 2009-08-31 15:10 . 2009-08-31 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-08-31 15:10 . 2009-08-31 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-08-30 23:57 . 2009-09-07 17:21 -------- d-----w- c:\documents and settings\Gary McClellan\Application Data\uTorrent 2009-08-30 23:24 . 2009-07-03 16:24 -------- d-----w- c:\documents and settings\Gary McClellan\Dolphin 2009-08-30 15:28 . 2009-08-30 15:29 -------- dc----w- C:\PacSteamT 2009-08-30 15:28 . 2009-08-30 15:28 -------- d-----w- c:\program files\Common Files\Thraex Software 2009-08-30 04:04 . 2009-08-30 14:30 -------- d-----w- c:\program files\FreeMind 2009-08-27 11:47 . 2009-08-27 11:47 5679 ----a-w- c:\windows\unins000.dat 2009-08-27 11:47 . 2009-08-27 11:47 685849 ----a-w- c:\windows\unins000.exe 2009-08-25 02:57 . 2009-08-25 02:57 -------- d-----w- c:\documents and settings\Gary McClellan\Application Data\Artweaver 2009-08-25 02:56 . 2009-08-27 11:47 -------- d-----w- c:\program files\Artweaver 0.5 2009-08-22 02:38 . 2009-08-22 02:38 -------- dc----w- C:\nDoors 2009-08-22 00:39 . 2009-08-22 00:39 -------- d-----w- c:\documents and settings\Gary McClellan\Local Settings\Application Data\Pinnacle 2009-08-21 13:28 . 2009-09-19 02:06 772224 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-19 04:07 . 2008-09-03 20:31 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2009-09-19 04:07 . 2008-09-03 20:31 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2009-09-19 04:05 . 2009-02-15 16:27 -------- d-----w- c:\documents and settings\Gary McClellan\Application Data\DNA 2009-09-19 02:09 . 2009-05-24 12:48 -------- d-----w- c:\program files\Steam 2009-09-19 02:09 . 2009-02-15 16:27 -------- d-----w- c:\program files\DNA 2009-09-18 20:33 . 2008-12-20 14:47 -------- d-----w- c:\program files\VSTplugins 2009-09-18 20:33 . 2009-06-09 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony 2009-09-18 20:29 . 2009-06-02 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts 2009-09-18 20:29 . 2009-06-02 23:10 -------- d-----w- c:\program files\Electronic Arts 2009-09-18 19:48 . 2007-01-07 22:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-18 19:47 . 2006-12-27 19:42 -------- d-----w- c:\program files\Belkin 2009-09-18 16:12 . 2009-02-06 23:36 -------- d-----w- c:\documents and settings\Gary McClellan\Application Data\Hamachi 2009-09-16 20:13 . 2007-08-26 16:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-16 20:12 . 2006-11-30 21:27 -------- d-----w- c:\program files\Google 2009-09-16 19:43 . 2008-03-08 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-16 19:14 . 2008-04-21 16:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-16 14:34 . 2008-05-06 01:29 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2009-09-12 18:28 . 2007-07-15 00:18 -------- d-----w- c:\documents and settings\Gary McClellan\Application Data\Xfire 2009-09-10 07:10 . 2008-05-14 11:15 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-07 17:22 . 2009-07-26 06:25 -------- d-----w- c:\program files\PCPitstop 2009-09-07 17:21 . 2008-03-08 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop 2009-09-07 13:47 . 2008-06-17 01:30 -------- d-----w- c:\program files\World of Warcraft 2009-09-07 04:10 . 2007-01-03 13:38 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2009-08-31 20:21 . 2009-03-06 21:15 -------- d-----w- c:\program files\Norton Security Scan 2009-08-31 15:10 . 2006-11-30 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-08-30 14:42 . 2008-10-03 19:14 -------- d-----w- c:\program files\ZD Soft 2009-08-30 14:31 . 2007-06-19 19:43 -------- d-----w- c:\program files\Pivot Stickfigure Animator 2009-08-30 14:29 . 2009-07-30 09:36 -------- d-----w- c:\program files\Autodesk 2009-08-30 04:59 . 2006-12-25 16:11 100536 ----a-w- c:\documents and settings\Gary McClellan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-22 02:20 . 2009-01-31 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files 2009-08-21 22:46 . 2009-02-22 20:23 -------- d-----w- c:\program files\Microsoft Games 2009-08-19 20:46 . 2009-08-19 20:19 -------- d-----w- c:\documents and settings\Gary McClellan\Application Data\TeamViewer 2009-08-19 20:19 . 2009-08-19 20:19 -------- d-----w- c:\program files\TeamViewer 2009-08-19 03:09 . 2007-06-15 01:18 2984 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-08-19 03:08 . 2007-06-15 01:18 -------- d-----w- c:\documents and settings\Gary McClellan\Application Data\Corel 2009-08-19 03:08 . 2007-06-15 01:18 88 --sh--r- c:\windows\system32\5E231424C1.sys 2009-08-18 15:21 . 2008-12-26 06:20 -------- d-----w- c:\documents and settings\Gary McClellan\Application Data\WeGame 2009-08-18 12:11 . 2008-12-26 06:19 -------- d-----w- c:\program files\WeGame 2009-08-16 03:04 . 2007-10-05 21:24 -------- d-----w- c:\program files\7-Zip 2009-08-15 03:13 . 2009-08-15 03:13 -------- d-----w- c:\program files\Magic Bullet Editors 2.0 Vegas 2009-08-15 03:09 . 2009-08-15 03:09 -------- d-----w- c:\program files\Pixelan 2009-08-13 01:08 . 2009-08-13 01:07 -------- d-----w- c:\program files\Hamachi 2009-08-13 01:07 . 2009-02-06 23:35 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2009-08-12 04:08 . 2009-08-11 23:25 -------- d-----w- c:\program files\Postal2STP 2009-08-11 08:14 . 2007-10-05 21:47 -------- d-----w- c:\program files\Paint.NET 2009-08-09 10:23 . 2008-12-20 14:46 -------- d-----w- c:\documents and settings\Gary McClellan\Application Data\Sony 2009-08-09 09:57 . 2007-11-27 23:36 -------- d-----w- c:\program files\Sony 2009-08-06 08:49 . 2008-08-28 00:24 34 -c--a-w- c:\documents and settings\Gary McClellan\jagex_runescape_preferences.dat 2009-08-06 00:16 . 2009-08-04 03:16 -------- d-----w- c:\program files\Jnes 2009-08-05 09:01 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-05 02:15 . 2009-08-05 02:15 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-08-04 21:05 . 2007-05-10 19:36 -------- d-----w- c:\program files\Rockstar Games 2009-08-04 06:10 . 2009-08-04 06:08 -------- d-----w- c:\program files\GTA BioHazard Alert REMAKE 2009-08-02 09:17 . 2009-07-30 09:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2009-07-30 10:10 . 2009-07-30 10:10 -------- d-----w- c:\program files\OSA Kit Pro Player v4.0 2009-07-30 09:47 . 2009-07-30 09:47 -------- d-----w- c:\documents and settings\Gary McClellan\Application Data\Autodesk 2009-07-30 09:47 . 2009-07-30 09:47 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-07-30 09:19 . 2008-12-16 22:14 -------- d-----w- c:\documents and settings\Gary McClellan\Application Data\Download Manager 2009-07-30 08:58 . 2009-07-22 09:29 -------- d-----w- c:\program files\Turbine 2009-07-30 08:57 . 2006-11-30 21:22 -------- d-----w- c:\program files\Common Files\AOL 2009-07-30 08:38 . 2009-07-30 08:38 -------- d-----w- c:\program files\Blockland 2009-07-26 06:00 . 2009-07-25 07:55 -------- d-----w- c:\program files\Twisted Pixel 2009-07-22 09:29 . 2009-07-22 09:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Turbine 2009-07-17 19:01 . 2004-08-10 17:50 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2004-08-10 17:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-06-29 16:12 . 2004-08-10 17:51 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2004-08-10 17:50 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-25 08:25 . 2004-08-10 17:51 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2004-08-10 17:51 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2004-08-10 17:51 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2004-08-10 17:51 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:25 . 2004-08-10 17:51 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2004-08-10 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2004-08-10 17:51 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-21 12:46 . 2008-12-13 15:56 485920 ----a-w- c:\windows\system32\NVUNINST.EXE 2008-09-07 16:57 . 2008-09-07 16:57 0 -c--a-w- c:\program files\temp01 . ((((((((((((((((((((((((((((( SnapShot@2009-09-18_20.56.58 ))))))))))))))))))))))))))))))))))))))))) . + 2004-08-10 17:51 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\winlogon.exe + 2009-07-10 14:39 . 2009-07-10 14:39 406640 c:\windows\Downloaded Program Files\fslauncher.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\steam\steam.exe" [2008-12-22 1410296] "RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-04-18 306088] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "SightSpeed"="c:\program files\SightSpeed\SightSpeed.exe" [2008-10-09 4789048] "DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2009-03-19 5395288] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-02-15 342848] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-22 185896] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-05-17 213936] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-17 213936] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "Turbine Download Manager Tray Icon"="c:\program files\Turbine\Turbine Download Manager - Lamannia\TurbineDownloadManagerIcon.exe" [2009-07-02 472568] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-08-15 282624] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968] c:\documents and settings\Gary McClellan\Start Menu\Programs\Startup\ SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2006-11-3 1585152] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /r \??\c:\0autocheck autochk *\0lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"= "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Turbine\\Turbine Download Manager - Lamannia\\TurbineMessageService.exe"= "c:\\Program Files\\Turbine\\Turbine Download Manager - Lamannia\\TurbineNetworkService.exe"= "c:\\Program Files\\SightSpeed\\SightSpeed.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9420:TCP"= 9420:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface "2192:TCP"= 2192:TCP:Akamai NetSession Interface "2920:TCP"= 2920:TCP:Akamai NetSession Interface "2166:TCP"= 2166:TCP:Akamai NetSession Interface "2228:TCP"= 2228:TCP:Akamai NetSession Interface "1055:TCP"= 1055:TCP:Akamai NetSession Interface "1195:TCP"= 1195:TCP:Akamai NetSession Interface "4305:TCP"= 4305:TCP:Akamai NetSession Interface "2685:TCP"= 2685:TCP:Akamai NetSession Interface "2712:TCP"= 2712:TCP:Akamai NetSession Interface "1066:TCP"= 1066:TCP:Akamai NetSession Interface "1050:TCP"= 1050:TCP:Akamai NetSession Interface "1250:TCP"= 1250:TCP:Akamai NetSession Interface "1059:TCP"= 1059:TCP:Akamai NetSession Interface "1072:TCP"= 1072:TCP:Akamai NetSession Interface "4237:TCP"= 4237:TCP:Akamai NetSession Interface "1041:TCP"= 1041:TCP:Akamai NetSession Interface "2119:TCP"= 2119:TCP:Akamai NetSession Interface "2178:TCP"= 2178:TCP:Akamai NetSession Interface "1039:TCP"= 1039:TCP:Akamai NetSession Interface "1054:TCP"= 1054:TCP:Akamai NetSession Interface "1058:TCP"= 1058:TCP:Akamai NetSession Interface "58204:TCP"= 58204:TCP:Pando Media Booster "58204:UDP"= 58204:UDP:Pando Media Booster "56425:TCP"= 56425:TCP:Pando Media Booster "56425:UDP"= 56425:UDP:Pando Media Booster "56139:TCP"= 56139:TCP:Pando Media Booster "56139:UDP"= 56139:UDP:Pando Media Booster R1 tdifw_drv;tdifw_drv;c:\windows\system32\drivers\tdifw_drv.sys [9/12/2009 5:28 PM 55552] R2 PublicPreviewTurbineMessageService;Turbine Message Service - PublicPreview;c:\program files\Turbine\Turbine Download Manager - Lamannia\TurbineMessageService.exe [7/22/2009 5:29 AM 267760] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/21/2008 6:53 AM 24652] R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [4/6/2009 1:19 PM 23064] S3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\drivers\nuvvid2.sys [3/30/2009 3:37 PM 155264] S3 PublicPreviewTurbineNetworkService;Turbine Network Service - PublicPreview;c:\program files\Turbine\Turbine Download Manager - Lamannia\TurbineNetworkService.exe [7/22/2009 5:29 AM 218608] S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCYYYYYYYYUS&fl=0&ptb=_ySSowJDMR907PyRuL7Nww&url=http://www.ask.com/web&q={searchTerms}&l=zc&o=sb uSearch Page = hxxp://www.google.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} - hxxps://secure.gopetslive.com/dev/gopets.cab DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab FF - ProfilePath - c:\documents and settings\Gary McClellan\Application Data\Mozilla\Firefox\Profiles\ut1xz86i.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUfox000&fl=0&ptb=8s.kdY1CCugk0kyNmOrypg&st=kwd&o=kwd&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&searchfor= FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll FF - plugin: c:\documents and settings\Gary McClellan\Application Data\Mozilla\Firefox\Profiles\ut1xz86i.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmeadax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\OSA Kit Pro Player v4.0\npmeadax.dll FF - plugin: c:\program files\Picasa2\npPicasa2.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-19 00:07 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-4280196803-2235853438-1908108701-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{557F4F3E-E86E-5A68-2E41-30E77409F851}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iakeggkcejpblidibh"=hex:63,62,62,6a,64,63,67,6b,64,6f,70,68,6c,65,64,61,64,69, 66,6a,6d,69,69,64,6e,70,61,6f,62,6e,6f,65,63,70,61,62,6e,68,00,00 "haeemglhepmkfejk"=hex:63,62,62,6a,64,63,67,6b,64,6f,70,68,6c,65,6d,61,62,6d, 69,6b,67,67,69,6a,66,66,62,61,70,63,66,6d,62,62,67,6d,6b,70,00,00 [HKEY_USERS\S-1-5-21-4280196803-2235853438-1908108701-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C95276F5-BAD5-8CB9-128C-68B6DBC94772}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oannpgooelpmfoddlehdbakhdeleci"=hex:63,61,6b,70,69,63,00,7c [HKEY_USERS\S-1-5-21-4280196803-2235853438-1908108701-1007\Software\SecuROM\License information*] "datasecu"=hex:eb,e9,56,5d,ce,a6,42,43,98,50,39,87,b6,bd,20,84,0d,7e,10,76,e2, e3,b3,45,88,f8,d5,4a,42,0f,8f,73,48,e9,b5,aa,2a,02,c0,9f,97,98,e8,56,75,36,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,5d,3a,41,d1,37, a0,28,c6,c8,28,51,af,b0,29,a3,98,64,8c,f2,e5,fb,75,4f,44,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,72,16,dd,61,ca, 0c,62,cb,71,3b,04,66,8b,46,0d,96,cf,2a,28,c1,b7,ee,9a,2d,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,3c,aa,fc,49,45, f7,34,e7,25,da,ec,7e,55,20,c9,26,c5,38,62,b5,75,9e,38,37,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,a0,bb,22,99,4d, ed,8b,20,3e,1e,9e,e0,57,5a,93,61,c5,0d,15,3d,cf,fe,39,a4,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,fe,ce,74,a6,fc, e5,21,1a,cd,44,cd,b9,a6,33,6c,cd,c0,de,3a,37,77,89,0e,b1,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,f1,c8,71,db,18, 9b,0f,48,b0,18,ed,a7,3f,8d,37,a4,83,4a,05,17,5e,fc,04,eb,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,12,30,f4,06,ca, a0,11,28,31,77,e1,ba,b1,f8,68,02,83,b3,2d,7d,e1,e3,04,30,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,a2,e5,4d,1f,dd, 44,a8,d3,83,6c,56,8b,a0,85,96,ab,da,10,39,54,6e,e9,1c,37,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,df,02,85,15,4d, 18,28,d7,51,fa,6e,91,28,9e,14,cc,78,c2,a8,cd,9e,d1,85,62,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,d7,5c,5f,d5,50, 45,9c,3e,b1,cd,45,5a,a8,c4,f8,b9,84,32,1c,58,5d,3e,0f,d3,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,72,91,d0,cf,e5, 99,85,66,e3,0e,66,d5,eb,bc,2f,6b,27,64,89,ed,5a,b4,e0,b5,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,3c,50,ad,41,cc, 6e,bc,81,fa,ea,66,7f,d4,3b,6b,70,2b,60,6a,39,b5,0a,8f,b5,6c,43,2d,1e,aa,22,\ [HKEY_LOCAL_MACHINE\System\ControlSet006\Enum\HID\Vid_045e&Pid_0040\6&25ef4129&0&0000\LogConf] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\System\ControlSet006\Enum\HID\Vid_045e&Pid_0040\6&38a8f1ce&0&0000\LogConf] @DACL=(02 0000) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3384) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\PnkBstrA.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe . ************************************************************************** . Completion time: 2009-09-19 0:16 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-19 04:16 ComboFix2.txt 2009-09-18 21:05 Pre-Run: 9,144,868,864 bytes free Post-Run: 9,413,738,496 bytes free Current=6 Default=6 Failed=1 LastKnownGood=7 Sets=1,2,3,4,5,6,7 391 --- E O F --- 2009-09-10 07:04

Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\WINDOWS\system32\winlogon.exe" is whitelisted File move operation "C:\winlogon.exe|C:\WINDOWS\system32\winlogon.exe" failed! Status: 0xc0000022 (STATUS_ACCESS_DENIED) Driver "XDva224" deleted successfully. Driver "XDva259" deleted successfully. Driver "smp_lpt" deleted successfully. Driver "i2ompp" deleted successfully. Error: file "c:\windows\system32\XDva259.sys" not found! Deletion of file "c:\windows\system32\XDva259.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "c:\windows\system32\XDva224.sys" not found! Deletion of file "c:\windows\system32\XDva224.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate.

-c----w 502,272 2004-08-04 10:00:00 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe -c----w 507,904 2008-04-14 00:12:39 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe ----a-w 512,000 2008-04-14 00:12:39 C:\WINDOWS\system32\winlogon.exe Entries: 3 (3) Directories: 0 Files: 3 Bytes: 1,522,176 Blocks: 2,973 Again, I can't thank you enough!

Scanning Report Friday, September 18, 2009 18:15:35 - 19:40:45 Computer name: GARY Scanning type: Scan system for malware, spyware and rootkits Target: C:\ -------------------------------------------------------------------------------- 12 malware found TrackingCookie.2o7 (spyware) System (Disinfected) TrackingCookie.Atdmt (spyware) System (Disinfected) Trojan.Generic.1465703 (spyware) System (Disinfected) Trojan.Patched.U (spyware) System (Disinfected) Trojan.Patched.U (virus) C:\WINDOWS\SYSTEM32\WINLOGON.EXE (Not cleaned & Submitted) Trojan.Generic.2375996 (virus) C:\WINDOWS\SECURITY\DATABASE\MCONFIG.EXE (Renamed & Submitted) Trojan.Generic.2375996 (virus) C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISUSPM .EXE (Renamed & Submitted) Trojan.Generic.2375996 (virus) C:\PROGRAM FILES\AVG\AVG8\AVGTRAY .EXE (Renamed & Submitted) Trojan.Generic.2375996 (virus) C:\PROGRAM FILES\ADOBE\ACROTRAY .EXE (Renamed & Submitted) Trojan.Generic.1469331 (virus) C:\DOCUMENTS AND SETTINGS\GARY MCCLELLAN\MY DOCUMENTS\DOWNLOADS\PACSTEAMT-271207.EXE (Renamed & Submitted) Trojan.Generic.1625648 (virus) C:\DOCUMENTS AND SETTINGS\GARY MCCLELLAN\MY DOCUMENTS\DOWNLOADS\YOU BRUTE 2.0.EXE (Renamed & Submitted) Trojan.Generic.1465703 (virus) C:\DOCUMENTS AND SETTINGS\GARY MCCLELLAN\DESKTOP\MARIO64 MOVIE MAKER.EXE (Not cleaned) -------------------------------------------------------------------------------- Statistics Scanned: Files: 87195 System: 4404 Not scanned: 7 Actions: Disinfected: 4 Renamed: 6 Deleted: 0 Not cleaned: 2 Submitted: 7 Files not scanned: C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\DESKTOP.INI -------------------------------------------------------------------------------- Options Scanning engines: Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR Use advanced heuristics --------------------------------------------------------------------------------

Okay, ran Combofix...here are results: ComboFix 09-09-18.01 - Gary McClellan 09/18/2009 16:49.1.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.497 [GMT -4:00] Running from: c:\documents and settings\Gary McClellan\Desktop\ComboFix.exe FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Gary McClellan\Application Data\0200000063dea9c9509C.manifest c:\documents and settings\Gary McClellan\Application Data\0200000063dea9c9509O.manifest c:\documents and settings\Gary McClellan\Application Data\0200000063dea9c9509P.manifest c:\documents and settings\Gary McClellan\Application Data\0200000063dea9c9509S.manifest c:\documents and settings\Gary McClellan\Application Data\0200000063dea9c9609C.manifest c:\documents and settings\Gary McClellan\Application Data\0200000063dea9c9609O.manifest c:\documents and settings\Gary McClellan\Application Data\0200000063dea9c9609P.manifest c:\documents and settings\Gary McClellan\Application Data\0200000063dea9c9609S.manifest c:\documents and settings\Gary McClellan\Application Data\Microsoft\~DFK1b522.tmp c:\documents and settings\Gary McClellan\Application Data\Microsoft\~DFK578092.tmp c:\documents and settings\Gary McClellan\Application Data\Microsoft\1eaadjc.dll c:\documents and settings\Gary McClellan\Application Data\Microsoft\bass.dll c:\documents and settings\Gary McClellan\Application Data\Microsoft\kfgresk.dll c:\documents and settings\Gary McClellan\Application Data\Microsoft\mjcriu.dll c:\documents and settings\Gary McClellan\Application Data\Microsoft\peaadje.dll c:\documents and settings\Gary McClellan\Application Data\Microsoft\qwadjb.dll c:\documents and settings\Gary McClellan\Application Data\Microsoft\rsaadjd.dll c:\documents and settings\Gary McClellan\Favorites\Download programs.url c:\documents and settings\Gary McClellan\Favorites\Games.url c:\documents and settings\Gary McClellan\Favorites\Translator.url c:\documents and settings\Gary McClellan\Favorites\Videos.url c:\documents and settings\Gary McClellan\Start Menu\Programs\Download programs.url c:\documents and settings\Gary McClellan\Start Menu\Programs\Games.url c:\documents and settings\Gary McClellan\Start Menu\Programs\Translator.url c:\documents and settings\Gary McClellan\Start Menu\Programs\Videos.url c:\documents and settings\Gary McClellan\yttwas.exe c:\program files\INSTALL.LOG c:\program files\VisualTool c:\program files\VisualTool\pcre3.dll c:\program files\VisualTool\uninstall.exe c:\temp\DIV55 c:\temp\DIV55\xDb.log c:\temp\tn3 c:\windows\Config\mconfig.exe c:\windows\Installer\2ea8f33.msi c:\windows\Installer\2ea8f34.msp c:\windows\Installer\2ea8f35.msp c:\windows\Installer\2ea8f36.msp c:\windows\Installer\2ea8f37.msp c:\windows\Installer\2ea8f38.msp c:\windows\Installer\2ea8f39.msp c:\windows\Installer\2ea8f3a.msp c:\windows\Installer\2ea8f3b.msp c:\windows\Installer\2ea8f3c.msp c:\windows\system32\0Gruf.vbs c:\windows\system32\1310232.dll c:\windows\system32\2phiIAD.vbs c:\windows\system32\C c:\windows\system32\CM2n9.vbs c:\windows\system32\ctfmon .exe c:\windows\system32\dxkgm.exe c:\windows\system32\GSAM0gl.vbs c:\windows\system32\HsqToTN.vbs c:\windows\system32\hxogqidv.ini c:\windows\system32\IN c:\windows\system32\ki3 c:\windows\system32\msCFW.vbs c:\windows\system32\uXPi02 c:\windows\TEMP\logishrd\LVPrcInj01.dll Infected copy of c:\windows\system32\lsass.exe was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\lsass.exe Infected copy of c:\windows\system32\services.exe was found and disinfected Restored copy from - c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe c:\windows\system32\spoolsv.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe c:\windows\system32\grpconv.exe was missing Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe Infected copy of c:\windows\system32\spoolsv.exe was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\spoolsv.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FAD ((((((((((((((((((((((((( Files Created from 2009-08-18 to 2009-09-18 ))))))))))))))))))))))))))))))) . 2009-09-18 20:54 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe 2009-09-18 19:34 . 2009-09-18 19:34 -------- d-----w- c:\windows\{D9FAE986-A4C1-4A2D-8B20-60F92F4222AD} 2009-09-18 17:30 . 2009-09-18 17:30 -------- d-----w- c:\documents and settings\Gary McClellan\Application Data\Malwarebytes 2009-09-18 17:30 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-18 17:30 . 2009-09-18 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-18 17:30 . 2009-09-18 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-18 17:30 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-18 16:11 . 2008-04-14 00:12 14336 ----a-w- c:\windows\system32\svchost.exe 2009-09-18 16:11 . 2008-04-14 00:12 14336 ----a-w- c:\windows\system32\dllcache\svchost.exe 2009-09-16 19:44 . 2009-09-16 19:44 -------- d-----w- c:\program files\Trend Micro 2009-09-12 23:03 . 2009-09-12 23:03 -------- d-----w- c:\documents and settings\Administrator.GARY\Application Data\Simply Super Software 2009-09-12 23:01 . 2009-09-12 23:01 -------- d-----w- c:\documents and settings\Administrator.GARY\Local Settings\Application Data\Mozilla 2009-09-12 22:34 . 2009-09-12 23:04 100536 ----a-w- c:\documents and settings\Administrator.GARY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-12 22:34 . 2006-11-30 21:31 -------- d--h--w- c:\documents and settings\Administrator.GARY\Application Data\Gtek 2009-09-12 22:34 . 2006-11-30 21:29 -------- d-----w- c:\documents and settings\Administrator.GARY\Application Data\InstallShield 2009-09-12 21:28 . 2009-07-28 20:09 55552 ----a-w- c:\windows\system32\drivers\tdifw_drv.sys 2009-09-12 18:30 . 2009-09-12 18:30 -------- d-----w- c:\program files\Screaming Bee LLC 2009-09-12 17:17 . 2009-09-12 17:17 -------- d-----w- c:\documents and settings\Gary McClellan\Local Settings\Application Data\IsolatedStorage 2009-09-12 17:09 . 2009-09-12 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Screaming Bee 2009-09-11 00:00 . 2009-09-11 00:00 41872 ----a-w- c:\windows\system32\xfcodec.dll 2009-09-07 05:28 . 2009-09-07 06:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment 2009-09-07 03:00 . 2009-09-12 17:10 -------- d-----w- c:\documents and settings\Gary McClellan\Application Data\Screaming Bee 2009-09-07 02:57 . 2009-09-12 17:25 -------- d-----w- c:\program files\Screaming Bee 2009-08-31 15:10 . 2009-08-31 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-08-31 15:10 . 2009-08-31 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-08-30 23:57 . 2009-09-07 17:21 -------- d-----w- c:\documents and settings\Gary McClellan\Application Data\uTorrent 2009-08-30 23:24 . 2009-07-03 16:24 -------- d-----w- c:\documents and settings\Gary McClellan\Dolphin 2009-08-30 15:28 . 2009-08-30 15:29 -------- dc----w- C:\PacSteamT 2009-08-30 15:28 . 2009-08-30 15:28 -------- d-----w- c:\program files\Common Files\Thraex Software 2009-08-30 04:04 . 2009-08-30 14:30 -------- d-----w- c:\program files\FreeMind 2009-08-27 11:47 . 2009-08-27 11:47 5679 ----a-w- c:\windows\unins000.dat 2009-08-27 11:47 . 2009-08-27 11:47 685849 ----a-w- c:\windows\unins000.exe 2009-08-25 02:57 . 2009-08-25 02:57 -------- d-----w- c:\documents and settings\Gary McClellan\Application Data\Artweaver 2009-08-25 02:56 . 2009-08-27 11:47 -------- d-----w- c:\program files\Artweaver 0.5 2009-08-22 02:38 . 2009-08-22 02:38 -------- dc----w- C:\nDoors 2009-08-22 00:39 . 2009-08-22 00:39 -------- d-----w- c:\documents and settings\Gary McClellan\Local Settings\Application Data\Pinnacle 2009-08-21 13:28 . 2009-09-18 20:22 772224 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-18 20:56 . 2008-09-03 20:31 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2009-09-18 20:56 . 2008-09-03 20:31 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2009-09-18 20:54 . 2009-02-15 16:27 -------- d-----w- c:\documents and settings\Gary McClellan\Application Data\DNA 2009-09-18 20:33 . 2008-12-20 14:47 -------- d-----w- c:\program files\VSTplugins 2009-09-18 20:33 . 2009-06-09 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony 2009-09-18 20:29 . 2009-06-02 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts 2009-09-18 20:29 . 2009-06-02 23:10 -------- d-----w- c:\program files\Electronic Arts 2009-09-18 20:24 . 2009-05-24 12:48 -------- d-----w- c:\program files\Steam 2009-09-18 20:24 . 2009-02-15 16:27 -------- d-----w- c:\program files\DNA 2009-09-18 19:48 . 2007-01-07 22:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-18 19:47 . 2006-12-27 19:42 -------- d-----w- c:\program files\Belkin 2009-09-18 16:12 . 2009-02-06 23:36 -------- d-----w- c:\documents and settings\Gary McClellan\Application Data\Hamachi 2009-09-16 20:13 . 2007-08-26 16:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-16 20:12 . 2006-11-30 21:27 -------- d-----w- c:\program files\Google 2009-09-16 19:43 . 2008-03-08 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-16 19:14 . 2008-04-21 16:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-16 14:34 . 2008-05-06 01:29 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2009-09-12 18:28 . 2007-07-15 00:18 -------- d-----w- c:\documents and settings\Gary McClellan\Application Data\Xfire 2009-09-10 07:10 . 2008-05-14 11:15 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-07 17:22 . 2009-07-26 06:25 -------- d-----w- c:\program files\PCPitstop 2009-09-07 17:21 . 2008-03-08 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop 2009-09-07 13:47 . 2008-06-17 01:30 -------- d-----w- c:\program files\World of Warcraft 2009-09-07 04:10 . 2007-01-03 13:38 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2009-08-31 20:21 . 2009-03-06 21:15 -------- d-----w- c:\program files\Norton Security Scan 2009-08-31 15:10 . 2006-11-30 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-08-30 14:42 . 2008-10-03 19:14 -------- d-----w- c:\program files\ZD Soft 2009-08-30 14:31 . 2007-06-19 19:43 -------- d-----w- c:\program files\Pivot Stickfigure Animator 2009-08-30 14:29 . 2009-07-30 09:36 -------- d-----w- c:\program files\Autodesk 2009-08-30 04:59 . 2006-12-25 16:11 100536 ----a-w- c:\documents and settings\Gary McClellan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-22 02:20 . 2009-01-31 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files 2009-08-21 22:46 . 2009-02-22 20:23 -------- d-----w- c:\program files\Microsoft Games 2009-08-19 20:46 . 2009-08-19 20:19 -------- d-----w- c:\documents and settings\Gary McClellan\Application Data\TeamViewer 2009-08-19 20:19 . 2009-08-19 20:19 -------- d-----w- c:\program files\TeamViewer 2009-08-19 03:09 . 2007-06-15 01:18 2984 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-08-19 03:08 . 2007-06-15 01:18 -------- d-----w- c:\documents and settings\Gary McClellan\Application Data\Corel 2009-08-19 03:08 . 2007-06-15 01:18 88 --sh--r- c:\windows\system32\5E231424C1.sys 2009-08-18 15:21 . 2008-12-26 06:20 -------- d-----w- c:\documents and settings\Gary McClellan\Application Data\WeGame 2009-08-18 12:11 . 2008-12-26 06:19 -------- d-----w- c:\program files\WeGame 2009-08-16 03:04 . 2007-10-05 21:24 -------- d-----w- c:\program files\7-Zip 2009-08-15 03:13 . 2009-08-15 03:13 -------- d-----w- c:\program files\Magic Bullet Editors 2.0 Vegas 2009-08-15 03:09 . 2009-08-15 03:09 -------- d-----w- c:\program files\Pixelan 2009-08-13 01:08 . 2009-08-13 01:07 -------- d-----w- c:\program files\Hamachi 2009-08-13 01:07 . 2009-02-06 23:35 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2009-08-12 04:08 . 2009-08-11 23:25 -------- d-----w- c:\program files\Postal2STP 2009-08-11 08:14 . 2007-10-05 21:47 -------- d-----w- c:\program files\Paint.NET 2009-08-09 10:23 . 2008-12-20 14:46 -------- d-----w- c:\documents and settings\Gary McClellan\Application Data\Sony 2009-08-09 09:57 . 2007-11-27 23:36 -------- d-----w- c:\program files\Sony 2009-08-06 08:49 . 2008-08-28 00:24 34 -c--a-w- c:\documents and settings\Gary McClellan\jagex_runescape_preferences.dat 2009-08-06 00:16 . 2009-08-04 03:16 -------- d-----w- c:\program files\Jnes 2009-08-05 09:01 . 2004-08-10 17:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-05 02:15 . 2009-08-05 02:15 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-08-04 21:05 . 2007-05-10 19:36 -------- d-----w- c:\program files\Rockstar Games 2009-08-04 06:10 . 2009-08-04 06:08 -------- d-----w- c:\program files\GTA BioHazard Alert REMAKE 2009-08-02 09:17 . 2009-07-30 09:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2009-07-30 10:10 . 2009-07-30 10:10 -------- d-----w- c:\program files\OSA Kit Pro Player v4.0 2009-07-30 09:47 . 2009-07-30 09:47 -------- d-----w- c:\documents and settings\Gary McClellan\Application Data\Autodesk 2009-07-30 09:47 . 2009-07-30 09:47 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-07-30 09:19 . 2008-12-16 22:14 -------- d-----w- c:\documents and settings\Gary McClellan\Application Data\Download Manager 2009-07-30 08:58 . 2009-07-22 09:29 -------- d-----w- c:\program files\Turbine 2009-07-30 08:57 . 2006-11-30 21:22 -------- d-----w- c:\program files\Common Files\AOL 2009-07-30 08:38 . 2009-07-30 08:38 -------- d-----w- c:\program files\Blockland 2009-07-26 06:00 . 2009-07-25 07:55 -------- d-----w- c:\program files\Twisted Pixel 2009-07-22 09:29 . 2009-07-22 09:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Turbine 2009-07-17 19:01 . 2004-08-10 17:50 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2004-08-10 17:51 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-06-29 16:12 . 2004-08-10 17:51 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2004-08-10 17:50 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-25 08:25 . 2004-08-10 17:51 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2004-08-10 17:51 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2004-08-10 17:51 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2004-08-10 17:51 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:25 . 2004-08-10 17:51 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2004-08-10 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2004-08-10 17:51 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-21 12:46 . 2008-12-13 15:56 485920 ----a-w- c:\windows\system32\NVUNINST.EXE 2008-09-07 16:57 . 2008-09-07 16:57 0 -c--a-w- c:\program files\temp01 . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\steam\steam.exe" [2008-12-22 1410296] "RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-04-18 306088] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "SightSpeed"="c:\program files\SightSpeed\SightSpeed.exe" [2008-10-09 4789048] "DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2009-03-19 5395288] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-02-15 342848] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-22 185896] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-05-17 213936] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-17 213936] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "Turbine Download Manager Tray Icon"="c:\program files\Turbine\Turbine Download Manager - Lamannia\TurbineDownloadManagerIcon.exe" [2009-07-02 472568] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-08-15 282624] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968] c:\documents and settings\Gary McClellan\Start Menu\Programs\Startup\ SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2006-11-3 1585152] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /r \??\c:\0autocheck autochk *\0lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"= "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Turbine\\Turbine Download Manager - Lamannia\\TurbineMessageService.exe"= "c:\\Program Files\\SightSpeed\\SightSpeed.exe"= "c:\\Program Files\\Turbine\\Turbine Download Manager - Lamannia\\TurbineNetworkService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9420:TCP"= 9420:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface "2192:TCP"= 2192:TCP:Akamai NetSession Interface "2920:TCP"= 2920:TCP:Akamai NetSession Interface "2166:TCP"= 2166:TCP:Akamai NetSession Interface "2228:TCP"= 2228:TCP:Akamai NetSession Interface "1055:TCP"= 1055:TCP:Akamai NetSession Interface "1195:TCP"= 1195:TCP:Akamai NetSession Interface "4305:TCP"= 4305:TCP:Akamai NetSession Interface "2685:TCP"= 2685:TCP:Akamai NetSession Interface "2712:TCP"= 2712:TCP:Akamai NetSession Interface "1066:TCP"= 1066:TCP:Akamai NetSession Interface "1050:TCP"= 1050:TCP:Akamai NetSession Interface "1250:TCP"= 1250:TCP:Akamai NetSession Interface "1059:TCP"= 1059:TCP:Akamai NetSession Interface "1072:TCP"= 1072:TCP:Akamai NetSession Interface "4237:TCP"= 4237:TCP:Akamai NetSession Interface "1041:TCP"= 1041:TCP:Akamai NetSession Interface "2119:TCP"= 2119:TCP:Akamai NetSession Interface "2178:TCP"= 2178:TCP:Akamai NetSession Interface "1039:TCP"= 1039:TCP:Akamai NetSession Interface "1054:TCP"= 1054:TCP:Akamai NetSession Interface "1058:TCP"= 1058:TCP:Akamai NetSession Interface "58204:TCP"= 58204:TCP:Pando Media Booster "58204:UDP"= 58204:UDP:Pando Media Booster "56425:TCP"= 56425:TCP:Pando Media Booster "56425:UDP"= 56425:UDP:Pando Media Booster "56139:TCP"= 56139:TCP:Pando Media Booster "56139:UDP"= 56139:UDP:Pando Media Booster R1 i2ompp;i2ompp; [x] R3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\DRIVERS\nuvvid2.sys [2001-12-03 155264] R3 PublicPreviewTurbineNetworkService;Turbine Network Service - PublicPreview;c:\program files\Turbine\Turbine Download Manager - Lamannia\TurbineNetworkService.exe [2009-07-02 218608] R3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys [x] R3 XDva224;XDva224;c:\windows\system32\XDva224.sys [x] R3 XDva259;XDva259;c:\windows\system32\XDva259.sys [x] S1 tdifw_drv;tdifw_drv;c:\windows\system32\drivers\tdifw_drv.sys [2009-07-28 55552] S2 PublicPreviewTurbineMessageService;Turbine Message Service - PublicPreview;c:\program files\Turbine\Turbine Download Manager - Lamannia\TurbineMessageService.exe [2009-07-02 267760] S2 smp_lpt;smp_lpt; [x] S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-04-06 23064] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCYYYYYYYYUS&fl=0&ptb=_ySSowJDMR907PyRuL7Nww&url=http://www.ask.com/web&q={searchTerms}&l=zc&o=sb uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061130 uSearch Bar = hxxp://www.google.com/ie mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} - hxxps://secure.gopetslive.com/dev/gopets.cab DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab FF - ProfilePath - c:\documents and settings\Gary McClellan\Application Data\Mozilla\Firefox\Profiles\ut1xz86i.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUfox000&fl=0&ptb=8s.kdY1CCugk0kyNmOrypg&st=kwd&o=kwd&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&searchfor= FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll FF - plugin: c:\documents and settings\Gary McClellan\Application Data\Mozilla\Firefox\Profiles\ut1xz86i.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmeadax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\OSA Kit Pro Player v4.0\npmeadax.dll FF - plugin: c:\program files\Picasa2\npPicasa2.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe HKLM-Run-CamMonitor - c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe Notify-6caa2c24609 - c:\windows\System32\dmband32.dll AddRemove-eooiqcc - c:\documents and settings\gary mcclellan\local settings\application data\eooiqcc.exe AddRemove-HappyQuickPop - c:\program files\HappyQuickPop\uninstall.exe AddRemove-MTA:SA DM - c:\documents and settings\Gary McClellan\Desktop\Uninstall.exe AddRemove-Sanny Builder 3_is1 - c:\program files\Rockstar Games\GTA San Andreas\Sanny Builder 3\unins000.exe AddRemove-VisualTool - c:\program files\VisualTool\uninstall.exe AddRemove-Xfire - c:\program files\Xfire\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-18 16:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-4280196803-2235853438-1908108701-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{557F4F3E-E86E-5A68-2E41-30E77409F851}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iakeggkcejpblidibh"=hex:63,62,62,6a,64,63,67,6b,64,6f,70,68,6c,65,64,61,64,69, 66,6a,6d,69,69,64,6e,70,61,6f,62,6e,6f,65,63,70,61,62,6e,68,00,00 "haeemglhepmkfejk"=hex:63,62,62,6a,64,63,67,6b,64,6f,70,68,6c,65,6d,61,62,6d, 69,6b,67,67,69,6a,66,66,62,61,70,63,66,6d,62,62,67,6d,6b,70,00,00 [HKEY_USERS\S-1-5-21-4280196803-2235853438-1908108701-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C95276F5-BAD5-8CB9-128C-68B6DBC94772}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oannpgooelpmfoddlehdbakhdeleci"=hex:63,61,6b,70,69,63,00,7c [HKEY_USERS\S-1-5-21-4280196803-2235853438-1908108701-1007\Software\SecuROM\License information*] "datasecu"=hex:eb,e9,56,5d,ce,a6,42,43,98,50,39,87,b6,bd,20,84,0d,7e,10,76,e2, e3,b3,45,88,f8,d5,4a,42,0f,8f,73,48,e9,b5,aa,2a,02,c0,9f,97,98,e8,56,75,36,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,5d,3a,41,d1,37, a0,28,c6,c8,28,51,af,b0,29,a3,98,64,8c,f2,e5,fb,75,4f,44,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,72,16,dd,61,ca, 0c,62,cb,71,3b,04,66,8b,46,0d,96,cf,2a,28,c1,b7,ee,9a,2d,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,3c,aa,fc,49,45, f7,34,e7,25,da,ec,7e,55,20,c9,26,c5,38,62,b5,75,9e,38,37,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,a0,bb,22,99,4d, ed,8b,20,3e,1e,9e,e0,57,5a,93,61,c5,0d,15,3d,cf,fe,39,a4,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,fe,ce,74,a6,fc, e5,21,1a,cd,44,cd,b9,a6,33,6c,cd,c0,de,3a,37,77,89,0e,b1,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,f1,c8,71,db,18, 9b,0f,48,b0,18,ed,a7,3f,8d,37,a4,83,4a,05,17,5e,fc,04,eb,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,12,30,f4,06,ca, a0,11,28,31,77,e1,ba,b1,f8,68,02,83,b3,2d,7d,e1,e3,04,30,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,a2,e5,4d,1f,dd, 44,a8,d3,83,6c,56,8b,a0,85,96,ab,da,10,39,54,6e,e9,1c,37,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,df,02,85,15,4d, 18,28,d7,51,fa,6e,91,28,9e,14,cc,78,c2,a8,cd,9e,d1,85,62,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,d7,5c,5f,d5,50, 45,9c,3e,b1,cd,45,5a,a8,c4,f8,b9,84,32,1c,58,5d,3e,0f,d3,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,72,91,d0,cf,e5, 99,85,66,e3,0e,66,d5,eb,bc,2f,6b,27,64,89,ed,5a,b4,e0,b5,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,3c,50,ad,41,cc, 6e,bc,81,fa,ea,66,7f,d4,3b,6b,70,2b,60,6a,39,b5,0a,8f,b5,6c,43,2d,1e,aa,22,\ [HKEY_LOCAL_MACHINE\System\ControlSet006\Enum\HID\Vid_045e&Pid_0040\6&25ef4129&0&0000\LogConf] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\System\ControlSet006\Enum\HID\Vid_045e&Pid_0040\6&38a8f1ce&0&0000\LogConf] @DACL=(02 0000) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3208) c:\windows\system32\WININET.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\PnkBstrA.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe c:\program files\Logitech\QuickCam\LU\LULnchr.exe c:\windows\system32\cscript.exe . ************************************************************************** . Completion time: 2009-09-18 17:05 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-18 21:05 Pre-Run: 9,580,085,248 bytes free Post-Run: 9,485,389,824 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect Current=6 Default=6 Failed=1 LastKnownGood=7 Sets=1,2,3,4,5,6,7 473 --- E O F --- 2009-09-10 07:04 Here are the results of the Hijackthis scan: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:24:15 PM, on 9/18/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe C:\Program Files\Turbine\Turbine Download Manager - Lamannia\TurbineDownloadManagerIcon.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Turbine\Turbine Download Manager - Lamannia\TurbineMessageService.exe C:\Program Files\SightSpeed\SightSpeed.exe C:\Program Files\Innovative Solutions\DriverMax\devices.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061130 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061130 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [Turbine Download Manager Tray Icon] "C:\Program Files\Turbine\Turbine Download Manager - Lamannia\TurbineDownloadManagerIcon.exe" O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [sightSpeed] "C:\Program Files\SightSpeed\SightSpeed.exe" -bootmode O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopetslive.com/dev/gopets.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Turbine Message Service - PublicPreview (PublicPreviewTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager - Lamannia\TurbineMessageService.exe O23 - Service: Turbine Network Service - PublicPreview (PublicPreviewTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager - Lamannia\TurbineNetworkService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O24 - Desktop Component 0: (no name) - http://img.gamespot.com/gamespot/shared/gs...p_gameguide.gif -- End of file - 9137 bytes

Whew! I had to run to Belkin and get a new installation disk for the network adapter, but I am now on my grandson's computer. I can't tell you have thankful I am for your help! Should I now complete the earlier instructions by downloading combofix?

I did have to restart. Was Malware Removal supposed to come back on? Also, I can't get online yet, so I'm having to save everything to a CD...his computer won't recognize my flash drive. Will it be a problem for me to get ComboFix on his computer that way? This is the results of the scan: Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 3 9/18/2009 1:48:50 PM mbam-log-2009-09-18 (13-48-50).txt Scan type: Quick Scan Objects scanned: 104857 Time elapsed: 3 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 57 Registry Values Infected: 5 Registry Data Items Infected: 6 Folders Infected: 7 Files Infected: 42 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Program Files\Contraviro\shellext.dll (Rogue.ContraVirus) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{ba603215-23f2-42ad-f4e4-00aac39caa53} (Trojan.Zlob.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{08eec6ad-7486-487f-89b7-5a3716ddae14} (Rogue.ContraVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\happyquickpop.happyquickpop (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{978ce5fe-bdaa-c777-3ec5-184fc4b6b5f0} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4c8dfb56-4c9c-1183-10d7-ea4b99844dae} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8d644bbd-0ff3-b0ee-b876-72fb72c7ae6e} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8d644bbd-0ff3-b0ee-b876-72fb72c7ae6e} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\happyquickpop.happyquickpop.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ieaddon.statusbarpane (Rogue.UnVirex) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ieaddon.statusbarpane.1 (Rogue.UnVirex) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{5b184b9d-b7bd-4fea-8d1f-5e27182206a5} (Rogue.UnVirex) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{c0e56ac2-9f72-436e-b6e7-aec28af9e4eb} (Rogue.UnVirex) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ccb5551d-8594-4999-85f9-1e3eabcb95ac} (Rogue.UnVirex) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3ed0e410-5c8e-47b6-a75d-d10b886e903c} (Rogue.UnVirex) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ccb5551d-8594-4999-85f9-1e3eabcb95ac} (Rogue.UnVirex) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6caa2c25-c600-868f-e29e-805a7feb18e4} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tdisp.sys (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\HappyQuickPop.dll (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\IEAddon.dll (Rogue.UnVirex) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\antiVirus_contextscan (Rogue.ContraVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Drives\shellex\ContextMenuHandlers\antiVirus_contextscan (Rogue.ContraVirus) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\antiVirus_contextscan (Rogue.ContraVirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\HappyQuickPop (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\fias4051 (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\tm (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Contraviro (Rogue.ContraVirus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpreaxs (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ba603215-23f2-42ad-f4e4-00aac39caa53} (Trojan.Zlob.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\uvgiynahccyyn (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\Program Files\Contraviro\Contraviro.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Gary McClellan\yttwas.exe \s) Good: (Userinit.exe) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\Contraviro (Rogue.ContraVirus) -> Delete on reboot. C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\HappyQuickPop (Adware.PLayMP3z) -> Quarantined and deleted successfully. C:\Documents and Settings\Gary McClellan\Start Menu\Programs\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully. C:\WINDOWS\system32\GroupPolicyManifest (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SystemService32 (Worm.Archive) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\ygsuhdf83id.dll (Trojan.Zlob.H) -> Delete on reboot. C:\Program Files\Contraviro\shellext.dll (Rogue.ContraVirus) -> Delete on reboot. C:\Program Files\AVG\AVG8\avgtray.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\HappyQuickPop\HappyQuickPop.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\Program Files\Uninstall Fun Web Products.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-4280196803-2235853438-1908108701-1007\Dc1.exe (Rogue.ContraVirus) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-4280196803-2235853438-1908108701-1007\Dc4.dll (Rogue.ContraVirus) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-4280196803-2235853438-1908108701-1007\Dc9.dll (Rogue.ContraVirus) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lphca3nj0elan .exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lphca3nj0elan.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\MSINET.oca (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qgc91nj0elan.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\shocxw.dll (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\system32\wbem\grpconv.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Gary McClellan\stsystra .exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Gary McClellan\stsystra.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\Contraviro\AF.dll (Rogue.ContraVirus) -> Quarantined and deleted successfully. C:\Program Files\Contraviro\guide.chm (Rogue.ContraVirus) -> Quarantined and deleted successfully. C:\Program Files\Contraviro\tdifw_drv_WLH.sys (Rogue.ContraVirus) -> Quarantined and deleted successfully. C:\Program Files\Contraviro\tdifw_drv_WXP.sys (Rogue.ContraVirus) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\HappyQuickPop\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully. C:\Documents and Settings\Gary McClellan\Start Menu\Programs\PlayMP3z\Run PlayMP3z.pif (Adware.PLayMP3z) -> Quarantined and deleted successfully. C:\WINDOWS\system32\GroupPolicyManifest\1.music.mp3.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\GroupPolicyManifest\2.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\GroupPolicyManifest\3.video.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\GroupPolicyManifest\4.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\GroupPolicyManifest\5.unpack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\GroupPolicyManifest\6.limepro.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\GroupPolicyManifest\7.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\GroupPolicyManifest\8.mpgvideo.mpg.kwd (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SystemService32\2D.tmp (Worm.Archive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdisp.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Gary McClellan\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Gary McClellan\Application Data\Microsoft\Internet Explorer\Quick Launch\Contraviro.lnk (Rogue.ContraVirus) -> Quarantined and deleted successfully. C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully. I also might mention that I had tried to manually remove contraviro, and I haven't emptied the trash yet. I'll wait for further instructions from you.

Well, when I closed the error message box, Malwarebytes loaded, so I've clicked to scan and it's working so far. If there are no more problems, I'll complete your instructions.

Okay didn't get past first part unfortunately. Got error: An error occurred. Please report the following error code to the Malwarebytes' Anti-Malware support team. ERROR CODE 732 (0, 0)

I apologize for this taking so long. I thought I had subscribed to the thread, but had not. This is my Hijackthis file after running the command. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:17:18 PM, on 9/18/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Documents and Settings\Gary McClellan\yttwas.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Turbine\Turbine Download Manager - Lamannia\TurbineMessageService.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\program files\steam\steam.exe C:\Program Files\SightSpeed\SightSpeed.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Innovative Solutions\DriverMax\devices.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_1_3_0\RGSC.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061130 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061130 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Gary McClellan\yttwas.exe \s O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: C:\WINDOWS\system32\ygsuhdf83id.dll - {BA603215-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\system32\ygsuhdf83id.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [sightSpeed] "C:\Program Files\SightSpeed\SightSpeed.exe" -bootmode O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\program files\contraviro\siglsp.dll' missing O15 - Trusted Zone: *.antimalwareguard.com O15 - Trusted Zone: *.gomyhit.com O15 - Trusted Zone: *.antimalwareguard.com (HKLM) O15 - Trusted Zone: *.gomyhit.com (HKLM) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopetslive.com/dev/gopets.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\WINDOWS\System32\dmband32.dll O20 - Winlogon Notify: 6caa2c24609 - C:\WINDOWS\System32\dmband32.dll (file missing) O21 - SSODL: uVGIyNAHCcYYn - {6CAA2C25-C600-868F-E29E-805A7FEB18E4} - C:\WINDOWS\system32\shocxw.dll O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file) O22 - SharedTaskScheduler: ksfe98wjkodsngiwiojndg873hundggdd - {BA603215-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\system32\ygsuhdf83id.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Turbine Message Service - PublicPreview (PublicPreviewTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager - Lamannia\TurbineMessageService.exe O23 - Service: Turbine Network Service - PublicPreview (PublicPreviewTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager - Lamannia\TurbineNetworkService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O24 - Desktop Component 0: (no name) - http://img.gamespot.com/gamespot/shared/gs...p_gameguide.gif -- End of file - 10093 bytes

Thanks again for your help. This one has me stumped. Here are the results: -c----w 14,336 2004-08-04 10:00:00 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe -c----w 14,336 2008-04-14 00:12:36 C:\WINDOWS\ServicePackFiles\i386\svchost.exe Entries: 2 (2) Directories: 0 Files: 2 Bytes: 28,672 Blocks: 56

I'm trying to get my grandson's computer running, and it's a mess. I can't get online, can't use system restore, can't use the registry editor and now it seems I can't get Malwarebytes to load due to Vbalgrid from vbalgrid6.ocx and can't look for that file because search doesn't seem to be working either. Any help getting this machine clean will be greatly appreciated. His machine is a Dell and he's running XP SP3. I was able to download Hijackthis onto my flash drive and get this copy. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:44:23 PM, on 9/16/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Turbine\Turbine Download Manager - Lamannia\TurbineMessageService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Turbine\Turbine Download Manager - Lamannia\TurbineDownloadManagerIcon.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\WINDOWS\system32\ctfmon.exe C:\Windows\security\Database\mconfig.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\SightSpeed\SightSpeed.exe C:\Program Files\Innovative Solutions\DriverMax\devices.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061130 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061130 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Gary McClellan\yttwas.exe \s O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: C:\WINDOWS\system32\ygsuhdf83id.dll - {BA603215-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\system32\ygsuhdf83id.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [sightSpeed] "C:\Program Files\SightSpeed\SightSpeed.exe" -bootmode O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-21-4280196803-2235853438-1908108701-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-4280196803-2235853438-1908108701-1007\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent (User '?') O4 - HKUS\S-1-5-21-4280196803-2235853438-1908108701-1007\..\Run: [steam] "c:\program files\steam\steam.exe" -silent (User '?') O4 - HKUS\S-1-5-21-4280196803-2235853438-1908108701-1007\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent (User '?') O4 - HKUS\S-1-5-21-4280196803-2235853438-1908108701-1007\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 (User '?') O4 - HKUS\S-1-5-21-4280196803-2235853438-1908108701-1007\..\Run: [sightSpeed] "C:\Program Files\SightSpeed\SightSpeed.exe" -bootmode (User '?') O4 - HKUS\S-1-5-21-4280196803-2235853438-1908108701-1007\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent (User '?') O4 - HKUS\S-1-5-21-4280196803-2235853438-1908108701-1007\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (User '?') O4 - HKUS\S-1-5-21-4280196803-2235853438-1908108701-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User '?') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - S-1-5-21-4280196803-2235853438-1908108701-1007 Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User '?') O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\program files\contraviro\siglsp.dll' missing O15 - Trusted Zone: *.antimalwareguard.com O15 - Trusted Zone: *.gomyhit.com O15 - Trusted Zone: *.antimalwareguard.com (HKLM) O15 - Trusted Zone: *.gomyhit.com (HKLM) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopetslive.com/dev/gopets.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\WINDOWS\System32\dmband32.dll O20 - Winlogon Notify: 6caa2c24609 - C:\WINDOWS\System32\dmband32.dll (file missing) O21 - SSODL: uVGIyNAHCcYYn - {6CAA2C25-C600-868F-E29E-805A7FEB18E4} - C:\WINDOWS\system32\shocxw.dll O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file) O22 - SharedTaskScheduler: ksfe98wjkodsngiwiojndg873hundggdd - {BA603215-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\system32\ygsuhdf83id.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Computer Browser (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Cryptographic Services (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Wired AutoConfig (Dot3svc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Extensible Authentication Protocol Service (EapHost) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Health Key and Certificate Management Service (hkmsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Server (lanmanserver) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Workstation (LanmanWorkstation) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Network Access Protection Agent (napagent) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Network Location Awareness (NLA) (Nla) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Turbine Message Service - PublicPreview (PublicPreviewTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager - Lamannia\TurbineMessageService.exe O23 - Service: Turbine Network Service - PublicPreview (PublicPreviewTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager - Lamannia\TurbineNetworkService.exe O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: System Restore Service (srservice) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: SSDP Discovery Service (SSDPSRV) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Themes - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Universal Plug and Play Device Host (upnphost) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: User Privilege Service (usprserv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Windows Time (w32time) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: WebClient - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Wireless Zero Configuration (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O24 - Desktop Component 0: (no name) - http://img.gamespot.com/gamespot/shared/gs...p_gameguide.gif -- End of file - 16947 bytes