Here is my log ....Thanks!!

Logfile of HijackThis v1.99.1
Scan saved at 11:13:17 PM, on 8/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Fonts\aolupd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\asemfgnk.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
C:\Program Files\Picaboo\Picaboo\PicabooMain.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [sawubpfpkns] C:\WINDOWS\System32\sawubpfpkns.exe
O4 - HKLM\..\Run: [i] C:\WINDOWS\System32\i.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [dpfg] C:\WINDOWS\System32\dpfg.exe
O4 - HKLM\..\Run: [zdlw] C:\WINDOWS\System32\zdlw.exe
O4 - HKLM\..\Run: [sfoaxij] C:\WINDOWS\System32\sfoaxij.exe
O4 - HKLM\..\Run: [dcclfaojzrsq] C:\WINDOWS\System32\dcclfaojzrsq.exe
O4 - HKLM\..\Run: [lnevkxbrnhu] C:\WINDOWS\System32\lnevkxbrnhu.exe
O4 - HKLM\..\Run: [asemfgnk] C:\WINDOWS\System32\asemfgnk.exe
O4 - HKLM\..\Run: [dkszmhe] C:\WINDOWS\System32\dkszmhe.exe
O4 - HKLM\..\Run: [fewtpsbbkhi] C:\WINDOWS\System32\fewtpsbbkhi.exe
O4 - HKLM\..\Run: [s] C:\WINDOWS\System32\s.exe
O4 - HKLM\..\Run: [aqdzafoks] C:\WINDOWS\System32\aqdzafoks.exe
O4 - HKLM\..\Run: [ruhtx] C:\WINDOWS\System32\ruhtx.exe
O4 - HKLM\..\Run: [nzn] C:\WINDOWS\System32\nzn.exe
O4 - HKLM\..\Run: [ifl] C:\WINDOWS\System32\ifl.exe
O4 - HKLM\..\Run: [gspgzkbtlj] C:\WINDOWS\System32\gspgzkbtlj.exe
O4 - HKLM\..\Run: [yns] C:\WINDOWS\System32\yns.exe
O4 - HKLM\..\Run: [zvaocfgiouhs] C:\WINDOWS\System32\zvaocfgiouhs.exe
O4 - HKLM\..\Run: [cswohxzlmkfv] C:\WINDOWS\System32\cswohxzlmkfv.exe
O4 - HKLM\..\Run: [nrwlvus] C:\WINDOWS\System32\nrwlvus.exe
O4 - HKLM\..\Run: [owiaxws] C:\WINDOWS\System32\owiaxws.exe
O4 - HKLM\..\Run: [ywpunsy] C:\WINDOWS\System32\ywpunsy.exe
O4 - HKLM\..\Run: [nwc] C:\WINDOWS\System32\nwc.exe
O4 - HKLM\..\Run: [l] C:\WINDOWS\System32\l.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\RunServices: [sawubpfpkns] C:\WINDOWS\System32\sawubpfpkns.exe
O4 - HKLM\..\RunServices: [i] C:\WINDOWS\System32\i.exe
O4 - HKLM\..\RunServices: [dpfg] C:\WINDOWS\System32\dpfg.exe
O4 - HKLM\..\RunServices: [zdlw] C:\WINDOWS\System32\zdlw.exe
O4 - HKLM\..\RunServices: [sfoaxij] C:\WINDOWS\System32\sfoaxij.exe
O4 - HKLM\..\RunServices: [dcclfaojzrsq] C:\WINDOWS\System32\dcclfaojzrsq.exe
O4 - HKLM\..\RunServices: [lnevkxbrnhu] C:\WINDOWS\System32\lnevkxbrnhu.exe
O4 - HKLM\..\RunServices: [asemfgnk] C:\WINDOWS\System32\asemfgnk.exe
O4 - HKLM\..\RunServices: [dkszmhe] C:\WINDOWS\System32\dkszmhe.exe
O4 - HKLM\..\RunServices: [fewtpsbbkhi] C:\WINDOWS\System32\fewtpsbbkhi.exe
O4 - HKLM\..\RunServices: [s] C:\WINDOWS\System32\s.exe
O4 - HKLM\..\RunServices: [aqdzafoks] C:\WINDOWS\System32\aqdzafoks.exe
O4 - HKLM\..\RunServices: [ruhtx] C:\WINDOWS\System32\ruhtx.exe
O4 - HKLM\..\RunServices: [nzn] C:\WINDOWS\System32\nzn.exe
O4 - HKLM\..\RunServices: [ifl] C:\WINDOWS\System32\ifl.exe
O4 - HKLM\..\RunServices: [gspgzkbtlj] C:\WINDOWS\System32\gspgzkbtlj.exe
O4 - HKLM\..\RunServices: [yns] C:\WINDOWS\System32\yns.exe
O4 - HKLM\..\RunServices: [zvaocfgiouhs] C:\WINDOWS\System32\zvaocfgiouhs.exe
O4 - HKLM\..\RunServices: [cswohxzlmkfv] C:\WINDOWS\System32\cswohxzlmkfv.exe
O4 - HKLM\..\RunServices: [nrwlvus] C:\WINDOWS\System32\nrwlvus.exe
O4 - HKLM\..\RunServices: [owiaxws] C:\WINDOWS\System32\owiaxws.exe
O4 - HKLM\..\RunServices: [ywpunsy] C:\WINDOWS\System32\ywpunsy.exe
O4 - HKLM\..\RunServices: [nwc] C:\WINDOWS\System32\nwc.exe
O4 - HKLM\..\RunServices: [l] C:\WINDOWS\System32\l.exe
O4 - HKCU\..\Run: [Simple Star PhotoShow Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ShutterflyStudio] C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\System32\Macromed\Shockwave 10\PostUpdate.exe" 1014020
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUQualityAgent.exe
O4 - Startup: Picaboo.lnk = C:\Program Files\Picaboo\Picaboo\PicabooMain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {E6C4420E-0669-4518-B825-F63CDDEF7D5D} (InitOcx Control) - http://cube.async.caltech.edu/init.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Smart Update Service (AOL-Updatr) - Unknown owner - C:\WINDOWS\Fonts\aolupd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Print Spooler Service (mbaiaeyi8yrk6ta) - Unknown owner - C:\WINDOWS\System32\nwc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

I see you never installed Service pack 2 after being helped here: http://forums.whatthetech.com/Could_Take_L...ase_t79921.html - that's why you've got infected again so quickly, and with similar infections (but more of them this time)

Note: Please do not attempt to install service pack 2 yet, with the amount of malware present on your system, the installation is likely to go wrong

Your system is terribly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.

WOW! I am not very confident on the computer so I would like you to help clean it however we can. Thanks!

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum

You are using an older version of HijackThis. Please do the following to download and install the latest version of HijackThis v2.0.2:

CLICK HERE to download the HijackThis Installer:

1. Save HJTInstall.exe to your desktop.
2. Double-click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
8. Come back here to this thread and paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

You may delete the older version once you have successfully downloaded and installed the latest version of HijackThis v2.0.2.

HI,

I am unable to install the new version of Hijack This, it just says "page cannot be displayed". Can you give me another link. I was using Mozilla but now have also tried Internet explorer with the same result. Thanks!

Try this link: http://downloads.malwareremoval.com/HJTInstall.exe

If that doesn't work, then please just post the sdfix log & a new log from the old version of HijackThis

New problem...when I put my computer in safe mode, it automatically reboots itself in regular mode before I can choose the user... help!

Thanks!

Post the new HijackThis log & then we'll have to start cleaning up the infection manually

Logfile of HijackThis v1.99.1
Scan saved at 8:25:19 AM, on 8/30/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Fonts\aolupd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\wkservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\ruhtx.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Picaboo\Picaboo\PicabooMain.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [sawubpfpkns] C:\WINDOWS\System32\sawubpfpkns.exe
O4 - HKLM\..\Run: [i] C:\WINDOWS\System32\i.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [dpfg] C:\WINDOWS\System32\dpfg.exe
O4 - HKLM\..\Run: [zdlw] C:\WINDOWS\System32\zdlw.exe
O4 - HKLM\..\Run: [sfoaxij] C:\WINDOWS\System32\sfoaxij.exe
O4 - HKLM\..\Run: [dcclfaojzrsq] C:\WINDOWS\System32\dcclfaojzrsq.exe
O4 - HKLM\..\Run: [lnevkxbrnhu] C:\WINDOWS\System32\lnevkxbrnhu.exe
O4 - HKLM\..\Run: [asemfgnk] C:\WINDOWS\System32\asemfgnk.exe
O4 - HKLM\..\Run: [dkszmhe] C:\WINDOWS\System32\dkszmhe.exe
O4 - HKLM\..\Run: [fewtpsbbkhi] C:\WINDOWS\System32\fewtpsbbkhi.exe
O4 - HKLM\..\Run: [s] C:\WINDOWS\System32\s.exe
O4 - HKLM\..\Run: [aqdzafoks] C:\WINDOWS\System32\aqdzafoks.exe
O4 - HKLM\..\Run: [ruhtx] C:\WINDOWS\System32\ruhtx.exe
O4 - HKLM\..\Run: [nzn] C:\WINDOWS\System32\nzn.exe
O4 - HKLM\..\Run: [ifl] C:\WINDOWS\System32\ifl.exe
O4 - HKLM\..\Run: [gspgzkbtlj] C:\WINDOWS\System32\gspgzkbtlj.exe
O4 - HKLM\..\Run: [yns] C:\WINDOWS\System32\yns.exe
O4 - HKLM\..\Run: [zvaocfgiouhs] C:\WINDOWS\System32\zvaocfgiouhs.exe
O4 - HKLM\..\Run: [cswohxzlmkfv] C:\WINDOWS\System32\cswohxzlmkfv.exe
O4 - HKLM\..\Run: [nrwlvus] C:\WINDOWS\System32\nrwlvus.exe
O4 - HKLM\..\Run: [owiaxws] C:\WINDOWS\System32\owiaxws.exe
O4 - HKLM\..\Run: [ywpunsy] C:\WINDOWS\System32\ywpunsy.exe
O4 - HKLM\..\Run: [nwc] C:\WINDOWS\System32\nwc.exe
O4 - HKLM\..\Run: [l] C:\WINDOWS\System32\l.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [gskkmtusw] C:\WINDOWS\System32\gskkmtusw.exe
O4 - HKLM\..\Run: [geujckb] C:\WINDOWS\System32\geujckb.exe
O4 - HKLM\..\RunServices: [sawubpfpkns] C:\WINDOWS\System32\sawubpfpkns.exe
O4 - HKLM\..\RunServices: [i] C:\WINDOWS\System32\i.exe
O4 - HKLM\..\RunServices: [dpfg] C:\WINDOWS\System32\dpfg.exe
O4 - HKLM\..\RunServices: [zdlw] C:\WINDOWS\System32\zdlw.exe
O4 - HKLM\..\RunServices: [sfoaxij] C:\WINDOWS\System32\sfoaxij.exe
O4 - HKLM\..\RunServices: [dcclfaojzrsq] C:\WINDOWS\System32\dcclfaojzrsq.exe
O4 - HKLM\..\RunServices: [lnevkxbrnhu] C:\WINDOWS\System32\lnevkxbrnhu.exe
O4 - HKLM\..\RunServices: [asemfgnk] C:\WINDOWS\System32\asemfgnk.exe
O4 - HKLM\..\RunServices: [dkszmhe] C:\WINDOWS\System32\dkszmhe.exe
O4 - HKLM\..\RunServices: [fewtpsbbkhi] C:\WINDOWS\System32\fewtpsbbkhi.exe
O4 - HKLM\..\RunServices: [s] C:\WINDOWS\System32\s.exe
O4 - HKLM\..\RunServices: [aqdzafoks] C:\WINDOWS\System32\aqdzafoks.exe
O4 - HKLM\..\RunServices: [ruhtx] C:\WINDOWS\System32\ruhtx.exe
O4 - HKLM\..\RunServices: [nzn] C:\WINDOWS\System32\nzn.exe
O4 - HKLM\..\RunServices: [ifl] C:\WINDOWS\System32\ifl.exe
O4 - HKLM\..\RunServices: [gspgzkbtlj] C:\WINDOWS\System32\gspgzkbtlj.exe
O4 - HKLM\..\RunServices: [yns] C:\WINDOWS\System32\yns.exe
O4 - HKLM\..\RunServices: [zvaocfgiouhs] C:\WINDOWS\System32\zvaocfgiouhs.exe
O4 - HKLM\..\RunServices: [cswohxzlmkfv] C:\WINDOWS\System32\cswohxzlmkfv.exe
O4 - HKLM\..\RunServices: [nrwlvus] C:\WINDOWS\System32\nrwlvus.exe
O4 - HKLM\..\RunServices: [owiaxws] C:\WINDOWS\System32\owiaxws.exe
O4 - HKLM\..\RunServices: [ywpunsy] C:\WINDOWS\System32\ywpunsy.exe
O4 - HKLM\..\RunServices: [nwc] C:\WINDOWS\System32\nwc.exe
O4 - HKLM\..\RunServices: [l] C:\WINDOWS\System32\l.exe
O4 - HKLM\..\RunServices: [gskkmtusw] C:\WINDOWS\System32\gskkmtusw.exe
O4 - HKLM\..\RunServices: [geujckb] C:\WINDOWS\System32\geujckb.exe
O4 - HKCU\..\Run: [Simple Star PhotoShow Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ShutterflyStudio] C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUQualityAgent.exe
O4 - Startup: Picaboo.lnk = C:\Program Files\Picaboo\Picaboo\PicabooMain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {E6C4420E-0669-4518-B825-F63CDDEF7D5D} (InitOcx Control) - http://cube.async.caltech.edu/init.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Smart Update Service (AOL-Updatr) - Unknown owner - C:\WINDOWS\Fonts\aolupd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Print Spooler Service (mbaiaeyi8yrk6ta) - Unknown owner - C:\WINDOWS\System32\geujckb.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Kernel Service - Unknown owner - C:\WINDOWS\System32\wkservice.exe

• Go to Start > My Computer
• Go to Tools > Folder Options
• Click on the View tab
• Untick the following:
  • Hide extensions for known file types
  • Hide protected operating system files (Recommended)
• You will get a message warning you about showing protected operating system files, click Yes
• Make sure this option is selected:
  • Show hidden files and folders
• Click Apply and then click OK

Copy/paste the following quote box into a new notepad (not wordpad) document. Make sure that wordwrap is turned off.



Save it to your Desktop as cleanup.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name: cleanup.bat

Copy/paste the following quote box into a new notepad (not wordpad) document. Make sure that wordwrap is turned off.



Save it to your Desktop as search.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name: search.bat

Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

O4 - HKLM\..\Run: [sawubpfpkns] C:\WINDOWS\System32\sawubpfpkns.exe
O4 - HKLM\..\Run: [i] C:\WINDOWS\System32\i.exe
O4 - HKLM\..\Run: [dpfg] C:\WINDOWS\System32\dpfg.exe
O4 - HKLM\..\Run: [zdlw] C:\WINDOWS\System32\zdlw.exe
O4 - HKLM\..\Run: [sfoaxij] C:\WINDOWS\System32\sfoaxij.exe
O4 - HKLM\..\Run: [dcclfaojzrsq] C:\WINDOWS\System32\dcclfaojzrsq.exe
O4 - HKLM\..\Run: [lnevkxbrnhu] C:\WINDOWS\System32\lnevkxbrnhu.exe
O4 - HKLM\..\Run: [asemfgnk] C:\WINDOWS\System32\asemfgnk.exe
O4 - HKLM\..\Run: [dkszmhe] C:\WINDOWS\System32\dkszmhe.exe
O4 - HKLM\..\Run: [fewtpsbbkhi] C:\WINDOWS\System32\fewtpsbbkhi.exe
O4 - HKLM\..\Run: [s] C:\WINDOWS\System32\s.exe
O4 - HKLM\..\Run: [aqdzafoks] C:\WINDOWS\System32\aqdzafoks.exe
O4 - HKLM\..\Run: [ruhtx] C:\WINDOWS\System32\ruhtx.exe
O4 - HKLM\..\Run: [nzn] C:\WINDOWS\System32\nzn.exe
O4 - HKLM\..\Run: [ifl] C:\WINDOWS\System32\ifl.exe
O4 - HKLM\..\Run: [gspgzkbtlj] C:\WINDOWS\System32\gspgzkbtlj.exe
O4 - HKLM\..\Run: [yns] C:\WINDOWS\System32\yns.exe
O4 - HKLM\..\Run: [zvaocfgiouhs] C:\WINDOWS\System32\zvaocfgiouhs.exe
O4 - HKLM\..\Run: [cswohxzlmkfv] C:\WINDOWS\System32\cswohxzlmkfv.exe
O4 - HKLM\..\Run: [nrwlvus] C:\WINDOWS\System32\nrwlvus.exe
O4 - HKLM\..\Run: [owiaxws] C:\WINDOWS\System32\owiaxws.exe
O4 - HKLM\..\Run: [ywpunsy] C:\WINDOWS\System32\ywpunsy.exe
O4 - HKLM\..\Run: [nwc] C:\WINDOWS\System32\nwc.exe
O4 - HKLM\..\Run: [l] C:\WINDOWS\System32\l.exe
O4 - HKLM\..\Run: [gskkmtusw] C:\WINDOWS\System32\gskkmtusw.exe
O4 - HKLM\..\Run: [geujckb] C:\WINDOWS\System32\geujckb.exe
O4 - HKLM\..\RunServices: [sawubpfpkns] C:\WINDOWS\System32\sawubpfpkns.exe
O4 - HKLM\..\RunServices: [i] C:\WINDOWS\System32\i.exe
O4 - HKLM\..\RunServices: [dpfg] C:\WINDOWS\System32\dpfg.exe
O4 - HKLM\..\RunServices: [zdlw] C:\WINDOWS\System32\zdlw.exe
O4 - HKLM\..\RunServices: [sfoaxij] C:\WINDOWS\System32\sfoaxij.exe
O4 - HKLM\..\RunServices: [dcclfaojzrsq] C:\WINDOWS\System32\dcclfaojzrsq.exe
O4 - HKLM\..\RunServices: [lnevkxbrnhu] C:\WINDOWS\System32\lnevkxbrnhu.exe
O4 - HKLM\..\RunServices: [asemfgnk] C:\WINDOWS\System32\asemfgnk.exe
O4 - HKLM\..\RunServices: [dkszmhe] C:\WINDOWS\System32\dkszmhe.exe
O4 - HKLM\..\RunServices: [fewtpsbbkhi] C:\WINDOWS\System32\fewtpsbbkhi.exe
O4 - HKLM\..\RunServices: [s] C:\WINDOWS\System32\s.exe
O4 - HKLM\..\RunServices: [aqdzafoks] C:\WINDOWS\System32\aqdzafoks.exe
O4 - HKLM\..\RunServices: [ruhtx] C:\WINDOWS\System32\ruhtx.exe
O4 - HKLM\..\RunServices: [nzn] C:\WINDOWS\System32\nzn.exe
O4 - HKLM\..\RunServices: [ifl] C:\WINDOWS\System32\ifl.exe
O4 - HKLM\..\RunServices: [gspgzkbtlj] C:\WINDOWS\System32\gspgzkbtlj.exe
O4 - HKLM\..\RunServices: [yns] C:\WINDOWS\System32\yns.exe
O4 - HKLM\..\RunServices: [zvaocfgiouhs] C:\WINDOWS\System32\zvaocfgiouhs.exe
O4 - HKLM\..\RunServices: [cswohxzlmkfv] C:\WINDOWS\System32\cswohxzlmkfv.exe
O4 - HKLM\..\RunServices: [nrwlvus] C:\WINDOWS\System32\nrwlvus.exe
O4 - HKLM\..\RunServices: [owiaxws] C:\WINDOWS\System32\owiaxws.exe
O4 - HKLM\..\RunServices: [ywpunsy] C:\WINDOWS\System32\ywpunsy.exe
O4 - HKLM\..\RunServices: [nwc] C:\WINDOWS\System32\nwc.exe
O4 - HKLM\..\RunServices: [l] C:\WINDOWS\System32\l.exe
O4 - HKLM\..\RunServices: [gskkmtusw] C:\WINDOWS\System32\gskkmtusw.exe
O4 - HKLM\..\RunServices: [geujckb] C:\WINDOWS\System32\geujckb.exe

Then close all windows except HijackThis and click Fix Checked

Locate cleanup.bat on your Desktop and double-click it. A DOS window will open briefly and then close, this is normal

Restart

Use windows explorer to find and delete these files:

C:\WINDOWS\System32\zvaocfgiouhs.exe
C:\WINDOWS\System32\zdlw.exe
C:\WINDOWS\System32\ywpunsy.exe
C:\WINDOWS\System32\yns.exe
C:\WINDOWS\System32\wkservice.exe
C:\WINDOWS\System32\sfoaxij.exe
C:\WINDOWS\System32\sawubpfpkns.exe
C:\WINDOWS\System32\s.exe
C:\WINDOWS\System32\ruhtx.exe
C:\WINDOWS\System32\owiaxws.exe
C:\WINDOWS\System32\nzn.exe
C:\WINDOWS\System32\nwc.exe
C:\WINDOWS\System32\nrwlvus.exe
C:\WINDOWS\System32\lnevkxbrnhu.exe
C:\WINDOWS\System32\l.exe
C:\WINDOWS\System32\ifl.exe
C:\WINDOWS\System32\i.exe
C:\WINDOWS\System32\gspgzkbtlj.exe
C:\WINDOWS\System32\gskkmtusw.exe
C:\WINDOWS\System32\geujckb.exe
C:\WINDOWS\System32\fewtpsbbkhi.exe
C:\WINDOWS\System32\dpfg.exe
C:\WINDOWS\System32\dkszmhe.exe
C:\WINDOWS\System32\dcclfaojzrsq.exe
C:\WINDOWS\System32\cswohxzlmkfv.exe
C:\WINDOWS\System32\asemfgnk.exe
C:\WINDOWS\System32\aqdzafoks.exe
C:\WINDOWS\Fonts\aolupd.exe

As an example:
To delete C:\WINDOWS\system32\filetogo.bye
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on filetogo.bye and from the menu that appears, click on 'Delete'

Locate search.bt on your Desktop and double-click it. A DOS window will open briefly and then close, this is normal
Once it has finished, it will open a note pad window, please post the contents of that window as a reply to this topic, along with a new HijackThis log

There was one file that I could not find...C:WINDOWS\Fonts\aolupd.exe


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"=dword:00000001
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}"=dword:40000021
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"=dword:00000020

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000003
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"DisplayName"="Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)"
"DependOnService"=hex(7):4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,4e,00,4c,00,\
41,00,00,00,52,00,61,00,73,00,4d,00,61,00,6e,00,00,00,41,00,4c,00,47,00,00,\
00,00,00
"DependOnGroup"=hex(7):00,00
"ObjectName"="LocalSystem"
"Description"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
69,00,70,00,6e,00,61,00,74,00,68,00,6c,00,70,00,2e,00,64,00,6c,00,6c,00,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"autodisconnect"=dword:0000000f
"enableforcedlogoff"=dword:00000001
"enablesecuritysignature"=dword:00000000
"requiresecuritysignature"=dword:00000000
"NullSessionPipes"=hex(7):43,00,4f,00,4d,00,4e,00,41,00,50,00,00,00,43,00,4f,\
00,4d,00,4e,00,4f,00,44,00,45,00,00,00,53,00,51,00,4c,00,5c,00,51,00,55,00,\
45,00,52,00,59,00,00,00,53,00,50,00,4f,00,4f,00,4c,00,53,00,53,00,00,00,4c,\
00,4c,00,53,00,52,00,50,00,43,00,00,00,45,00,50,00,4d,00,41,00,50,00,50,00,\
45,00,52,00,00,00,4c,00,4f,00,43,00,41,00,54,00,4f,00,52,00,00,00,54,00,72,\
00,6b,00,57,00,6b,00,73,00,00,00,54,00,72,00,6b,00,53,00,76,00,72,00,00,00,\
00,00
"NullSessionShares"=hex(7):43,00,4f,00,4d,00,43,00,46,00,47,00,00,00,44,00,46,\
00,53,00,24,00,00,00,00,00
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
73,00,72,00,76,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"Lmannounce"=dword:00000000
"Size"=dword:00000001
"Guid"=hex:b9,36,b8,95,f2,ad,19,4b,ad,f3,8a,2d,f8,eb,0d,0b
"CachedOpenLimit"=dword:00000000

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters]
"enableplaintextpassword"=dword:00000000
"enablesecuritysignature"=dword:00000001
"requiresecuritysignature"=dword:00000000
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,6b,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"OtherDomains"=hex(7):00,00

‡䕒⹇塅⁅䕖卒佉⁎⸳രഊ䠊䕋彙佌䅃彌䅍䡃义居奓呓䵅䍜牵敲瑮潃瑮潲卬瑥䍜湯牴汯਍††慗瑩潔楋汬敓癲捩呥浩潥瑵刉䝅卟ग़〷〰਍਍Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\PCHealth\ErrorReporting\ExclusionList]
"aim.exe"=dword:00000001

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,00,\
00,6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,73,00,63,00,68,00,61,00,6e,00,\
6e,00,65,00,6c,00,00,00,77,00,64,00,69,00,67,00,65,00,73,00,74,00,00,00,00,\
00
"LsaPid"=dword:000002b4
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,4e,00,\
54,00,20,00,41,00,63,00,63,00,65,00,73,00,73,00,20,00,50,00,72,00,6f,00,76,\
00,69,00,64,00,65,00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
6e,00,74,00,6d,00,61,00,72,00,74,00,61,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:46,fd,c1,fd,a2,2f,60,2e,7b,dd,cd,bc,04,79,cc,d6,62,37,63,35,63,\
32,33,66,00,68,07,00,01,00,00,00,d8,00,00,00,dc,00,00,00,48,fa,06,00,d6,48,\
5a,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,d9,a2,fd,69

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:5a,6e,a4,7d,be,d1,62,37,c2

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:ad,d2,52,a0,53,fe

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:f3,67,5e,de,d0,63,ab,aa,09,46,16,1c,64,9c,c5,58

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SSO]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:c0,6f,f5,4f,c2,04,c7,01

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:80,77,b5,96,d8,4b,c3,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,a6,f1,be,d9,4b,c3,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:80,ea,d6,ec,d9,4b,c3,01
"Type"=dword:00000031

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr]
"Type"=dword:00000002
"Start"=dword:00000000
"ErrorControl"=dword:00000001
"Tag"=dword:00000004
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,73,00,72,00,2e,00,73,00,79,00,73,\
00,00,00
"DisplayName"="System Restore Filter Driver"
"Group"="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Parameters]
"FirstRun"=dword:00000000
"DontBackup"=dword:00000000
"MachineGuid"="{FABC5417-0F77-407C-A60D-98F7771581CB}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Enum]
"0"="Root\\LEGACY_SR\00"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"DisableRegistryTools"=dword:00000000



Logfile of HijackThis v1.99.1
Scan saved at 9:47:34 AM, on 8/30/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Picaboo\Picaboo\PicabooMain.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG12.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Simple Star PhotoShow Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ShutterflyStudio] C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUQualityAgent.exe
O4 - Startup: Picaboo.lnk = C:\Program Files\Picaboo\Picaboo\PicabooMain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {E6C4420E-0669-4518-B825-F63CDDEF7D5D} (InitOcx Control) - http://cube.async.caltech.edu/init.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

• Download GMER by GMER from here
• Unzip it to a folder on your desktop
• Double click on gmer.exe to launch GMER
• If asked, allow the gmer.sys driver load
• If it warns you about rootkit activity and asks if you want to run scan, click OK
• If you don't get a warning then
  • Click the rootkit tab
  • Click Scan
• Once the scan has finished, click copy
• Paste the log into notepad using Ctrl+V
• Save it to your desktop as gmerrk.txt
• Click on the >>> tab
• This will open up the rest of the tabs for you
• Click on the Autostart tab
• Click on Scan
• Once the scan has finished, click copy
• Paste the log into notepad using Ctrl+V
• Save it to your desktop as gmerautos.txt
• Copy and paste the contents of gmerautos.txt and gmerrk.txt as a reply to this topic

Hi,

I am up to where you say "click on the >>> tab", and I cannot figure what that means. Help...

Thanks!

It's the one that looks like this:

OK, I must be an idiot I know but I don't see anything like that. What is on my desktop is gmerrk.txt and when I open it the notepad just pops up. What am I doing wrong??