hey thanks for helping me out... here is what you asked for:
uninstall list:
Ad-Aware SE Professional
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.7
AFPL Ghostscript 8.53
AFPL Ghostscript Fonts
AlienGUIse Theme Manager
ALPS Touch Pad Driver
Apple Software Update
Ares 2.0.9
AVG Anti-Spyware 7.5
Azureus
biolsp patch
Boeing IPSec Client v06_01.054
BOEPubSub
BOEUtility 4.2.0C V5R16
BOEUtility 4.3.0- V5R16
BOEUtility 4.4.0A V5R17
BOEV5ToIVT
BOEV5ToIVT
BOEV5ToIVT
Broadcom Advanced Control Suite
Broadcom TPM Driver Installer
BV5
BV5MGR
Compresor WinRAR
Conexant HDA D110 MDC V.92 Modem
Cucusoft DVD to Zune + Zune Video Converter Suite 7.5.7.3
DameWare Mini Remote Control
DameWare NT Utilities
Dassault Systemes Software B17SP1PRALL
DEEM
Dell Embassy Trust Suite by Wave Systems
Dell Support 3.2.1
Dell Wireless WLAN Card
Digital Line Detect
Document Manager Lite
EMBASSY Security Center
EMBASSY Trust Suite by Wave Systems
ETS Launch Pad
ETS Upgrade
FileZilla (remove only)
GIGARANGE USB Utility
Google Desktop
Google Earth Pro
GSview 4.8
High Definition Audio Driver Package - KB835221
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
IVT 4.1.2 Production
Java 6 Update 2
LiveUpdate 2.0 (Symantec Corporation)
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIRC
Mocha W32 TN3270
Modem Helper
Mozilla Firefox (2.0.0.4)
Mozilla Firefox (2.0.0.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Nero 7 Ultra Edition
neroxml
NTRU Hybrid TSS v2.0.25
NVIDIA Drivers
Preboot Manager
Private Information Manager
QuickSet
QuickTime
SearchAssist
Secure Update
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Wizards
Symantec AntiVirus
Tera Term Pro
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
upekmsi
URL Assistant
Video Access Codec v1.4
VideoLAN VLC media player 0.8.6c
VNC Free Edition 4.1.2
Wave Infrastructure Installer
Wave Support Software
WebVideo Support
Winamp (remove only)
Windows Driver Package - Microsoft WPD (12/01/2006 1.2.0.0)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB890859
WinZip
X-Win32 8.2
Zune
----------------------SDFIX:
SDFix: Version 1.105
Run by Administrator on Mon 09/17/2007 at 06:51 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage
Restoring Default Desktop Components Value
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Documents and Settings\Administrator\Desktop\Error Cleaner.url - Deleted
C:\Documents and Settings\Administrator\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\Administrator\Desktop\Privacy Protector.url - Deleted
C:\Documents and Settings\Administrator\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\Administrator\Desktop\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\Administrator\Favorites\Spyware&Malware Protection.url - Deleted
C:\Program Files\VideoAccessCodec\install.ico - Deleted
C:\Program Files\VideoAccessCodec\Uninstall.exe - Deleted
C:\Program Files\VideoAccessCodec\VideoAccessCodec.ocx - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\main_uninstaller.exe - Deleted
C:\WINDOWS\msmdev.dll - Deleted
C:\WINDOWS\msmhost.dll - Deleted
C:\WINDOWS\nsduo.dll - Deleted
Folder C:\Program Files\VideoAccessCodec - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\Documents and Settings\mroman.NA\My Documents\My Music\Alternativon\311\311 - Don't Tread On Me (2005) - Rock - www.torrentazos.com By F\AlbumArtSmall.jpg
C:\Documents and Settings\mroman.NA\My Documents\My Music\Alternativon\311\311 - Don't Tread On Me (2005) - Rock - www.torrentazos.com By F\AlbumArt_{24B9FF42-3CA6-4F5B-8F38-17E914B0B030}_Large.jpg
C:\Documents and Settings\mroman.NA\My Documents\My Music\Alternativon\311\311 - Don't Tread On Me (2005) - Rock - www.torrentazos.com By F\AlbumArt_{24B9FF42-3CA6-4F5B-8F38-17E914B0B030}_Small.jpg
C:\Documents and Settings\mroman.NA\My Documents\My Music\Alternativon\311\311 - Don't Tread On Me (2005) - Rock - www.torrentazos.com By F\desktop.ini
C:\Documents and Settings\mroman.NA\My Documents\My Music\Alternativon\311\311 - Don't Tread On Me (2005) - Rock - www.torrentazos.com By F\Folder.jpg
C:\Documents and Settings\mroman.NA\My Documents\My Music\Alternativon\311\311 - Don't Tread On Me (2005) - Rock - www.torrentazos.com By F\Thumbs.db
C:\Documents and Settings\mroman.NA\My Documents\My Music\Alternativon\Three Days Grace-OneX-www.mozayka.com\AlbumArtSmall.jpg
C:\Documents and Settings\mroman.NA\My Documents\My Music\Alternativon\Three Days Grace-OneX-www.mozayka.com\AlbumArt_{DF781BF4-9A3A-44D7-946B-1BDCFF8779FD}_Large.jpg
C:\Documents and Settings\mroman.NA\My Documents\My Music\Alternativon\Three Days Grace-OneX-www.mozayka.com\AlbumArt_{DF781BF4-9A3A-44D7-946B-1BDCFF8779FD}_Small.jpg
C:\Documents and Settings\mroman.NA\My Documents\My Music\Alternativon\Three Days Grace-OneX-www.mozayka.com\desktop.ini
C:\Documents and Settings\mroman.NA\My Documents\My Music\Alternativon\Three Days Grace-OneX-www.mozayka.com\Folder.jpg
C:\Documents and Settings\mroman.NA\My Documents\My Music\Alternativon\Three Days Grace-OneX-www.mozayka.com\Thumbs.db
C:\Documents and Settings\mroman.NA\My Documents\My Music\Alternativon\Tom Morello - Bold as Rage - audioslaveLATINO.com\AlbumArtSmall.jpg
C:\Documents and Settings\mroman.NA\My Documents\My Music\Alternativon\Tom Morello - Bold as Rage - audioslaveLATINO.com\AlbumArt_{05327A41-951D-4879-BFCD-6CF4C172E75B}_Large.jpg
C:\Documents and Settings\mroman.NA\My Documents\My Music\Alternativon\Tom Morello - Bold as Rage - audioslaveLATINO.com\AlbumArt_{05327A41-951D-4879-BFCD-6CF4C172E75B}_Small.jpg
C:\Documents and Settings\mroman.NA\My Documents\My Music\Alternativon\Tom Morello - Bold as Rage - audioslaveLATINO.com\AlbumArt_{3450CF3C-2299-483F-8147-11361569C366}_Large.jpg
C:\Documents and Settings\mroman.NA\My Documents\My Music\Alternativon\Tom Morello - Bold as Rage - audioslaveLATINO.com\AlbumArt_{3450CF3C-2299-483F-8147-11361569C366}_Small.jpg
C:\Documents and Settings\mroman.NA\My Documents\My Music\Alternativon\Tom Morello - Bold as Rage - audioslaveLATINO.com\desktop.ini
C:\Documents and Settings\mroman.NA\My Documents\My Music\Alternativon\Tom Morello - Bold as Rage - audioslaveLATINO.com\Folder.jpg
C:\Documents and Settings\mroman.NA\My Documents\My Music\Alternativon\Tom Morello - Bold as Rage - audioslaveLATINO.com\Thumbs.db
C:\Documents and Settings\mroman.NA\My Documents\My Music\Nuevos Discos Bajados\Justice_-_Cross-2007_www.musicologyfreedom.blogspot.com\Thumbs.db
C:\Documents and Settings\mroman.NA\My Documents\My Music\Nuevos Discos Bajados\Justice_-_Cross-2007_www.musicologyfreedom.blogspot.com\Justice - Cross-2007\AlbumArtSmall.jpg
C:\Documents and Settings\mroman.NA\My Documents\My Music\Nuevos Discos Bajados\Justice_-_Cross-2007_www.musicologyfreedom.blogspot.com\Justice - Cross-2007\Folder.jpg
C:\Documents and Settings\mroman.NA\NetHood\splr-ElecLabinal-wkg on www-blv-60.nw.nos.boeing.com\Desktop.ini
C:\Documents and Settings\mroman.NA\NetHood\splr-pubs on www-blv-60.nw.nos.boeing.com\Desktop.ini
C:\Respaldo\Alternative\Placebo - Once More With Feeling (2004) - Rock [www.torrentazos.com]\Thumbs.db
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch6\lock.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\mroman.NA\Local Settings\Temp\BIT1.tmp
C:\Documents and Settings\mroman.NA\Local Settings\Temp\BIT17.tmp
C:\Documents and Settings\mroman.NA\Local Settings\Temp\BIT2.tmp
C:\Documents and Settings\mroman.NA\Local Settings\Temp\BIT228.tmp
C:\Documents and Settings\mroman.NA\Local Settings\Temp\BIT2F.tmp
C:\Documents and Settings\mroman.NA\Local Settings\Temp\BIT3.tmp
C:\Documents and Settings\mroman.NA\Local Settings\Temp\BIT30.tmp
C:\Documents and Settings\mroman.NA\Local Settings\Temp\BIT31.tmp
C:\Documents and Settings\mroman.NA\Local Settings\Temp\BIT3B.tmp
C:\Documents and Settings\mroman.NA\My Documents\Personal\Residencias\Helpdesk 787\~WRL0803.tmp
Finished!
SmitFraudFix v2.225
Scan done at 19:22:52.94, Mon 09/17/2007
Run from C:\Documents and Settings\mroman.NA\Desktop\smitfraud\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Dassault Systemes\B17SP1PRALL\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\DWRCST.exe
C:\WINDOWS\system32\slagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\mroman.NA
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\mroman.NA\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\mroman.NA\FAVORI~1
C:\DOCUME~1\mroman.NA\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\mroman.NA\FAVORI~1\Privacy Protector.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
C:\DOCUME~1\mroman.NA\Desktop\Error Cleaner.url FOUND !
C:\DOCUME~1\mroman.NA\Desktop\Privacy Protector.url FOUND !
C:\DOCUME~1\mroman.NA\Desktop\Spyware?Malware Protection.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wxvault.dll C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL,wbsys.dll C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
DNS Server Search Order: 10.182.20.20
DNS Server Search Order: 10.182.20.23
Description: Dell Wireless 1390 WLAN Mini-Card - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{632C388B-1D51-4244-954E-E6EC68E3E2A8}: DhcpNameServer=10.182.20.20 10.182.20.23
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D811A52F-6454-416F-A8E7-F3C869C98D04}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{632C388B-1D51-4244-954E-E6EC68E3E2A8}: DhcpNameServer=10.182.20.20 10.182.20.23
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D811A52F-6454-416F-A8E7-F3C869C98D04}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{632C388B-1D51-4244-954E-E6EC68E3E2A8}: DhcpNameServer=10.182.20.20 10.182.20.23
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D811A52F-6454-416F-A8E7-F3C869C98D04}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.182.20.20 10.182.20.23
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.182.20.20 10.182.20.23
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.182.20.20 10.182.20.23
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
HIjackThis::::::::::::::::::::::::::
Logfile of HijackThis v1.99.1
Scan saved at 7:27:16 PM, on 9/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Dassault Systemes\B17SP1PRALL\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\DWRCST.exe
C:\WINDOWS\system32\slagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2070219
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2070219
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
http://srnachd03/proxy787.pac
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Chekrite] "C:\Program Files\INCAT\Chekrite\Default\Chekrite.vbs"
O4 - HKLM\..\Run: [VCPCheck] %ProgramFiles%\DEEM\Environments\Production\plugins\bv5\default\vcpcheck.vbs
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OfcpfwSvcs.exe] C:\WINDOWS\system32\OfcpfwSvcs.exe
O4 - HKLM\..\Run: [WinxWifi32] WinxWifi.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\RunServices: [WinxWifi32] WinxWifi.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx2.mail.liv...es/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.labinal.snecma
O17 - HKLM\Software\..\Telephony: DomainName = na.labinal.snecma
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.labinal.snecma
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = chh.na.labinal.snecma,na.labinal.snecma,labinal.snecma,snecma
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = chh.na.labinal.snecma,na.labinal.snecma,labinal.snecma,snecma
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: wxvault.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,wbsys.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B17SP1PRALL\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.EXE
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Thanks!