That scan took quite a long time, but here are my three reports of Combofix, Kaspersky, and Hijackthis... thanks again!
COMBOFIX:
ComboFix 08-04-13.3 - Lance 2008-04-16 15:59:16.2 - NTFSx86
Running from: C:\Documents and Settings\Lance\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lance\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\914351546
C:\Documents and Settings\All Users\Application Data\arobi.com
C:\Documents and Settings\All Users\Application Data\bufuvuzyca.exe
C:\Documents and Settings\All Users\Application Data\edudap.vbs
C:\Documents and Settings\All Users\Application Data\exeh.scr
C:\Documents and Settings\All Users\Application Data\ideqeres.bat
C:\Documents and Settings\All Users\Application Data\kipotegu.sys
C:\Documents and Settings\All Users\Application Data\sikixylume.bat
C:\Documents and Settings\All Users\Application Data\xygygupiju.scr
C:\Documents and Settings\Lance\Application Data\ulymodukal.sys
C:\Documents and Settings\Lance\DesktopEditorFKWP1.5.exe
C:\Documents and Settings\Lance\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\Lance\Desktopfilemanagerclient.exe
C:\Documents and Settings\Lance\Desktopfkwp1.5.exe
C:\Documents and Settings\Lance\Desktopfkwp2.0.exe
C:\Documents and Settings\Lance\Desktopfwebd.exe
C:\Documents and Settings\Lance\DesktopFWebdEditor.exe
C:\Documents and Settings\Lance\DesktopTrojan.Win32.BlackBird.exe
C:\p2hhr.bat
C:\Program Files\Common Files\asisixica.dat
C:\Program Files\Common Files\esejebenan.dll
C:\Program Files\Common Files\jyzutex.inf
C:\Program Files\Common Files\ofilygez.scr
C:\Program Files\Common Files\usuparago.pif
C:\WINDOWS\avyruz.dat
C:\WINDOWS\eciraxenil._sy
C:\WINDOWS\elym._dl
C:\WINDOWS\hivypowit.sys
C:\WINDOWS\ivedyre.vbs
C:\WINDOWS\kuvaleg.exe
C:\WINDOWS\pedemewo.com
C:\WINDOWS\system32\dbvywlsh.tmp
C:\WINDOWS\system32\emuk._sy
C:\WINDOWS\system32\gjankbmz.exe
C:\WINDOWS\system32\hywivozi.scr
C:\WINDOWS\system32\kutumuduqo.scr
C:\WINDOWS\system32\qukebit.dl
C:\WINDOWS\system32\unifeby.pif
C:\WINDOWS\system32\xavibyzad.scr
C:\WINDOWS\Tasks\B2F706A595C48321.job
C:\WINDOWS\VPC32.INI
C:\WINDOWS\xelave.dll
C:\WINDOWS\xohizuz.lib
C:\WINDOWS\ygytuko.exe
C:\WINDOWS\ziruzy.ban
C:\xmp.bat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\lance\applic~1\flapname
c:\docume~1\lance\applic~1\flapname\4374416B
C:\Documents and Settings\All Users\Application Data\arobi.com
C:\Documents and Settings\All Users\Application Data\bufuvuzyca.exe
C:\Documents and Settings\All Users\Application Data\edudap.vbs
C:\Documents and Settings\All Users\Application Data\exeh.scr
C:\Documents and Settings\All Users\Application Data\gfarcjyv
C:\Documents and Settings\All Users\Application Data\ideqeres.bat
C:\Documents and Settings\All Users\Application Data\kipotegu.sys
C:\Documents and Settings\All Users\Application Data\sikixylume.bat
C:\Documents and Settings\All Users\Application Data\xygygupiju.scr
C:\Documents and Settings\Lance\Application Data\ulymodukal.sys
C:\Documents and Settings\Lance\Desktopblackbird.jpg
C:\Documents and Settings\Lance\DesktopEditorFKWP1.5.exe
C:\Documents and Settings\Lance\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\Lance\Desktopfilemanagerclient.exe
C:\Documents and Settings\Lance\Desktopfkwp1.5.exe
C:\Documents and Settings\Lance\Desktopfkwp2.0.exe
C:\Documents and Settings\Lance\Desktopfwebd.exe
C:\Documents and Settings\Lance\DesktopFWebdEditor.exe
C:\Documents and Settings\Lance\DesktopTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Lance\Local Settings\Temporary Internet Files\domegurelo.lib
C:\Documents and Settings\Lance\Local Settings\Temporary Internet Files\josaviryr._dl
C:\p2hhr.bat
C:\Program Files\Common Files\asisixica.dat
C:\Program Files\Common Files\esejebenan.dll
C:\Program Files\Common Files\jyzutex.inf
C:\Program Files\Common Files\ofilygez.scr
C:\Program Files\Common Files\usuparago.pif
C:\Program Files\XoftSpySE
C:\Program Files\XoftSpySE\xAutoUpdate.dll
C:\temp\ext45874
C:\temp\ext45874\install.exe
C:\temp\ext45874\install.res.1033.dll
C:\WINDOWS\avyruz.dat
C:\WINDOWS\eciraxenil._sy
C:\WINDOWS\elym._dl
C:\WINDOWS\hivypowit.sys
C:\WINDOWS\ivedyre.vbs
C:\WINDOWS\kuvaleg.exe
C:\WINDOWS\pedemewo.com
C:\WINDOWS\system32\dbvywlsh.tmp
C:\WINDOWS\system32\emuk._sy
C:\WINDOWS\system32\gjankbmz.exe
C:\WINDOWS\system32\hywivozi.scr
C:\WINDOWS\system32\kutumuduqo.scr
C:\WINDOWS\system32\qukebit.dl
C:\WINDOWS\system32\unifeby.pif
C:\WINDOWS\system32\xavibyzad.scr
C:\WINDOWS\Tasks\B2F706A595C48321.job
C:\WINDOWS\VPC32.INI
C:\WINDOWS\xelave.dll
C:\WINDOWS\xohizuz.lib
C:\WINDOWS\ygytuko.exe
C:\WINDOWS\ziruzy.ban
C:\xmp.bat
.
((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.
2008-04-15 23:08 . 2008-04-15 23:08 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-15 23:01 . 2008-04-15 23:39 <DIR> d-------- C:\SDFix
2008-04-12 19:27 . 2008-04-12 19:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-09 12:56 . 2008-04-09 12:56 197 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-28 21:47 . 2008-03-28 21:47 3,908 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-28 09:03 . 2008-04-16 16:01 <DIR> d-------- C:\temp
2008-03-28 01:35 . 2008-03-28 01:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-28 01:34 . 2008-04-12 19:32 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 01:34 . 2008-04-12 19:32 <DIR> d-------- C:\Documents and Settings\Lance\Application Data\SUPERAntiSpyware.com
2008-03-28 00:36 . 2008-03-28 00:36 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-03-27 23:54 . 2008-03-27 23:54 <DIR> d-------- C:\Documents and Settings\Lance\Application Data\Ludia
2008-03-27 23:52 . 2008-03-27 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ludia
2008-03-27 23:50 . 2008-03-27 23:50 <DIR> d-------- C:\Program Files\Trymedia
2008-03-21 16:14 . 2008-03-21 16:16 <DIR> d-------- C:\Program Files\Gold Miner Vegas
2008-03-19 12:16 . 2008-03-19 12:16 <DIR> d-------- C:\Program Files\ReflexiveArcade
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 22:11 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-04-14 05:08 --------- d--h--w C:\Documents and Settings\Lance\Application Data\Move Networks
2008-04-14 04:32 --------- d-----w C:\Program Files\Yahoo!
2008-04-13 01:59 --------- d-----w C:\Program Files\Introduction to Accounting
2008-04-10 09:28 --------- d-----w C:\Documents and Settings\Lance\Application Data\U3
2008-03-31 18:32 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-29 04:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-29 04:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-29 02:28 --------- d-----w C:\Documents and Settings\Lance\Application Data\uTorrent
2008-03-29 02:02 --------- d-----w C:\Program Files\Symantec
2008-03-29 02:01 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-29 02:01 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-29 02:01 110,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-28 06:35 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-03-19 18:22 --------- d-----w C:\Program Files\PopCap Games
2008-03-15 05:38 --------- d-----w C:\Documents and Settings\Lance\Application Data\Malwarebytes
2008-03-15 05:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-14 22:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-14 22:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-14 22:10 --------- d-----w C:\Program Files\Viewpoint
2008-03-14 22:10 --------- d-----w C:\Program Files\AIM6
2008-03-14 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-03-14 08:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCap
2008-03-11 02:50 --------- d-----w C:\Program Files\InterActual
2008-03-10 05:57 --------- d-----w C:\Program Files\BrainSchool
2008-03-03 18:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-03 07:54 --------- d-----w C:\Program Files\AnMing
2008-03-03 07:53 --------- d-----w C:\Program Files\InterVideo
2008-03-03 07:52 --------- d-----w C:\Documents and Settings\Lance\Application Data\InterVideo
2008-03-03 07:51 --------- d-----w C:\Program Files\Graboid
2008-03-03 07:33 --------- d-----w C:\Program Files\GoldMinerVegas_at
2008-03-03 07:33 --------- d-----w C:\Program Files\AOL Games
2008-03-03 03:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-02-22 21:58 --------- d-----w C:\Program Files\iWin.com
2008-02-22 20:21 --------- d-----w C:\Program Files\iPod
2008-02-01 05:34 3,955,352 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2008-02-01 05:33 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-02-01 05:33 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2008-01-30 05:32 2,293,848 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2007-01-11 09:23 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.
((((((((((((((((((((((((((((( snapshot@2008-04-14_11.37.25.74 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 17:27:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-16 22:08:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-15 17:38:48 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-16 05:08:16 4,546,560 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\
00000001\NTUSER.DAT
+ 2008-04-16 05:08:16 184,320 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\
00000002\UsrClass.dat
+ 2008-04-15 17:38:48 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-16 05:08:09 4,546,560 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\
00000001\NTUSER.DAT
+ 2008-04-16 05:08:09 184,320 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\
00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-14 18:50 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"MoneyAgent"="c:\Program Files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 13:00 200767]
"Aim6"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-06-11 17:14 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AtiPTA"="atiptaxx.exe" [2002-06-11 17:56 286720 C:\WINDOWS\system32\atiptaxx.exe]
"CARPService"="carpserv.exe" [2003-05-21 15:35 4608 C:\WINDOWS\system32\carpserv.exe]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-12 09:05 36864]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 15:34 36864]
"Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 09:26 45056]
"QT4HPOT"="C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE" [2002-10-14 11:57 98304]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-09-09 16:42 126976]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-09-09 16:41 557056]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2002-10-23 15:19 176197]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ISLP2STA.EXE"="ISLP2STA.exe" []
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-13 06:27 185632]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Lance\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-12-20 12:29 125632]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 19:38 52840]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\LimeWire\\LimeWire.exe"=
"C:\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\Program Files\Symantec AntiVirus\rtvscan.exe"= C:\Program Files\Symantec AntiVirus\rtvscan.exe:128.187.21.147/255.255.255.255,128.187.21.148/255.255.255.255:Enabled:VirusScan(rtvscan.exe)
"C:\\Lance\\iTunes\\iTunes.exe"=
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\system32\drivers\caliaud.sys [2002-11-05 09:04]
R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys [2002-11-05 09:04]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2002-08-28 18:00]
S3 AR5523;Atheros USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2005-06-08 13:15]
S3 ATHFMWDL;Atheros USB Wireless Adapter Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2005-06-08 13:18]
S3 ISLP2;Intersil 802.11 Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\islp2nds.sys [2002-10-03 18:07]
S3 WLP92B;3Com 3CRWE62092B Wireless LAN PC Card;C:\WINDOWS\system32\DRIVERS\wlp92bf.sys [2002-08-27 07:28]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 20:10:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-04-16 16:10:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????3?0?1?6??P???? ?X#B?????????????l|B? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-16 16:22:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-16 22:21:32
ComboFix2.txt 2008-04-14 17:38:34
Pre-Run: 10,722,119,680 bytes free
Post-Run: 10,708,115,456 bytes free
.
2008-04-09 19:00:53 --- E O F ---
KASPERSKY:
KASPERSKY ONLINE SCANNER REPORT
2008-04-17 14:06
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/04/2008
Kaspersky Anti-Virus database records: 712233
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 90260
Number of viruses found 29
Number of infected objects 62
Number of suspicious objects 0
Duration of the scan process 04:09:56
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F880000\4F8EE136.VBN Infected: Trojan-Downloader.Win32.FraudLoad.x skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F880001\4F8EE1A8.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.cm skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F880002\4F8EE1BE.VBN Infected: Trojan.Win32.Agent.giy skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F880004\4F8EE33E.VBN Infected: Trojan-Downloader.Win32.FraudLoad.x skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F880005\4F8EE368.VBN Infected: Trojan-Downloader.Win32.FraudLoad.x skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F880006\4F8EE393.VBN Infected: Trojan-Downloader.Win32.FraudLoad.x skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F880007\4F8EE3E9.VBN Infected: not-a-virus:FraudTool.Win32.Reanimator.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F880008\4F8EE429.VBN Infected: Trojan-Downloader.Win32.FraudLoad.x skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F880009\4F8EE46F.VBN Infected: Trojan-Downloader.Win32.FraudLoad.x skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F88000A\4F8EE498.VBN Infected: not-a-virus:FraudTool.Win32.Reanimator.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F88000B\4F8EE4D6.VBN Infected: Trojan-Downloader.Win32.FraudLoad.x skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F88000C\4F8EE512.VBN Infected: Trojan-Downloader.Win32.FraudLoad.x skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F88000D\4F8EE548.VBN Infected: not-a-virus:FraudTool.Win32.Reanimator.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F88000E\4F8EE5A3.VBN Infected: not-a-virus:FraudTool.Win32.Reanimator.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F88000F\4F8EE5F6.VBN Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F880010\4F8EE623.VBN Infected: Trojan-Downloader.Win32.Small.svi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F880011\4F8EE681.VBN Infected: Trojan-Downloader.Win32.Small.svi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F880012\4F8EE6AC.VBN Infected: Trojan-Downloader.Win32.Small.svi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F880013\4F8EE6DA.VBN Infected: Trojan-Downloader.Win32.Small.svi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F880014\4F8EEBD9.VBN Infected: not-a-virus:AdWare.Win32.Vapsup.dco skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F880016\4F8EF45A.VBN Infected: not-a-virus:AdWare.Win32.Vapsup.dcn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F880017\4F8EFB86.VBN Infected: not-a-virus:AdWare.Win32.Vapsup.dcp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F880018\4F8F00C1.VBN Infected: not-a-virus:AdWare.Win32.Vapsup.dcq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F880019\4F8F012E.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F88001A\4F8F058B.VBN Infected: not-a-virus:AdWare.Win32.Vapsup.dcr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F88001C\4F8F0629.VBN Infected: Backdoor.Win32.Prosti.dr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F88001D\4F8F0642.VBN Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\Lance\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.30292 Infected: Trojan-Downloader.Win32.Agent.lfo skipped
C:\Documents and Settings\Lance\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.90287 Infected: Trojan-Downloader.Win32.Agent.lsw skipped
C:\Documents and Settings\Lance\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Lance\Desktop\Online Stuff\MyFunCardsSetup2.2.60.11-2.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.cb skipped
C:\Documents and Settings\Lance\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Lance\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Lance\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lance\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lance\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Lance\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0118NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0869NAV~.TMP Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\ContextTool\ContextTool-1.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.vm skipped
C:\QooBox\Quarantine\C\Program Files\ContextTool\ContextTool-3.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.vm skipped
C:\QooBox\Quarantine\C\WINDOWS\Web\def.htm.vir Infected: not-virus:Hoax.HTML.Secureinvites.c skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP590\A0040788.exe Infected: not-a-virus:AdWare.Win32.Agent.jb skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP617\A0043689.exe Infected: not-a-virus:AdTool.Win32.Zango.j skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP618\A0043698.dll Infected: not-a-virus:AdWare.Win32.HotBar.ck skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP622\A0046741.exe Infected: not-a-virus:AdWare.Win32.Megap.a skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP622\A0046743.exe/adblastdemo.exe Infected: not-a-virus:AdWare.Win32.Megap.a skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP622\A0046743.exe Vise: infected - 1 skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP624\A0047770.dll Infected: not-a-virus:AdWare.Win32.AdMedia.g skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP629\A0048779.exe/data.rar/crack.exe Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP629\A0048779.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.Small.iui skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP629\A0048779.exe/data.rar/serial.exe Infected: Trojan-Downloader.Win32.Small.swa skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP629\A0048779.exe/data.rar Infected: Trojan-Downloader.Win32.Small.swa skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP629\A0048779.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP630\A0048795.exe/data0000.bin/data0008 Infected: not-a-virus:AdWare.Win32.AdMedia.g skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP630\A0048795.exe/data0000.bin Infected: not-a-virus:AdWare.Win32.AdMedia.g skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP630\A0048795.exe EmbeddedEXE: infected - 2 skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP630\A0048796.exe Infected: Trojan-Downloader.Win32.Small.gkk skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP630\A0048799.exe Infected: Trojan-Downloader.Win32.Small.iui skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP631\A0049162.sys Infected: not-a-virus:FraudTool.Win32.UltimateDefender.cm skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP631\A0049165.sys Infected: not-a-virus:FraudTool.Win32.UltimateDefender.cm skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP631\A0052349.dll Infected: Trojan-Downloader.Win32.Agent.lsw skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP635\A0053747.exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP638\A0053933.exe Infected: Trojan-Downloader.Win32.Obfuscated.fi skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP640\A0055107.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP640\A0055107.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP640\A0055107.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP640\A0055115.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP640\A0055196.exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP642\A0055343.dll Infected: not-a-virus:AdWare.Win32.Agent.vm skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP642\A0055344.dll Infected: not-a-virus:AdWare.Win32.Agent.vm skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP644\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{4241BB2E-2BEC-4F36-B5F8-11D1DFC2CE6A}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
HIJACKTHIS:
Logfile of HijackThis v1.99.1
Scan saved at 14:09, on 2008-04-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Lance\iTunes\iTunesHelper.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://store.presari...t...c02&lc=0409
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISLP2STA.EXE] ISLP2STA.EXE START
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Lance\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O8 - Extra context menu item: &Search -
http://edits.mywebse...arch.jhtml?p=ZU
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\AIM.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Advisor - {1FBE245E-D937-4600-BD20-8407CA92EA83} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) -
http://www.worldwinn...rabblecubes.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cab
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) -
http://www.worldwinn...am/skillgam.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) -
http://www.worldwinn...GamesLoader.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) -
http://www.worldwinn...jattack/bja.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zon...O/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebo...otoUploader.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) -
http://www.worldwinn...d/bejeweled.cab
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) -
http://www.worldwinn...ll/freecell.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) -
http://www.worldwinn...jo/wordmojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) -
http://www.worldwinn...cubis/cubis.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) -
http://www.worldwinn...man/hangman.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab56907.cab
O16 - DPF: {C738EA53-97C2-441B-AC52-DFBC597BCBE5} (Chess Control) -
http://www.worldwinn...chess/chess.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) -
http://www.worldwinn...paint/paint.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) -
http://www.worldwinn.../familyfeud.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) -
https://signin3.valu...OCX/flashax.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe