Warning! Spyware detected on this computer. Install an antivirus or spyware remover to clean your computer.

 

Then it pops up a bluescreen which seems to be fake. After that it says "cannot find file xlibgfl254.dll" and "Cannot find file .tt36.tmp.vbs"

 

Definately seems like something was downloaded for a fake virus.

 

Heres the HJT file.

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:48: VIRUS ALERT!, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
E:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 www.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
O1 - Hosts: 1.1.1.1 customer.symantec.com
O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
O1 - Hosts: 1.1.1.1 download.mcafee.com
O1 - Hosts: 1.1.1.1 rads.mcafee.com
O1 - Hosts: 1.1.1.1 mast.mcafee.com
O1 - Hosts: 1.1.1.1 my-etrust.com
O1 - Hosts: 1.1.1.1 www.my-etrust.com
O1 - Hosts: 1.1.1.1 nai.com
O1 - Hosts: 1.1.1.1 www.nai.com
O1 - Hosts: 1.1.1.1 networkassociates.com
O1 - Hosts: 1.1.1.1 secure.nai.com
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 service1.symantec.com
O1 - Hosts: 1.1.1.1 sophos.com
O1 - Hosts: 1.1.1.1 www.sophos.com
O1 - Hosts: 1.1.1.1 support.microsoft.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 www.symantec.com
O1 - Hosts: 1.1.1.1 update.symantec.com
O1 - Hosts: 1.1.1.1 updates.symantec.com
O1 - Hosts: 1.1.1.1 us.mcafee.com
O1 - Hosts: 1.1.1.1 vil.nai.com
O1 - Hosts: 1.1.1.1 viruslist.com
O1 - Hosts: 1.1.1.1 www.viruslist.com
O1 - Hosts: 1.1.1.1 grisoft.com
O1 - Hosts: 1.1.1.1 www.grisoft.com
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 trendmicro.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 www.trendmicro.com
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 www.pandasoftware.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 www.ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com
O1 - Hosts: 1.1.1.1 www.webroot.com
O1 - Hosts: 1.1.1.1 webroot.com
O1 - Hosts: 1.1.1.1 bleepingcomputer.com
O1 - Hosts: 1.1.1.1 www.bleepingcomputer.com
O1 - Hosts: 1.1.1.1 techguy.org
O1 - Hosts: 1.1.1.1 forums.techguy.org
O1 - Hosts: 1.1.1.1 yandao.com
O1 - Hosts: 1.1.1.1 www.yandao.com
O3 - Toolbar: (no name) - {0E677229-E309-4341-81BD-3CC3018BF5B3} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb125\Dealio.dll (file missing)
O3 - Toolbar: gxvpsafm - {FF20AF38-AD56-4361-AE03-339130767E26} - C:\WINDOWS\gxvpsafm.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [lphc17bj0ev63] C:\WINDOWS\system32\lphc17bj0ev63.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [SMrhc57bj0ev63] C:\Program Files\rhc57bj0ev63\rhc57bj0ev63.exe
O4 - HKLM\..\Run: [445fd6ce] rundll32.exe "C:\WINDOWS\system32\mcwgvrkr.dll",b
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinSpywareProtect] "C:\Documents and Settings\All Users.WINDOWS\Application Data\ADSL Software Ltd\WinSpywareProtect\winspywareprotect.exe" /autorun
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm011YYUS
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Application Data\Dealio\kb125\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\Program Files\XoloX\SbCIe026.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb125\Dealio.dll (file missing)
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb125\Dealio.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/WebfettiInitialSetup1.0.0.15-3.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/05433750c292e4515f00/netzip/RdxIE2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122928908734
O16 - DPF: {72944257-0AE0-44FD-8A51-AA21853092C8} - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi.dll
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/shockwave/cannonballs/install.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_3_0.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.112
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.112
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O21 - SSODL: PrxSDRAM - {75932bae-0436-489b-b859-2d8ae29d937d} - C:\WINDOWS\Resources\PrxSDRAM.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
O24 - Desktop Component 0: (no name) - http://www.seahawks.com/WallScreen/OffenseTH.jpg
O24 - Desktop Component 1: (no name) - http://www.seahawks.com/WallScreen/helmet_thumb.jpg
O24 - Desktop Component 2: (no name) - http://lundestudio.com/thumbnail/p220c-sao-tt-left-full.jpg
O24 - Desktop Component 3: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 12803 bytes

 

 

You´ve certainly got some crap there

 

 

----------------------------------------------------------------------------

 

Please download Combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

 

And save to the desktop.

Close all other browser windows.

 

 

 

Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".

 

 

Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.

 

Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

 When finished, it will produce a logfile located at C:\combofix.txt.

 

Post the contents of that log in your next reply with a new hijackthis log, and C:\rapport.txt.

 

Please copy and paste your log files. DO NOT add it as an attachment

NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.

---

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O3 - Toolbar: (no name) - {0E677229-E309-4341-81BD-3CC3018BF5B3} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb125\Dealio.dll (file missing)
O3 - Toolbar: gxvpsafm - {FF20AF38-AD56-4361-AE03-339130767E26} - C:\WINDOWS\gxvpsafm.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [SMrhc57bj0ev63] C:\Program Files\rhc57bj0ev63\rhc57bj0ev63.exe
O4 - HKLM\..\Run: [SMshc77bj0ev63] C:\Program Files\shc77bj0ev63\shc77bj0ev63.exe
O4 - HKLM\..\Run: [445fd6ce] rundll32.exe "C:\WINDOWS\system32\yqmclqrf.dll",b
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm011YYUS
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Application Data\Dealio\kb125\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\Program Files\XoloX\SbCIe026.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb125\Dealio.dll (file missing)
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb125\Dealio.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/WebfettiInitialSetup1.0.0.15-3.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/05433750c292e4515f00/netzip/RdxIE2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122928908734
O16 - DPF: {72944257-0AE0-44FD-8A51-AA21853092C8} - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi.dll
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/shockwave/cannonballs/install.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_3_0.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
O24 - Desktop Component 0: (no name) - http://lundestudio.com/thumbnail/p220c-sao-tt-left-full.jpg

--
End of file - 9653 bytes

 

Heres the one from Combofix

ComboFix 08-06-20.4 - Owner 2008-06-29 10:43:29.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.353 [GMT -7:00]Running from: C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Desktop\ComboFix.exe
Command switches used :: /snapshot

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080607220737687.log
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080608065639484.log
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080608072449296.log
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080608142048015.log
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080608144330000.log
C:\Documents and Settings\All Users.WINDOWS\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe
C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Application Data\{2CF0B992-5EEB-4143-99C0-5297EF71F444}
C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Application Data\ASKS~1
C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Application Data\AXPDefender
C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Application Data\FunWebProducts
C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Application Data\FunWebProducts\Data\Owner\avatar.dat
C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Application Data\ICROSO~1
C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Application Data\MBOLS~1
C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Application Data\PPPATC~1
C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Application Data\PPPATC~1\?ppPatch\
C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Application Data\ultra
C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Application Data\ultra\ultra.inf
C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Application Data\ultra\uninstall.bat
C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\err.log
C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\My Documents\DOBE~1
C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\My Documents\ICROSO~1
C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\My Documents\SKS~1
C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\My Documents\SMANTE~1
C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\My Documents\WNSXS~1
C:\Program Files\Common Files\curity~1
C:\Program Files\Common Files\dobe~1
C:\Program Files\Common Files\racle~1
C:\Program Files\Common Files\sks~1
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\fnts~1
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\ISM2
C:\Program Files\ISM2\cringupd.exe
C:\Program Files\ISM2\dictionary.gz
C:\Program Files\ISM2\ISMPack5.exe
C:\Program Files\ISM2\ISMPack6.exe
C:\Program Files\ISM2\ISMPack7.exe
C:\Program Files\ISM2\targets.gz
C:\Program Files\msmovies
C:\Program Files\msmovies\p.zip
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\02E25A5F
C:\Program Files\MyWebSearch\bar\Cache\02E2F16F.bin
C:\Program Files\MyWebSearch\bar\Cache\02E32CF1.bin
C:\Program Files\MyWebSearch\bar\Cache\02E35FF7.bin
C:\Program Files\MyWebSearch\bar\Cache\02E37842.bin
C:\Program Files\MyWebSearch\bar\Cache\02E38F16.bin
C:\Program Files\MyWebSearch\bar\Cache\02E3B3A5
C:\Program Files\MyWebSearch\bar\Cache\02E468CC.bin
C:\Program Files\MyWebSearch\bar\Cache\02E4B16E.bin
C:\Program Files\MyWebSearch\bar\Cache\02E4F8F7.bin
C:\Program Files\MyWebSearch\bar\Cache\02E53E4D.bin
C:\Program Files\MyWebSearch\bar\Cache\02E566E3.bin
C:\Program Files\MyWebSearch\bar\Cache\043E826C.bin
C:\Program Files\MyWebSearch\bar\Cache\043E87FA.bin
C:\Program Files\MyWebSearch\bar\Cache\043E92B8.bin
C:\Program Files\MyWebSearch\bar\Cache\0E7B495E
C:\Program Files\MyWebSearch\bar\Cache\15FAF121
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Program Files\PlayMP3z
C:\Program Files\PlayMP3z\PlayMP3.exe
C:\Program Files\PlayMP3z\uninstall.exe
C:\WINDOWS\ewgf.exe
C:\WINDOWS\fnts~1
C:\WINDOWS\fnts~2
C:\WINDOWS\inf\ultra.inf
C:\WINDOWS\mbols~1
C:\WINDOWS\NDNuninstall4_85.exe
C:\WINDOWS\NDNuninstall6_98.exe
C:\WINDOWS\NDNuninstall7_14.exe
C:\WINDOWS\racle~1
C:\WINDOWS\racle~1\n?pdb.exe
C:\WINDOWS\resources\PrxSDRAM.dll
C:\WINDOWS\sstem~1
C:\WINDOWS\system32\247880
C:\WINDOWS\system32\247880\247880.dll
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\awtqrrOH.dll
C:\WINDOWS\system32\cabine.dll
C:\WINDOWS\system32\cfg.dat
C:\WINDOWS\system32\crosof~1
C:\WINDOWS\system32\ecurit~1
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\HOrrqtwa.ini
C:\WINDOWS\system32\HOrrqtwa.ini2
C:\WINDOWS\system32\icroso~1.net
C:\WINDOWS\system32\lanmandrv.sys
C:\WINDOWS\system32\lanmanwrk.exe
C:\WINDOWS\system32\mantec~1
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\qmopt.dll
C:\WINDOWS\system32\rkrvgwcm.ini
C:\WINDOWS\system32\rtmipr.dll
C:\WINDOWS\system32\sihxglwe.ini
C:\WINDOWS\system32\sstem3~1
C:\WINDOWS\system32\sysrest.sys
C:\WINDOWS\system32\sysrest32.exe
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\uninstall.exe
C:\WINDOWS\system32\wcpisvtr32.exe
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\system32\xlibgfl254.dll
C:\WINDOWS\system32\ystem~1
C:\WINDOWS\ymante~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LANMANDRV
-------\Legacy_NPF
-------\Legacy_SYSREST.SYS
-------\Service_lanmandrv
-------\Service_sysrest.sys


((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-29 10:25 . 2008-06-29 10:25 3,020 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-29 10:20 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-29 10:20 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-29 10:20 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-29 10:20 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-29 10:20 . 2008-06-23 23:34 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-06-29 10:20 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-29 10:20 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-29 10:20 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-29 10:20 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-26 16:12 . 2008-06-26 16:12 92,032 --a------ C:\WINDOWS\system32\mcwgvrkr.dll
2008-06-26 07:36 . 2008-06-26 07:36 113 --a------ C:\3dfgg3423.bat
2008-06-25 12:33 . 2008-06-25 12:33 92,544 --a------ C:\WINDOWS\system32\ewlgxhis.dll
2008-06-25 12:27 . 2008-06-25 10:02 229,376 --a------ C:\WINDOWS\pntqkflv.dll
2008-06-25 12:27 . 2008-06-25 10:02 180,224 --a------ C:\WINDOWS\qegbdmwf.dll
2008-06-25 12:27 . 2008-06-25 10:02 155,648 --a------ C:\WINDOWS\gxvpsafm.dll
2008-06-25 12:27 . 2008-06-25 10:02 81,920 --a------ C:\WINDOWS\tovafrnm.exe
2008-06-25 12:27 . 2008-06-25 12:27 28,800 --a------ C:\WINDOWS\system32\yayxvvuV.dll
2008-06-25 12:27 . 2008-06-25 12:27 28,800 --a------ C:\WINDOWS\system32\hgGaabxu.dll
2008-06-25 12:26 . 2008-06-25 12:26 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ADSL Software Ltd
2008-06-22 18:06 . 2008-06-22 17:56 60,928 --a------ C:\WINDOWS\system32\19.tmp
2008-06-22 11:45 . 2008-06-22 11:45 <DIR> d-------- C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Application Data\rhc57bj0ev63
2008-06-22 11:45 . 2008-06-24 17:55 94,208 --a------ C:\WINDOWS\system32\pphc17bj0ev63.exe
2008-06-21 21:26 . 2008-06-21 21:26 109,056 --a------ C:\WINDOWS\system32\lphc17bj0ev63.exe
2008-06-11 09:15 . 2008-06-11 09:15 680 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-09 23:41 . 2008-06-09 23:31 52,736 --a------ C:\WINDOWS\system32\82.tmp
2008-06-09 22:10 . 2008-06-09 22:00 52,736 --a------ C:\WINDOWS\system32\6A.tmp
2008-06-09 21:40 . 2008-06-09 21:30 52,736 --a------ C:\WINDOWS\system32\63.tmp
2008-06-09 21:30 . 2008-06-09 21:20 52,736 --a------ C:\WINDOWS\system32\60.tmp
2008-06-09 20:19 . 2008-06-09 20:09 52,736 --a------ C:\WINDOWS\system32\49.tmp
2008-06-09 20:09 . 2008-06-09 19:59 52,736 --a------ C:\WINDOWS\system32\46.tmp
2008-06-09 19:59 . 2008-06-09 19:49 52,736 --a------ C:\WINDOWS\system32\43.tmp
2008-06-09 19:49 . 2008-06-09 19:39 52,736 --a------ C:\WINDOWS\system32\40.tmp
2008-06-09 19:39 . 2008-06-09 19:29 52,736 --a------ C:\WINDOWS\system32\3D.tmp
2008-06-09 19:29 . 2008-06-09 19:18 52,736 --a------ C:\WINDOWS\system32\3A.tmp
2008-06-09 19:18 . 2008-06-09 19:08 52,736 --a------ C:\WINDOWS\system32\36.tmp
2008-06-09 19:08 . 2008-06-09 18:58 52,736 --a------ C:\WINDOWS\system32\33.tmp
2008-06-09 16:27 . 2008-06-09 16:17 52,736 --a------ C:\WINDOWS\system32\F7.tmp
2008-06-09 15:57 . 2008-06-09 15:47 52,736 --a------ C:\WINDOWS\system32\F0.tmp
2008-06-09 15:37 . 2008-06-09 15:26 52,736 --a------ C:\WINDOWS\system32\EB.tmp
2008-06-09 15:26 . 2008-06-09 15:16 52,736 --a------ C:\WINDOWS\system32\E8.tmp
2008-06-09 14:06 . 2008-06-09 13:56 52,736 --a------ C:\WINDOWS\system32\CF.tmp
2008-06-09 13:16 . 2008-06-09 13:06 52,736 --a------ C:\WINDOWS\system32\BE.tmp
2008-06-09 10:34 . 2008-06-09 10:24 52,736 --a------ C:\WINDOWS\system32\41.tmp
2008-06-09 08:53 . 2008-06-09 08:43 52,736 --a------ C:\WINDOWS\system32\14.tmp
2008-06-09 08:03 . 2008-06-09 08:03 <DIR> d-------- C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Application Data\shc77bj0ev63
2008-06-08 18:32 . 2008-06-08 18:32 <DIR> d-------- C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Application Data\AXPFixer
2008-06-07 22:07 . 2008-06-07 22:07 <DIR> d-------- C:\Program Files\LabelCommand
2008-06-07 16:58 . 2008-06-08 07:00 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-06-07 13:38 . 2008-06-07 13:38 3,824,707 --a------ C:\WINDOWS\HK In Action.dat
2008-06-07 13:38 . 2008-06-07 13:38 466,944 --a------ C:\WINDOWS\HK In Action.scr
2008-06-07 13:38 . 2008-06-07 13:38 180,224 --a------ C:\WINDOWS\UninstallWSST.exe
2008-06-07 13:38 . 2008-06-07 13:38 28,672 --a------ C:\WINDOWS\system32\ssconfig.exe
2008-06-07 13:38 . 2008-06-07 16:50 85 --a------ C:\WINDOWS\WSST_Screen_Saver.ini
2008-06-07 05:44 . 2008-06-06 17:44 52,736 --a------ C:\WINDOWS\system32\52D.tmp
2008-06-06 05:44 . 2008-06-05 17:43 52,736 --a------ C:\WINDOWS\system32\57.tmp
2008-06-04 21:35 . 2008-06-29 11:03 60,928 --a------ C:\WINDOWS\system32\blphc17bj0ev63.scr
2008-06-04 21:34 . 2008-06-29 11:02 90,838 --a------ C:\WINDOWS\system32\phc17bj0ev63.bmp
2008-06-03 21:48 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 23:16 --------- d-----w C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Application Data\MSN6
2008-06-25 19:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-23 00:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-06-13 18:06 --------- d-----w C:\Program Files\Red Kawa
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-19 23:56 --------- d-----w C:\Program Files\Wide Angle Software
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-29 04:59 98,688 -c--a-w C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Application Data\GDIPFONTCACHEV1.DAT
2007-01-17 14:37 14,167 -c--a-w C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\azuipsir.exe
2004-11-23 17:00 57,344 --sha-w C:\WINDOWS\lbbho.dll
2007-12-01 07:45 98,376 -csh--w C:\WINDOWS\Resources\kjkaxfilrm\lsass.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39D67F39-6F48-438A-80A2-F86FE363C215}]
2008-06-25 12:27 28800 --a------ C:\WINDOWS\system32\hgGaabxu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ABBD91B-0215-2FE1-7A7E-753F05B40CB8}]
C:\Program Files\BrowsingEnhancer\BrowsingEnhancer-1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86016F39-217A-4C98-BF81-213E8DDA8E2E}]
2004-11-23 10:00 57344 --ahs---- C:\WINDOWS\lbbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}]
C:\Program Files\ISM\BndDrive7.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B27CC68-110C-46a9-80D3-F3107DE6EB98}]
C:\Program Files\ISM\BndDrive3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D01A8B68-D46E-42C1-B967-9043543B6E0D}]
C:\WINDOWS\gfetqaxsdtf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2007-12-06 12:58 1198432 --a------ C:\Program Files\Search Settings\kb125\SearchSettings.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FF20AF38-AD56-4361-AE03-339130767E26}"= "C:\WINDOWS\gxvpsafm.dll" [2008-06-25 10:02 155648]

[HKEY_CLASSES_ROOT\clsid\{ff20af38-ad56-4361-ae03-339130767e26}]
[HKEY_CLASSES_ROOT\gxvpsafm.1]
[HKEY_CLASSES_ROOT\TypeLib\{EA6092DA-6BEE-4127-BA36-2DF51292C13E}]
[HKEY_CLASSES_ROOT\gxvpsafm]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"WinSpywareProtect"="C:\Documents and Settings\All Users.WINDOWS\Application Data\ADSL Software Ltd\WinSpywareProtect\winspywareprotect.exe" [2008-06-25 12:26 1160192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 18:54 116072]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"au"="C:\Program Files\Dealio\DealioAU.exe" [ ]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2007-12-06 12:58 1069920]
"QUICKCARE"="C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe" [2006-11-07 22:07 192512]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-01-05 00:27 176128]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38 241664]
"DXDllRegExe"="dxdllreg.exe" []
"lphc17bj0ev63"="C:\WINDOWS\system32\lphc17bj0ev63.exe" [2008-06-21 21:26 109056]
"sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe" [ ]
"SMrhc57bj0ev63"="C:\Program Files\rhc57bj0ev63\rhc57bj0ev63.exe" [ ]
"445fd6ce"="C:\WINDOWS\system32\mcwgvrkr.dll" [2008-06-26 16:12 92032]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{39D67F39-6F48-438A-80A2-F86FE363C215}"= C:\WINDOWS\system32\hgGaabxu.dll [2008-06-25 12:27 28800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGaabxu]
hgGaabxu.dll 2008-06-25 12:27 28800 C:\WINDOWS\system32\hgGaabxu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\awtqrrOH

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Device Detector 2.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Device Detector 2.lnk
backup=C:\WINDOWS\pss\Device Detector 2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner.WILLIAM-JK4BNNB^Start Menu^Programs^Startup^lsass.lnk]
path=C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Start Menu\Programs\Startup\lsass.lnk
backup=C:\WINDOWS\pss\lsass.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00f524d.exe]
C:\WINDOWS\system32\00f524d.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3WYJL3B2R7H9#Y]
C:\WINDOWS\System32\NuzK63G.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]
C:\Program Files\AutoUpdate\AutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bakra]
C:\WINDOWS\System32\IEHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Program Files\BearShare\BearShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Belt]
C:\WINDOWS\Belt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bold rule]
C:\DOCUME~1\OWNER~1.WIL\APPLIC~1\SECTBA~1\bolt coal safe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Breg]
C:\Program Files\Common Files\Java\breg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTV]
C:\Program Files\BTV\btv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClockSync]
C:\PROGRA~1\CLOCKS~1\Sync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClrSchLoader]
C:\Program Files\ClearSearch\Loader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\coolseekforpile]
C:\Documents and Settings\All Users.WINDOWS\Application Data\Date mags cool seek\Armymfcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dpi]
C:\Program Files\Common Files\Dpi\dpi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZmmod]
C:\PROGRA~1\ezula\mmod.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fxozj]
C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\My Documents\W?nSxS\n?tepad.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gfrec]
C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Application Data\??mbols\w?wexec.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ggw]
C:\WINDOWS\system32\??crosoft\c?rss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GWMDMMSG]
--a--c--- 2002-03-28 08:55 101611 C:\WINDOWS\GWMDMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hanp]
C:\DOCUME~1\OWNER~1.WIL\APPLIC~1\PPPATC~1\msdtc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2005-02-17 00:11 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\l4vm3]
C:\documents and settings\owner.william-jk4bnnb\local settings\temp\l4vm3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lanmanwrk.exe]
C:\WINDOWS\System32\lanmanwrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lich]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LimeShop]
C:\Program Files\LimeShop\LimeShoprun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
---hsc--- 2007-12-01 00:45 98376 C:\WINDOWS\Resources\kjkaxfilrm\lsass.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lsass]
C:\WINDOWS\System32\lanmanwrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mfcckmgd]
C:\WINDOWS\system32\mfcckmgd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
--a--c--- 2001-08-23 14:52 331830 C:\Program Files\Microsoft Works\WksSb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a--c--- 2001-07-25 08:00 184376 C:\Program Files\Microsoft Money\System\Money Express.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
--a--c--- 2001-07-25 08:00 241714 C:\Program Files\Microsoft Money\System\Activation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsMovies]
C:\Program Files\MsMovies\MsMovies.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net]
C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ole]
C:\WINDOWS\?racle\n?pdb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAS_Check]
C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pcsv]
C:\WINDOWS\system32\pcs\pcsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prein]
C:\DOCUME~1\OWNER~1.WIL\LOCALS~1\Temp\app1A2.tmp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pro]
C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Application Data\23362.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSPVideo9]
--a------ 2005-10-29 17:56 606208 C:\Program Files\pspvideo9\pspVideo9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrModule9]
C:\Program Files\QdrModule\QdrModule9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrPack11]
C:\Program Files\QdrPack\QdrPack11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rff]
C:\WINDOWS\system32\??mantec\??chost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
---hsc--- 2007-12-01 00:45 98376 C:\WINDOWS\Resources\kjkaxfilrm\lsass.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rundll32_8]
C:\WINDOWS\System32\inetp60.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunWindowsUpdate]
C:\WINDOWS\uptodate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6_Check]
C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
C:\Program Files\Shareaza\Shareaza.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyBlocs]
C:\PROGRA~1\SpyBlocs\SpyBlocs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
C:\PROGRA~1\Toolbar\TBPS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbxayts]
C:\WINDOWS\System32\oohrehu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tiffev]
C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Application Data\?icrosoft\l?gonui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ultimate Cleaner]
C:\Program Files\WinSecureDisc\App.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr]
C:\Program Files\Common files\updmgr\updmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
C:\WINDOWS\wt\updater\wcmdmgrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
C:\PROGRA~1\WEATHE~1\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
C:\PROGRA~1\Save\Save.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows installer]
C:\winstall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xolox]
C:\Program Files\Xolox\Xolox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xrgwou]
C:\Program Files\Common Files\??curity\n?tepad.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yio]
C:\Program Files\F?nts\m?hta.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{2CF0B992-5EEB-4143-99C0-5297EF71F444}]
C:\WINDOWS\System32\stlbdist.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

S2 winsecuredisc;winsecuredisc;C:\Program Files\WinSecureDisc\drv\xpdriver.sys []
S2 WinToolsSvc;WinTools for IE service;C:\Program Files\Common Files\WinTools\WToolsS.exe []
S3 iscFlash;iscFlash;C:\WINDOWS\SYSTEM32\DRIVERS\iscflash.sys []
S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2003-12-15 18:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-12 22:09:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-25 23:00:00 C:\WINDOWS\Tasks\BD2EA928904D4EF4.job"
- c:\docume~1\owner~1.wil\applic~1\sectba~1\1idlepart.exe
"2008-06-29 18:18:00 C:\WINDOWS\Tasks\McAfee.com Update Check (WILLIAM-JK4BNNB-Owner).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-06-14 03:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Owner.job"
- C:\PROGRA~1\NORTON~1\Navw32.exep/task:
"2007-11-11 19:19:11 C:\WINDOWS\Tasks\WebReg Deskjet D1400 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 11:04:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lanmandrv]
"ImagePath"="\??\C:\WINDOWS\System32\lanmandrv.sys"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sysrest.sys]
"ImagePath"="\??\C:\WINDOWS\system32\sysrest.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\hgGaabxu.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\mcwgvrkr.dll
.
Completion time: 2008-06-29 11:20:34
ComboFix-quarantined-files.txt 2008-06-29 18:20:16

Pre-Run: 2,922,786,816 bytes free
Post-Run: 2,819,260,416 bytes free

564 --- E O F --- 2008-06-22 18:48:47


And here is the one from Smitfraud

SmitFraudFix v2.328

Scan done at 10:21:11.73, Sun 06/29/2008
Run from C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
1.1.1.1 f-secure.com
1.1.1.1 www.f-secure.com
1.1.1.1 ftp.f-secure.com
1.1.1.1 ftp.sophos.com
1.1.1.1 liveupdate.symantec.com
1.1.1.1 customer.symantec.com
1.1.1.1 dispatch.mcafee.com
1.1.1.1 download.mcafee.com
1.1.1.1 rads.mcafee.com
1.1.1.1 mast.mcafee.com
1.1.1.1 my-etrust.com
1.1.1.1 www.my-etrust.com
1.1.1.1 nai.com
1.1.1.1 www.nai.com
1.1.1.1 networkassociates.com
1.1.1.1 secure.nai.com
1.1.1.1 securityresponse.symantec.com
1.1.1.1 service1.symantec.com
1.1.1.1 sophos.com
1.1.1.1 www.sophos.com
1.1.1.1 symantec.com
1.1.1.1 www.symantec.com
1.1.1.1 update.symantec.com
1.1.1.1 updates.symantec.com
1.1.1.1 us.mcafee.com
1.1.1.1 vil.nai.com
1.1.1.1 viruslist.com
1.1.1.1 www.viruslist.com
1.1.1.1 grisoft.com
1.1.1.1 www.grisoft.com
1.1.1.1 free.grisoft.com
1.1.1.1 trendmicro.com
1.1.1.1 housecall.trendmicro.com
1.1.1.1 www.trendmicro.com
1.1.1.1 usa.kaspersky.com
1.1.1.1 zonelabs.com
1.1.1.1 www.zonelabs.com
1.1.1.1 bitdefender.com
1.1.1.1 www.bitdefender.com
1.1.1.1 download.bitdefender.com
1.1.1.1 upgrade.bitdefender.com
1.1.1.1 merijn.org
1.1.1.1 www.merijn.org
1.1.1.1 sysinternals.com
1.1.1.1 www.sysinternals.com
1.1.1.1 onguardonline.gov
1.1.1.1 www.onguardonline.gov
1.1.1.1 avast.com
1.1.1.1 www.avast.com
1.1.1.1 safety.live.com
1.1.1.1 www.paretologic.com
1.1.1.1 paretologic.com
1.1.1.1 virusscan.jotti.org
1.1.1.1 services.google.com
1.1.1.1 www.webroot.com
1.1.1.1 webroot.com
1.1.1.1 yandao.com
1.1.1.1 www.yandao.com

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\privacy_danger\ Deleted
C:\Documents and Settings\Owner.WILLIAM-JK4BNNB\Application Data\Install.dat Deleted
C:\DOCUME~1\OWNER~1.WIL\Desktop\Error Cleaner.url Deleted
C:\DOCUME~1\OWNER~1.WIL\Desktop\Privacy Protector.url Deleted
C:\DOCUME~1\OWNER~1.WIL\FAVORI~1\Online Security Test.url Deleted
C:\DOCUME~1\OWNER~1.WIL\FAVORI~1\Error Cleaner.url Deleted
C:\DOCUME~1\OWNER~1.WIL\FAVORI~1\Privacy Protector.url Deleted
C:\DOCUME~1\OWNER~1.WIL\FAVORI~1\Spyware?Malware Protection.url Deleted
C:\Program Files\antiviirus.exe Deleted
C:\Program Files\tmp???????.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\system32\689371\689371.dll deleted.
C:\WINDOWS\system32\689371\ deleted.


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.131 85.255.112.112
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.131 85.255.112.112
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.116.131 85.255.112.112


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Post Edited (Notwithit) : 29-06-2008 23:39:53 GMT

 

 

Please download Malwarebytes' Anti-Malware:

http://www.besttechie.net/tools/mbam-setup.exe

 

 

 

 to your desktop.

 

Double-click mbam-setup.exe and follow the prompts to install the program.

                     

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch

Malwarebytes' Anti-Malware, then click Finish.

                     

If an update is found, it will download and install the latest version.

                     

Once the program has loaded, select Perform full scan, then click Scan.

                     

When the scan is complete, click OK, then Show Results to view the results.

 

Be sure that everything is checked, and click Remove Selected.

 

When completed, a log will open in Notepad. Please save it to a convenient location.

 

Copy and Paste that log into your next reply, along with Report.txt from SDFix folder.

 

 

 

Post new combofix as well

 

 

---

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

 

 

 

• trojan.gen
• trojan-xiphoman

• mediaplace
• whenu
• bho_sep
• internet speed monitor
• hotbar/zango
• wild media - minigolf
• wildmedia
• websearch toolbar
• winsecuredisk
• seekerbar hijack
• 180search assistant/zango
• delfin
• keenvalue/perfectnav
• browseraid
• directrevenue-abetterinternet
• scbar
• topicks
• bookedspace
• ie driver
• relatedlinks bho