Computer Running Slow - Geeks to Go!

Welcome Guest ( Log In | Register )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.

Geeks to Go! » Security » Malware Removal - HijackThis™ Logs Go Here

2 Pages

1 2 >

Computer Running Slow, IE running slow and redirected to spyware pages

Options

suddsy View Member Profile	May 15 2008, 05:50 PM Post #1
New Member Posts: 9 OS: xp	I have run adware and removed a number of spyware programs but problems are still occuring. Please find the hijackthis log below Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:16:52 PM, on 15/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\WINDOWS\SM1BG.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\VentSrv\ventrilo_svc.exe C:\Program Files\VentSrv\ventrilo_srv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\Pat.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mdg.ca/ R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {67306587-84F9-4D52-8D36-1BA169233BE0} - C:\WINDOWS\system32\rqRKDvsS.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: {db7fb798-41f0-ee09-da84-14b9d8fd46ca} - {ac64df8d-9b41-48ad-90ee-0f14897bf7bd} - C:\WINDOWS\system32\iobysjeo.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe" O4 - HKLM\..\Run: [800eeeff] rundll32.exe "C:\WINDOWS\system32\pyablxhw.dll",b O4 - HKLM\..\Run: [BM833ddd63] Rundll32.exe "C:\WINDOWS\system32\lfonvixr.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe" O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} - http://www.albatross18.com/season2/cabs/A18X.ocx O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Jimmy2012 View Member Profile	May 15 2008, 07:25 PM Post #2
GeekU Senior Posts: 915 From: Ohio, USA OS: Puppy linux, Windows XP	Hello suddsy, and welcome to Geeks to Go! . I'm currently reading over your log right now and I'll do my best to try to get your system clean. Since I'm still in training, there may be a slight delay between my posts because they must be checked by an expert.

Jimmy2012 View Member Profile	May 16 2008, 12:39 AM Post #3
GeekU Senior Posts: 915 From: Ohio, USA OS: Puppy linux, Windows XP	Hello suddsy, If you have any questions please feel free to ask. STEP 1 Please click start>control panel>add/remove programs. And remove the following program.(if present) Netcom3 Cleaner Please reopen HijackThis and click on Do a system scan only.And put a check next to the following entries. O2 - BHO: (no name) - {67306587-84F9-4D52-8D36-1BA169233BE0} - C:\WINDOWS\system32\rqRKDvsS.dll O2 - BHO: {db7fb798-41f0-ee09-da84-14b9d8fd46ca} - {ac64df8d-9b41-48ad-90ee-0f14897bf7bd} - C:\WINDOWS\system32\iobysjeo.dll O4 - HKLM\..\Run: [800eeeff] rundll32.exe "C:\WINDOWS\system32\pyablxhw.dll",b O4 - HKLM\..\Run: [BM833ddd63] Rundll32.exe "C:\WINDOWS\system32\lfonvixr.dll",s O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing) Once you have the checks in those entries please make sure all open windows are closed(keep HijackThis open) and click fix checked on HijackThis. Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator") Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): CODE C:\WINDOWS\system32\rqRKDvsS.dll C:\WINDOWS\system32\iobysjeo.dll C:\WINDOWS\system32\pyablxhw.dll C:\WINDOWS\system32\lfonvixr.dll C:\Program Files\Netcom3 Cleaner Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste. Click the red Moveit! button. A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply. Close OTMoveIt2 If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. STEP 2 Open HiJackThis Click on the "Config..." button on the bottom right Click on the tab "Misc Tools" click on "delete an NT service" Copy and paste this in: Netcom3 Click "ok", then reboot STEP 3 Please download Deckard's System Scanner (DSS) and save it to your Desktop. Close all other windows before proceeding. Double-click on dss.exe and follow the prompts. When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. ~~~~~~~~~~~ In your next reply please have these logs. The OTMoveIt2 log And the DSS main.txt and extra.txt

Jimmy2012 View Member Profile	May 16 2008, 04:56 PM Post #5
GeekU Senior Posts: 915 From: Ohio, USA OS: Puppy linux, Windows XP	Hello suddsy, STEP 1 We need to backup your registry: Please go to Start > Run Paste in the following line: regedit /e c:\registrybackup.reg Click OK. It won't appear to be doing anything, that's normal. Your mouse pointer may turn to an hour glass for a minute. Please continue when it no longer has the hour glass. Now we will need to make a .reg file.To do this please open up your notepad and copy the text below(in the code box) and paste it in your notepad.Make sure REGEDIT4 is the first thing there(no spaces before it) and make sure there is a blank line at the end of the file. CODE REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EDC21C19-54AA-449D-84B7-5AE713762FC1}] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 Save this file as fix.reg.Make sure you have the file type as All Files.Save this to your desktop.Then double click it and click yes to merge with your registry. STEP 2 Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator") Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): CODE C:\WINDOWS\system32\chlytdum.dll C:\WINDOWS\system32\vdvmehpd.dll C:\WINDOWS\system32\gbrblwbh.dll C:\WINDOWS\system32\SsvDKRqr.ini2 C:\WINDOWS\system32\tuiwftpq.dll C:\WINDOWS\system32\darwxmlb.dll C:\WINDOWS\system32\bvnoerjp.dll C:\WINDOWS\system32\xubvnxjd.dll C:\WINDOWS\system32\aphjdono.dll C:\WINDOWS\system32\rqRKDvsS.dll Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste. Click the red Moveit! button. A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply. Close OTMoveIt2 If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. I see that you have a P2P(Peer to Peer) program on your computer.While the program it self may be safe the files you get can be illegal and can also have malware in them also.I recommend you remove this program.(if you do not want to remove the P2P program please skip these red instructions) Please click start>control panel>add/remove programs. And remove the following program(if present)Also remove any other P2P programs you may have. LimeWire Once you have done that please remove following folders(if present) C:\Program Files\LimeWire C:\Documents and Settings\Pat\Application Data\LimeWire STEP 3 Please rescan with DSS Click on Start, click on Run Copy and paste the following in bold in the open window and then click OK "%userprofile%\desktop\dss.exe" /config This will open up DSS configuration Click on Check All Click Scan DSS will now run again When finished, please post back both logs that open in notepad: main.txt and extra.txt ~~~~~~~~~~~~ In your next reply please have these logs. The OTMoveIt2 log And the DSS main.txt and extra.txt

suddsy

May 16 2008, 07:01 PM

Post #6

New Member

Posts: 9
OS: xp

OTmoveit log

DllUnregisterServer procedure not found in C:\WINDOWS\system32\chlytdum.dll
C:\WINDOWS\system32\chlytdum.dll NOT unregistered.
C:\WINDOWS\system32\chlytdum.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vdvmehpd.dll
C:\WINDOWS\system32\vdvmehpd.dll NOT unregistered.
C:\WINDOWS\system32\vdvmehpd.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gbrblwbh.dll
C:\WINDOWS\system32\gbrblwbh.dll NOT unregistered.
C:\WINDOWS\system32\gbrblwbh.dll moved successfully.
C:\WINDOWS\system32\SsvDKRqr.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\tuiwftpq.dll
C:\WINDOWS\system32\tuiwftpq.dll NOT unregistered.
C:\WINDOWS\system32\tuiwftpq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\darwxmlb.dll
C:\WINDOWS\system32\darwxmlb.dll NOT unregistered.
C:\WINDOWS\system32\darwxmlb.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\bvnoerjp.dll
C:\WINDOWS\system32\bvnoerjp.dll NOT unregistered.
C:\WINDOWS\system32\bvnoerjp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xubvnxjd.dll
C:\WINDOWS\system32\xubvnxjd.dll NOT unregistered.
C:\WINDOWS\system32\xubvnxjd.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\aphjdono.dll
C:\WINDOWS\system32\aphjdono.dll NOT unregistered.
C:\WINDOWS\system32\aphjdono.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rqRKDvsS.dll
C:\WINDOWS\system32\rqRKDvsS.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\rqRKDvsS.dll scheduled to be moved on reboot.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05162008_204841

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rqRKDvsS.dll
C:\WINDOWS\system32\rqRKDvsS.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\rqRKDvsS.dll scheduled to be moved on reboot.

main.txt

eckard's System Scanner v20071014.68
Run by Pat on 2008-05-16 20:54:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
14: 2008-05-17 00:54:55 UTC - RP14 - Deckard's System Scanner Restore Point
13: 2008-05-16 03:21:28 UTC - RP13 - Last known good configuration
12: 2008-05-16 03:21:23 UTC - RP12 - Software Distribution Service 3.0
11: 2008-05-16 03:21:23 UTC - RP11 - Removed WinZip 11.1
10: 2008-05-16 03:21:22 UTC - RP10 - System Checkpoint

-- First Restore Point --
1: 2008-05-16 03:21:19 UTC - RP1 - System Checkpoint

Performed disk cleanup.

-- HijackThis (run as Pat.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:31 PM, on 16/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Pat\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Pat.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mdg.ca/
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {844D7E65-E5EE-4D2D-BD40-53984C045782} - C:\WINDOWS\system32\rqRKDvsS.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} - http://www.albatross18.com/season2/cabs/A18X.ocx
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 9134 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080513-192121-182 O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - http://www.worldwinner.com/games/v47/share...GamesLoader.cab
backup-20080513-192122-226 O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
backup-20080513-192122-230 O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
backup-20080513-192122-244 O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
backup-20080513-194250-106 O2 - BHO: (no name) - {6669BF07-492A-4C0A-9A5F-44914E6C3DEE} - C:\WINDOWS\system32\rqRKDvsS.dll
backup-20080513-194254-548 O20 - Winlogon Notify: iifGyWPJ - iifGyWPJ.dll (file missing)
backup-20080513-194422-186 O2 - BHO: (no name) - {6669BF07-492A-4C0A-9A5F-44914E6C3DEE} - C:\WINDOWS\system32\rqRKDvsS.dll
backup-20080513-194622-959 O2 - BHO: (no name) - {6669BF07-492A-4C0A-9A5F-44914E6C3DEE} - C:\WINDOWS\system32\rqRKDvsS.dll
backup-20080513-194857-678 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20080513-194857-874 O2 - BHO: (no name) - {6669BF07-492A-4C0A-9A5F-44914E6C3DEE} - C:\WINDOWS\system32\rqRKDvsS.dll
backup-20080513-194905-298 O2 - BHO: (no name) - {8691F860-96E4-4FB3-8D35-531C0D1B0AC1} - (no file)
backup-20080516-104614-174 O2 - BHO: (no name) - {E3CEEADA-2EA3-48DA-B3FE-E046CAA6F6DF} - C:\WINDOWS\system32\rqRKDvsS.dll
backup-20080516-104614-451 O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
backup-20080516-104614-465 O2 - BHO: {683c000b-3c78-a5eb-afd4-0430430552bf} - {fb255034-0340-4dfa-be5a-87c3b000c386} - C:\WINDOWS\system32\vdvmehpd.dll
backup-20080516-104614-553 O4 - HKLM\..\Run: [BM833ddd63] Rundll32.exe "C:\WINDOWS\system32\gbrblwbh.dll",s
backup-20080516-104614-948 O4 - HKLM\..\Run: [800eeeff] rundll32.exe "C:\WINDOWS\system32\chlytdum.dll",b
backup-20080516-105301-589 O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
backup-20080516-105301-951 O2 - BHO: (no name) - {3282B91F-376B-4602-9F16-A8119ECEEBAE} - C:\WINDOWS\system32\rqRKDvsS.dll
backup-20080516-105547-294 O2 - BHO: (no name) - {3282B91F-376B-4602-9F16-A8119ECEEBAE} - C:\WINDOWS\system32\rqRKDvsS.dll
backup-20080516-105547-589 O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
backup-20080516-110828-924 O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regedit - DefaultIcon - unable to read value
.reg - regedit - shell\open\command - regedit.exe %1
.reg - regedit - shell\edit\command - unable to read value
.scr - scrfile - shell\open\command - NOTEPAD.EXE %1
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Ventrilo - c:\program files\ventsrv\ventrilo_svc.exe

S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Process Modules -------------------------------------------------------------

C:\WINDOWS\explorer.exe (pid 1868)
2008-05-13 20:17:58 373760 --a------ C:\WINDOWS\system32\rqRKDvsS.dll

-- Scheduled Tasks -------------------------------------------------------------

2008-05-14 07:10:30 572 --a------ C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Pat.job

-- Files created between 2008-04-16 and 2008-05-16 -----------------------------

2008-05-16 20:50:53 829637 --ahs---- C:\WINDOWS\system32\SsvDKRqr.ini2
2008-05-16 20:03:57 76892498 --a------ C:\registrybackup.reg
2008-05-15 16:27:26 0 dr-h----- C:\Documents and Settings\Pat\Recent
2008-05-13 23:10:05 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-05-13 22:08:24 0 d-------- C:\Documents and Settings\Pat\Application Data\Yahoo!
2008-05-13 21:52:41 86016 --a------ C:\WINDOWS\system32\YPcservice.exe <Not Verified; Yahoo! Inc.; YPCService Module>
2008-05-13 21:52:41 131072 --a------ C:\WINDOWS\system32\ypclsp.dll <Not Verified; Yahoo! Inc.; Yahoo! YPCLSP>
2008-05-13 21:25:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-05-13 19:07:58 0 d-------- C:\Program Files\Trend Micro
2008-05-13 16:50:59 68096 --a------ C:\WINDOWS\zip.exe
2008-05-13 16:50:59 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-13 16:50:59 80412 --a------ C:\WINDOWS\grep.exe
2008-05-13 16:50:59 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-13 16:50:58 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-13 16:50:57 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-13 16:50:57 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-13 11:43:46 0 d-------- C:\VundoFix Backups
2008-05-12 09:36:21 373760 --a------ C:\WINDOWS\system32\rqRKDvsS.dll
2008-05-07 13:13:09 0 d-------- C:\Program Files\Avanquest update
2008-05-07 13:12:55 0 d-------- C:\Program Files\AviSynth 2.5
2008-05-07 13:12:45 0 d-------- C:\Program Files\WinASPI
2008-05-07 13:12:10 11776 --a------ C:\WINDOWS\system32\LinkDLL.dll <Not Verified; Copyright DVDToMobile INC; LinkDll>
2008-05-07 13:12:10 32256 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-05-07 13:11:56 0 d-------- C:\Program Files\DVD2Pod
2008-05-07 13:11:55 0 d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-05-03 13:25:18 0 d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-05-03 13:25:10 22528 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-05-03 13:25:10 34304 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-05-03 13:25:05 0 d-------- C:\Program Files\iolo
2008-05-03 13:24:04 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-05-03 13:23:11 0 d-------- C:\Documents and Settings\Pat\Application Data\iolo
2008-05-03 13:23:11 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-04-21 16:22:35 0 d-------- C:\Program Files\Lavasoft
2008-04-21 16:22:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-20 00:14:20 0 d-------- C:\Program Files\iPod

-- Find3M Report ---------------------------------------------------------------

2008-05-16 20:33:40 0 d-------- C:\Documents and Settings\Pat\Application Data\LimeWire
2008-05-16 16:25:57 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-15 16:54:42 0 d-------- C:\Program Files\Symantec
2008-05-14 21:48:37 0 d-------- C:\Program Files\World of Warcraft
2008-05-13 22:08:50 0 d-------- C:\Program Files\Common Files
2008-05-13 21:52:41 0 d-------- C:\Program Files\Yahoo!
2008-05-13 19:18:58 0 d-------- C:\Program Files\Google
2008-05-08 15:46:18 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-07 13:13:09 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-04 16:59:03 0 d-------- C:\Documents and Settings\Pat\Application Data\OpenOffice.org2
2008-05-04 10:31:30 0 d-------- C:\Program Files\Microsoft Works
2008-04-21 16:22:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-20 00:27:27 0 d-------- C:\Program Files\Apple Software Update
2008-04-20 00:14:41 0 d-------- C:\Program Files\iTunes
2008-04-20 00:12:35 0 d-------- C:\Program Files\QuickTime
2008-04-20 00:06:11 0 d-------- C:\Program Files\Safari
2008-04-17 14:41:13 0 d-------- C:\Documents and Settings\Pat\Application Data\Adobe
2008-04-05 13:05:50 0 d-------- C:\Documents and Settings\Pat\Application Data\Apple Computer
2008-03-30 11:20:41 0 d-------- C:\Program Files\QuickTax 2007
2008-03-26 22:44:55 0 d-------- C:\Documents and Settings\Pat\Application Data\FreeStone Group
2008-03-26 22:44:22 0 d-------- C:\Program Files\Video Card Stability Test
2008-03-24 23:27:26 0 d-------- C:\Program Files\Java
2008-03-20 03:00:45 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-18 21:44:06 0 d-------- C:\Program Files\Windows Live
2008-03-18 21:42:39 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{844D7E65-E5EE-4D2D-BD40-53984C045782}]
13/05/2008 08:17 PM 373760 --a------ C:\WINDOWS\system32\rqRKDvsS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [20/03/2003 03:05 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [12/01/2006 04:40 PM]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [26/10/2007 03:42 PM]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [27/08/2003 02:20 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [16/07/2002 09:21 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36 AM]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" [06/05/2008 04:36 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/01/2007 01:59 AM]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [14/01/2007 03:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:00 AM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34 AM]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\nbj.exe" [15/09/2006 02:27 PM]
"WeatherEye"="C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [26/09/2007 03:14 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\rqRKDvsS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

*Newly Created Service* - COMHOST

-- End of Deckard's System Scanner: finished at 2008-05-16 20:57:36 ------------

extra.txt file
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.60GHz
CPU 1: Intel® Pentium® 4 CPU 2.60GHz
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 1022.73 MiB / 598.54 MiB
Pagefile Memory (total/avail): 2464.21 MiB / 2068.98 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1904.54 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 149.05 GiB total, 63.8 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3160812A - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.05 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
UpdatesDisableNotify is set.

FW: Norton Security Online v2007 (Symantec Corporation)
AV: Norton Security Online v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Pat\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OWNER-E60F1FD86
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Pat
LOGONSERVER=\\OWNER-E60F1FD86
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Pat\LOCALS~1\Temp
TMP=C:\DOCUME~1\Pat\LOCALS~1\Temp
USERDOMAIN=OWNER-E60F1FD86
USERNAME=Pat
USERPROFILE=C:\Documents and Settings\Pat
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Pat (admin)

-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Age of Empires III -->
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Age of Empires III - The WarChiefs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
Any Video Converter 1.0 --> "C:\Program Files\Any Video Converter\unins000.exe"
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Avanquest update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe" -l0x9 -removeonly
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Compel Adaptec WinASPI --> "C:\Program Files\WinASPI\unins000.exe"
Cypress USB Mass Storage Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
DVD2Pod --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A72D1D05-1145-4BDB-AC26-DA88AB4B7B65}\Setup.exe" -l0x9 -removeonly
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HomeWorks --> MsiExec.exe /X{C698CB91-D535-46D0-851F-E6B6A9B6AE97}
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
InterVideo WinDVD 4 --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iolo technologies' System Mechanic 7 --> "C:\Program Files\iolo\System Mechanic 7\unins000.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LightScribe 1.4.44.1 -->
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft Age of Empires II --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Age of Empires II: The Conquerors Expansion --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Encyclopedia Standard 2003 --> MsiExec.exe /I{0