My brower is redirected when a search result link is selected from Yahoo or Google.

I've tried to work through the fix process listed in many similiar links ComboFix etc. without success. At one point I thought I had the problem fixed and was attempting to download Microsoft Update, but it terminated with Error number: 0x800706D3, and the browser redirection problem reoccured.

It's time to work with an expert to get the virus removed permemently! Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:40 AM, on 10/5/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\HEWLET~2\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ocs.orst.edu/pub/weather/data/g...ont/current.gif
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {232A2A9E-83B8-1C85-5F13-041A474CFA51} - C:\Program Files\aprmcoc\UiDb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [BillMinder] C:\QUICKENW\BILLMIND.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MI1933~1\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for àÞÆ
6™`c: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1223084137060
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1223084523386
O17 - HKLM\System\CCS\Services\Tcpip\..\{659DCE3E-FEBB-4F38-8F77-A92486109834}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F66438EC-2A21-46B0-A445-8084B38AD4F4}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{659DCE3E-FEBB-4F38-8F77-A92486109834}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{659DCE3E-FEBB-4F38-8F77-A92486109834}: NameServer = 192.168.0.1
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe

--
End of file - 6290 bytes

Hello bob_led,

Welcome to Geekstogo.



Not sure whether that means you have run ComboFix. In any event lets make that our start position.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix.

Included in the tutorial are instructions for the installation of a recovery program if you don't already have it - Windows XP Recovery Console.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

When you reboot your computer after installation, you will see the additional option for the Recovery Console present. Don't select Recovery Console as we don't need it. It is only there for emergency recovery use. By default, your main OS is selected here. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Once you have completed installation of the the Recovery Console.

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

It looks like I've got some type of OS corruption, when I attempt to download ComboFix I get - Error-Win32only "Incompatible OS. Combofix only works for windows 2000 and XP"

I have run ComboFix in the past successfully and uninstalled it from the system.

My systems properties is showing: Microsoft Windows 2000
5.00.2195
Service Pack 4

Hello again bob_led,

Well there are more ways than one to skin a cat...hmm I hope that statement is not too politically incorrect

Okay lets take another aproach.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {232A2A9E-83B8-1C85-5F13-041A474CFA51} - C:\Program Files\aprmcoc\UiDb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Next

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  :processes
  explorer.exe
  :files
  C:\Program Files\aprmcoc
  :commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]
  
  
• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

-----Step 3-----

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Lastly in this post

• Download random's system information tool (RSIT) by random/random from here.
• It is important that is saved to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

So when you return please post

• OTMoveIt3 report
• MBAM log
• RSIT logs - log.txt and info.txt

Note: It is likely the reports will not fit on one post. Just use as many posts as you need, that's fine.

OTMoveIT3 Log:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Program Files\aprmcoc moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.4.2 log created on 10092008_173645


Mbam Log:

Malwarebytes' Anti-Malware 1.28
Database version: 1248
Windows 5.0.2195 Service Pack 4

10/9/2008 5:57:12 PM
mbam-log-2008-10-09 (17-57-12).txt

Scan type: Quick Scan
Objects scanned: 45377
Time elapsed: 5 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




RSIT info.txt -

info.txt logfile of random's system information tool 1.04 2008-10-09 18:05:20

======Uninstall list======

-->MsiExec.exe /X{48FCCE4F-9D37-41BA-92C1-17BF5CFAA347}
ACDSee-->C:\PROGRA~1\HEWLET~2\PHOTOS~1\ACDSYS\ACD\ACDSEE\UNWISE.EXE C:\PROGRA~1\HEWLET~2\PHOTOS~1\ACDSYS\ACD\ACDSEE\INSTALL.LOG
Actiontec Gateway-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9692FD03-6662-4E62-B08C-30DFF51651E1}\setup.exe" -l0x9
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat Reader 3.0-->C:\WINDOWS\uninst.exe -fC:\Acrobat3\Reader\DeIsL1.isu
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
AFPL Ghostscript 8.11-->C:\gs\uninstgs.exe "C:\gs\gs8.11\uninstal.txt"
AFPL Ghostscript Fonts-->C:\gs\uninstgs.exe "C:\gs\fonts\uninstal.txt"
AT&T WorldNet Setup 2.0-->C:\PROGRA~1\WORLDNET\wnun20.exe C:\PROGRA~1\WORLDNET
BroadJump Client Foundation-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll"
Citrix ICA Web Client (Minimal Installation)-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficac.inf,DefaultUninstall
Citrix ICA Web Client-->C:\WINDOWS\System32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Daily Interest Calculator v3.1-->"C:\Program Files\Daily Interest Calculator v3.1\unins000.exe"
Disney's Extremely Goofy Skateboarding-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD3F5BF0-ADC8-4143-9859-1062CEB04413}\setup.exe" -l0x9 Disney's Extremely Goofy Skateboarding
EA.COM -->C:\PROGRA~1\EACOM\UPDATE\UNWISE.EXE C:\PROGRA~1\EACOM\UPDATE\INSTALL.LOG
Easy Internet Access-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Encompass\UNINST.ISU" -c"C:\Program Files\Encompass\ENCUINST.DLL"
EnterNet 300-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Efficient Networks\EnterNet 300\Uninst.isu" -c"C:\Program Files\Efficient Networks\EnterNet 300\NTSUninstall.dll"
Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
GSview 4.4-->C:\Program Files\Ghostgum\gsview\uninstgs.exe "C:\Program Files\Ghostgum\gsview\uninstal.txt"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP DeskJet 895C Series (Remove only)-->C:\Program Files\HP DeskJet 895C Series\hpfiui.exe -c -vdivid=HPF -vpnum=15 -vproduct=895C -huninstall
hp officejet v series-->C:\WINDOWS\System32\hpocon09.exe /u 1050051077 /d "hp officejet v series"
HP Photo Imaging Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\hpiunCX.dll
HP Photo Printing Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\hpiunPC.dll
HP Printer Scanner Copier Enhancer-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard Company\Pavilion\Enhancers\HP Printer Scanner Copier\Uninst.isu"
HP Share-to-Web-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\Setup.exe" --MAIN -l9
Iomega HotBurn Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CCB1507A-AAEA-4778-AC4B-DD5EAB1A961E}\Setup.exe" -l0x9 UNINSTALL
iTunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3CB41017-F5CA-4C56-934C-ED02156251E6}
Java 2 Runtime Environment, SE v1.4.1_02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext
Java Web Start-->"C:\Program Files\Java Web Start\uninst-javaws.exe"
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Jungle Games-->C:\Disney\Jungle\uninstal.exe
KODAK Picture CD Volume 4 Issue 3 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C23837C-993E-11D4-9DE0-0060085C158A}\SETUP.EXE"
LogViewer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5090856-6E87-4AE1-B6FE-DD4149CB097A}\Setup.exe" -l0x9
Macromedia Shockwave Player-->C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~2\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MathPlayer-->C:\Program Files\Design Science\MathPlayer\Setup.exe -u
Message Creator-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Message Creator\Uninst.isu"
Microsoft Creative Writer 2-->C:\Program Files\Microsoft Kids\Common Files\Setup\setup.exe /L MsCrWrU.lst /W MsCrWrU.stf
Microsoft Encarta 98 Encyclopedia-->RunDll32 C:\PROGRA~1\MICROS~2\ENCART~1\UNENC98.DLL,Uninstall C:\PROGRA~1\MICROS~2\ENCART~1\SETUP98\INST98.LOG
Microsoft Money 98-->C:\Program Files\Microsoft Money\setup\setup.exe
Microsoft Office 2000 SR-1 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 SR-1 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Converter Pack-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\convpack.isu
Microsoft PhotoDraw 2000 V2-->MsiExec.exe /I{3C5EA394-1033-11D2-A2CB-00C04F72F31D}
Microsoft Picture It! 2.0-->C:\Program Files\Microsoft Picture It!\Setup\setup.exe
Microsoft Picture It! Express 9-->C:\WINDOWS\system32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0900}
Microsoft Picture It! Library 9-->C:\WINDOWS\system32\msiexec.exe /i {9F7FC79B-3059-4264-9450-39EB368E3220}
Microsoft Project 2000-->MsiExec.exe /I{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}
Microsoft Visio 2000-->MSIExec.exe /I {DBFA7530-0CBF-11D3-8CC0-00C04F72C04D}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MSN Encarta Plus Support Files-->MsiExec.exe /I{00000000-785F-478A-BAA2-87F1A136068C}
MSN Messenger 7.0-->MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600816}
MSN-->C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
One-touch Multimedia Keyboard-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Mediascape\One-touch Multimedia Keyboard\Uninst.isu"
OTOY-->RunDll32 C:\WINDOWS\DOWNLO~1\OTOYAX.dll,_RemoveGroove@16
Outlook Express Q837009-->C:\WINDOWS\oeuninst.exe C:\WINDOWS\INF\Q837009.inf
Quicken Basic 98-->C:\WINDOWS\uninst.exe -fC:\QUICKENW\DeIsL2.isu
RealPlayer 4.0-->c:\windows\rauninst.exe Software\Progressive Networks\RealAudio Player\4.0
Rescue Heroes™ Lava Landslide-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\RHLavaUn.exe
Shockwave-->C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\INSTALL.LOG
UDA BuildingBasics-->C:\PROGRA~1\UDABAS~1\UNWISE.EXE C:\PROGRA~1\UDABAS~1\INSTALL.LOG
Uninstall TONKA Monster Trucks-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Infogrames Interactive\TONKA Monster Trucks\Uninst.isu"
USBControl-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96CA8A04-8BF2-11D5-959B-0060083C5CB8}\Setup.exe"
Video Phone with Intel ProShare® Technology-->C:\PROGRA~1\INTEL\VIDEOP~1\SETUP.EXE -fC:\PROGRA~1\INTEL\VIDEOP~1\UNINST.INS
WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows 2000 Hotfix - KB819696-->C:\WINDOWS\$NtUninstallKB819696$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB823182-->C:\WINDOWS\$NtUninstallKB823182$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB823559-->C:\WINDOWS\$NtUninstallKB823559$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB823980-->C:\WINDOWS\$NtUninstallKB823980$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB824105-->C:\WINDOWS\$NtUninstallKB824105$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB824141-->C:\WINDOWS\$NtUninstallKB824141$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB824146-->C:\WINDOWS\$NtUninstallKB824146$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB825119-->C:\WINDOWS\$NtUninstallKB825119$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB826232-->C:\WINDOWS\$NtUninstallKB826232$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB828028-->C:\WINDOWS\$NtUninstallKB828028$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB828035-->C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB828741-->C:\WINDOWS\$NtUninstallKB828741$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB828749-->C:\WINDOWS\$NtUninstallKB828749$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB835732-->C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB837001-->C:\WINDOWS\$NtUninstallKB837001$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB839643-->C:\WINDOWS\$NtUninstallKB839643$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB899588-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB952954-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Windows 2000 Service Pack 4-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
Windows Blaster Worm Removal Tool (KB833330)-->C:\WINDOWS\$NtUninstallKB833330$\spuninst\spuninst.exe
Windows Media Player Hotfix [See Q828026 for more information]-->C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe
Windows Media Player system update (9 Series)-->C:\PROGRA~1\WINDOW~3\setup_wm.exe /Uninstall
Yahoo! Toolbar-->rundll32.exe C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YCOMP5~1.DLL,DllCommand ui

=====HijackThis Backups=====

O2 - BHO: (no name) - {232A2A9E-83B8-1C85-5F13-041A474CFA51} - C:\Program Files\aprmcoc\UiDb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll (file missing)

======Environment variables======

"BLASTER"=A220 I7 D1 T2
"ComSpec"=%SystemRoot%\system32\cmd.exe
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Os2LibPath"=%SystemRoot%\system32\os2\dll;
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;%SYSTEMROOT%\COMMAND
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 5 Stepping 1, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0501
"PROMPT"=$p$g
"SNDSCAPE"=C:\WINDOWS
"TEMP"=C:\windows\TEMP
"TMP"=c:\windows\TEMP
"winbootdir"=C:\WINDOWS
"windir"=C:\WINDOWS

-----------------EOF-----------------

RSIT log.txt -

Logfile of random's system information tool 1.04 (written by random/random)
Run by Robert Ledendecker at 2008-10-09 18:05:10
Microsoft Windows 2000 Professional Service Pack 4
System drive C: has 796 MB (10%) free of 8 GB
Total RAM: 192 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:13 PM, on 10/9/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\HEWLET~2\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Robert Ledendecker\Desktop\RSIT.exe
C:\Program Files\trend micro\HijackThis\Robert Ledendecker.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ocs.orst.edu/pub/weather/data/g...ont/current.gif
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [BillMinder] C:\QUICKENW\BILLMIND.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MI1933~1\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for àÞÆ
6™`c: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1223084137060
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1223084523386
O17 - HKLM\System\CCS\Services\Tcpip\..\{659DCE3E-FEBB-4F38-8F77-A92486109834}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F66438EC-2A21-46B0-A445-8084B38AD4F4}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{659DCE3E-FEBB-4F38-8F77-A92486109834}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{659DCE3E-FEBB-4F38-8F77-A92486109834}: NameServer = 192.168.0.1
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe

--
End of file - 6147 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Tune-up Application Start.job
C:\WINDOWS\tasks\RegFixPro Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [2004-09-29 292947]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2003-09-17 844048]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [2004-09-29 292947]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BillMinder"=C:\QUICKENW\BILLMIND.EXE [1997-09-30 25600]
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe [2001-12-17 483394]
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe [2001-07-03 57344]
"Drag'n'Drop_Autolaunch"=C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe [2002-10-15 86016]
"CXMon"=C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe [2002-03-05 45056]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2004-12-18 278528]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2005-06-14 6856704]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-01-07 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
HPAiODevice(hp officejet v series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe

C:\Documents and Settings\Robert Ledendecker\Start Menu\Programs\Startup
PowerReg Scheduler.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-10-09 17:38:26 ----A---- C:\moveit.txt
2008-10-09 17:36:45 ----D---- C:\_OTMoveIt
2008-10-09 08:28:15 ----A---- C:\Bug.txt
2008-10-09 08:28:13 ----A---- C:\WINDOWS\system32\cmd.execf
2008-10-09 08:27:56 ----D---- C:\32788R22FWJFW
2008-10-06 13:20:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-06 13:18:50 ----D---- C:\Program Files\Common Files\Download Manager
2008-10-04 11:02:58 ----D---- C:\WINDOWS\temp
2008-10-04 11:02:55 ----A---- C:\ComboFix.txt
2008-10-04 11:00:26 ----A---- C:\WINDOWS\PSEXESVC.EXE
2008-10-04 10:04:39 ----A---- C:\Combo-Fix.exe
2008-10-04 09:42:03 ----A---- C:\ATF-Cleaner.exe
2008-10-04 09:09:44 ----A---- C:\redirect.txt
2008-10-03 19:28:11 ----A---- C:\WINDOWS\system32\vbajet32.dll
2008-10-03 19:28:10 ----A---- C:\WINDOWS\system32\mswstr10.dll
2008-10-03 19:28:09 ----A---- C:\WINDOWS\system32\mswdat10.dll
2008-10-03 19:28:09 ----A---- C:\WINDOWS\system32\msrd3x40.dll
2008-10-03 19:28:09 ----A---- C:\WINDOWS\system32\msrd2x40.dll
2008-10-03 19:28:08 ----A---- C:\WINDOWS\system32\msltus40.dll
2008-10-03 19:28:08 ----A---- C:\WINDOWS\system32\msjter40.dll
2008-10-03 19:28:08 ----A---- C:\WINDOWS\system32\msjint40.dll
2008-10-03 19:28:08 ----A---- C:\WINDOWS\system32\msexch40.dll
2008-10-03 19:28:07 ----A---- C:\WINDOWS\system32\expsrv.dll
2008-10-03 19:28:07 ----A---- C:\WINDOWS\system32\CRYPTDLG.DLL
2008-10-03 18:32:56 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-03 18:32:56 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-03 18:32:55 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-03 18:32:55 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-03 18:32:55 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-03 18:32:54 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-03 18:32:54 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-03 18:32:12 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-03 17:28:22 ----A---- C:\SDFix.exe
2008-10-03 16:11:47 ----D---- C:\WINDOWS\erdnt
2008-10-03 16:11:26 ----D---- C:\QooBox
2008-10-03 16:11:17 ----A---- C:\WINDOWS\zip.exe
2008-10-03 16:11:17 ----A---- C:\WINDOWS\VFind.exe
2008-10-03 16:11:17 ----A---- C:\WINDOWS\swxcacls.exe
2008-10-03 16:11:17 ----A---- C:\WINDOWS\SWSC.exe
2008-10-03 16:11:17 ----A---- C:\WINDOWS\SWREG.exe
2008-10-03 16:11:17 ----A---- C:\WINDOWS\sed.exe
2008-10-03 16:11:17 ----A---- C:\WINDOWS\Nircmd.exe
2008-10-03 16:11:17 ----A---- C:\WINDOWS\grep.exe
2008-10-03 16:11:17 ----A---- C:\WINDOWS\fdsv.exe
2008-10-03 16:05:52 ----D---- C:\Program Files\trend micro
2008-10-03 16:05:49 ----D---- C:\rsit
2008-10-03 13:31:41 ----D---- C:\Documents and Settings\Robert Ledendecker\Application Data\RegFixPro
2008-10-03 09:51:40 ----A---- C:\WINDOWS\wininit.ini
2008-10-02 18:19:38 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-02 18:01:42 ----A---- C:\WINDOWS\ieuninst.exe
2008-10-02 17:51:11 ----D---- C:\392b5f122338dd36f484
2008-10-02 16:01:50 ----D---- C:\fixwareout
2008-09-29 15:05:06 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-27 15:58:12 ----D---- C:\Documents and Settings\All Users\Application Data\gfcdkpsh

======List of files/folders modified in the last 1 months======

2008-10-04 11:00:40 ----A---- C:\WINDOWS\system.ini
2008-10-03 16:17:20 ----A---- C:\WINDOWS\SCHEDLOG.TXT
2008-10-03 12:49:36 ----A---- C:\WINDOWS\Active Setup Log.txt
2008-10-03 10:22:22 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-03 07:58:10 ----A---- C:\WINDOWS\disney.ini
2008-10-02 19:05:16 ----A---- C:\WINDOWS\Active Setup Log.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_2K;Cdr4_2K; C:\WINDOWS\system32\drivers\Cdr4_2K.sys [2003-09-18 58000]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2003-09-18 23420]
R3 ADPTEHCD;Adaptec USB 2.0 Enhanced Host Controller Driver; C:\WINDOWS\System32\DRIVERS\aehcd.sys [2002-11-07 42512]
R3 atirage3;atirage3; C:\WINDOWS\System32\DRIVERS\atimpab.sys [1999-11-10 71632]
R3 AUSBD_FilterService;Adaptec USB 2.0 Port Enumeration Driver; C:\WINDOWS\System32\DRIVERS\ausbd.sys [2002-11-07 23056]
R3 Ausbflt;Ausbflt; C:\WINDOWS\System32\Drivers\Ausbflt.sys [2001-12-08 6353]
R3 DLKRTS;D-Link DFE-530TX+ PCI Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\DLKRTS.SYS [2000-07-17 29820]
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [1999-11-06 44528]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [1999-10-23 413712]
R3 openhci;Microsoft USB Open Host Controller Driver; C:\WINDOWS\System32\DRIVERS\openhci.sys [2003-06-19 24784]
R3 uhcd;Microsoft USB Universal Host Controller Driver; C:\WINDOWS\System32\DRIVERS\uhcd.sys [2003-06-19 32848]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2003-06-19 40176]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2001-10-08 15264]
S3 Dot4Print;Print Class Driver for IEEE-1284.4 hpoipr07; C:\WINDOWS\System32\DRIVERS\hpoipr07.sys [2002-04-25 16016]
S3 ENIMSR;ENIMSR; \??\C:\PROGRA~1\EFFICI~1\ENTERN~1\app\ENIMSR.SYS []
S3 hpoid407;IEEE-1284.4 Driver hpoid407; C:\WINDOWS\System32\DRIVERS\hpoid407.sys [2002-04-25 50480]
S3 hpoius07;USB to IEEE-1284.4 Translation Driver hpoius07; C:\WINDOWS\System32\DRIVERS\hpoius07.sys [2002-04-25 18960]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2001-10-16 13952]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-05-01 4896]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2001-10-08 86016]
S3 NtApm;NT Apm/Legacy Interface Driver; C:\WINDOWS\System32\DRIVERS\NtApm.sys [1999-09-25 9104]
S3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver; C:\WINDOWS\System32\DRIVERS\ntspppoe.sys [2001-08-03 159552]
S3 NTSTAP1;NTSTAP1; \??\C:\PROGRA~1\EFFICI~1\ENTERN~1\app\NTSTAP1.SYS []
S3 RAWESR;RAWESR; \??\C:\PROGRA~1\EFFICI~1\ENTERN~1\app\RAWESR.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2001-10-16 10368]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2001-10-16 14400]
S3 TAPBIND;TAPBIND; \??\C:\PROGRA~1\EFFICI~1\ENTERN~1\app\TAPBIND1.SYS []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2003-06-19 21872]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2003-06-19 12592]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2001-10-08 18208]
S4 ACPI;ACPI; C:\WINDOWS\system32\drivers\ACPI.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 IISADMIN;IIS Admin Service; C:\WINDOWS\System32\inetsrv\inetinfo.exe [2003-06-19 14608]
R2 Iomega App Services;Iomega App Services; C:\PROGRA~1\Iomega\System32\AppServices.exe [2002-09-04 73728]
R2 PPPoEService;PPPoE Service; C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe [2000-07-11 49152]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\System32\tcpsvcs.exe [1999-12-07 25360]
R2 StiSvc;Still Image Service; C:\WINDOWS\system32\stisvc.exe [2003-06-19 61712]
R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-12-18 327680]
S2 MSFTPSVC;FTP Publishing Service; C:\WINDOWS\System32\inetsrv\inetinfo.exe [2003-06-19 14608]
S2 SMTPSVC;Simple Mail Transport Protocol (SMTP); C:\WINDOWS\System32\inetsrv\inetinfo.exe [2003-06-19 14608]
S2 W3SVC;World Wide Web Publishing Service; C:\WINDOWS\System32\inetsrv\inetinfo.exe [2003-06-19 14608]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-19 138168]
S3 WmdmPmSN;Portable Media Serial Number Service; C:\WINDOWS\System32\svchost.exe [1999-12-07 7952]
S4 Iomega Activity Disk2;Iomega Activity Disk2; []

-----------------EOF-----------------

Well that RSIT log tells me that ComboFix downloaded and got on your computer alright but got interrupted by something. Just as the error message said.

I wonder...it might be an infection that is doing this and you do still have infection there.

Lets try another approach with ComboFix.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3




--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Ok, I downloaded ComboFix.exe from link 3 and saved it to Combo-Fix.exe on the desktop. Click on the desktop icon and it appears to be installing, but no combo-fix window appears; the process appears to terminate. I also tried to have my task manger window up, but it also is terminated when Combo-Fix.exe is run. I've never seen this before

Hmm... Lets see it you can do an on line scan with Kaspersky.

Kaspersky only works if you are using Internet Explorer.

Please do an online scan with Kaspersky WebScanner.

Click on the Kaspersky Online Scanner button. A box will come up, click Accept, this will allow it to install an ActiveX component and download its latest anti-virus database. (Note: It may take a couple of minutes)

• Once the files have been downloaded click on NEXT
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  * Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  * Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:
  Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  * Now click on the Save as Text button:
• Save the file to your desktop.

Copy and paste that information in your next post.