Hi, I my computer was running really slow so i ran spybot and it came back saying im infected with virtumonde trojan. i clicked remove but they wont remove. I have used vundofix and fixed anything it found but the trojan was still not gone. I have ran virtumundobegone and still nothing. I dont know whats left to do. im running malwarebytes right now. Please help and thank you so much. i will post my hijackthislog. If you need any other logs please let me know. Here is the hijackthis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:15 PM, on 8/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\8205df9ffac774969e61b38f516f1b94\update\update.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 69.57.152.127 auto.search.msn.com
O1 - Hosts: 69.57.152.127 auto.search.msn.es
O1 - Hosts: 69.57.152.127 pagead2.googlesyndication.com
O2 - BHO: (no name) - {0CCAA298-71AA-41A0-890E-B77781B246A0} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {2F27219F-DF4C-481A-BF54-69A8737A6C51} - C:\WINDOWS\system32\efcDSMCu.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {FD94C043-22AA-4B30-9FFF-C5B772A8BD79} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BMeb14a097] Rundll32.exe "C:\WINDOWS\system32\yfelrqsx.dll",s
O4 - HKLM\..\Run: [e827930b] rundll32.exe "C:\WINDOWS\system32\wjwpojfe.dll",b
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mystery%20Solitaire/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mystery%20Solitaire/Images/armhelper.ocx
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...OCX/flashax.cab
O20 - AppInit_DLLs: qsimll.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8404 bytes

Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following...


Please uninstall Viewpoint from your computer...


Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.

i will post the combofix log and the hijackthislog!!

Here is the combofix log:

ComboFix 08-08-29.02 - Stu 2008-08-30 5:50:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.591 [GMT -7:00]
Running from: C:\Documents and Settings\Stu\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Stu\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\efjopwjw.ini
C:\WINDOWS\system32\MpXadcfe.ini2

.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-30 )))))))))))))))))))))))))))))))
.

2008-08-29 19:24 . 2008-08-29 19:24 <DIR> d-------- C:\Program Files\CCleaner
2008-08-29 19:17 . 2008-08-29 19:17 <DIR> d-------- C:\Program Files\ERUNT
2008-08-29 10:38 . 2008-08-29 10:38 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-29 10:38 . 2008-08-29 10:38 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-29 10:38 . 2008-08-29 10:38 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-29 10:38 . 2008-08-29 10:38 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-29 10:35 . 2008-08-29 10:39 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-29 09:32 . 2004-08-03 22:41 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2008-08-29 09:31 . 2008-04-13 17:12 412,160 --------- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-29 09:30 . 2008-04-13 17:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-08-29 09:29 . 2008-04-13 17:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-08-29 09:29 . 2008-04-13 17:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-29 09:29 . 2008-04-13 17:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-29 09:29 . 2008-04-13 17:11 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2008-08-29 09:29 . 2008-04-13 17:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-08-29 09:29 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-08-29 09:28 . 2008-04-13 17:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-08-29 09:28 . 2008-04-13 17:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-08-29 09:28 . 2008-04-13 17:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-08-29 09:28 . 2008-04-13 17:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-08-29 09:28 . 2008-04-13 17:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-08-29 09:28 . 2008-04-13 17:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-08-29 09:26 . 2008-04-13 17:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-08-29 08:18 . 2008-08-29 08:18 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\Malwarebytes
2008-08-29 08:18 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-29 08:18 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-29 08:17 . 2008-08-29 08:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-29 08:17 . 2008-08-29 08:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-24 21:39 . 2008-08-24 21:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-22 21:13 . 2008-02-18 17:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-08-22 21:13 . 2008-08-22 21:13 <DIR> d---s---- C:\Documents and Settings\Administrator
2008-08-22 20:22 . 2008-08-29 10:18 <DIR> d-------- C:\VundoFix Backups
2008-08-15 06:19 . 2008-08-23 22:17 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-15 06:19 . 2008-08-29 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-14 11:55 . 2008-04-11 12:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-12 15:12 . 2008-08-12 15:12 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\Media Player Classic
2008-08-11 19:01 . 2008-08-11 19:01 32,768 --a------ C:\WINDOWS\system32\geBqRhgH.dll.vir
2008-08-11 18:58 . 2008-08-14 00:59 <DIR> d-------- C:\Program Files\CalculatemPro
2008-08-10 07:12 . 2008-08-10 07:12 <DIR> d-------- C:\WINDOWS\system32\FlashAX
2008-08-10 07:11 . 2008-08-10 07:11 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\Microgaming
2008-08-09 18:29 . 2008-08-09 19:53 <DIR> d-------- C:\Program Files\e-texaspoker client
2008-08-09 18:16 . 2008-08-09 18:21 <DIR> d-------- C:\Poker
2008-08-01 17:24 . 2008-08-11 23:49 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-08-01 17:17 . 2008-08-01 17:17 <DIR> d-------- C:\Program Files\MagicISO
2008-08-01 02:56 . 2008-08-01 02:56 <DIR> d-------- C:\Program Files\IrfanView
2008-08-01 01:37 . 2008-08-01 01:37 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys
2008-07-31 12:49 . 2008-08-23 22:09 <DIR> d-------- C:\Program Files\Full Tilt Poker
2008-07-29 00:19 . 2008-07-31 01:56 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\SolSuite
2008-07-28 23:37 . 2008-07-28 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-07-28 23:34 . 2008-07-28 23:34 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\SpinTop
2008-07-28 23:34 . 2008-07-29 00:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-28 21:21 . 2008-07-28 21:21 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-28 00:23 . 2008-08-14 00:42 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\OpenOffice.org2
2008-07-28 00:21 . 2008-07-28 00:21 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-07-11 14:46 . 2008-08-24 21:38 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\uTorrent
2008-07-09 14:18 . 2008-07-09 14:25 158 --a------ C:\WINDOWS\LEXSTAT.INI
2008-07-09 14:17 . 2008-07-09 14:17 <DIR> d-------- C:\Lxk510
2008-07-09 14:17 . 2008-07-09 14:17 <DIR> d-------- C:\Documents and Settings\Stu\WINDOWS
2008-07-09 14:17 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe
2008-07-07 17:40 . 2008-06-13 04:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-07 17:40 . 2008-06-13 04:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-07 17:40 . 2008-05-08 07:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-07 13:26 . 2008-07-07 13:26 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll
2008-07-07 13:13 . 2008-07-07 13:13 <DIR> d-------- C:\Program Files\Netflix
2008-07-07 12:55 . 2008-07-07 12:55 <DIR> d-------- C:\WINDOWS\nview
2008-07-07 12:55 . 2008-07-07 12:55 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-07-07 12:55 . 2008-04-30 17:27 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-07-07 12:55 . 2008-05-02 22:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-07-07 12:55 . 2008-08-30 05:57 182,038 --a------ C:\WINDOWS\system32\nvapps.xml
2008-07-07 12:55 . 2008-05-02 22:46 181,895 --a------ C:\WINDOWS\system32\nvdsp.chm
2008-07-07 12:55 . 2008-05-02 22:46 121,529 --a------ C:\WINDOWS\system32\nvcpl.chm
2008-07-07 12:55 . 2008-05-02 22:46 116,384 --a------ C:\WINDOWS\system32\nv3d.chm
2008-07-07 12:55 . 2008-05-02 22:46 54,988 --a------ C:\WINDOWS\system32\nvmob.chm
2008-07-07 12:55 . 2008-05-02 22:46 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-30 12:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-30 02:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-10 03:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-10 01:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-02 11:34 --------- d-----w C:\Program Files\Folder Lock
2008-07-31 00:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-31 00:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-31 00:28 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-07-28 07:21 --------- d-----w C:\Program Files\Java
2008-07-11 21:44 --------- d-----w C:\Program Files\Azureus
2008-07-09 18:53 --------- d-----w C:\Program Files\Steam
2008-07-07 20:01 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-07-07 20:01 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-07-07 20:01 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-07-07 20:01 --------- d-----w C:\Program Files\Symantec
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 09:15 50528]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56 64512]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 18:20 339968 C:\WINDOWS\stsystra.exe]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 19:55:40 18432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=qsimll.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Steam\\steamapps\\coxor\\counter-strike\\hl.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience

R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 19:55]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2008-04-13 17:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59014844-d9b0-11dc-9acd-806d6172696f}]
\Shell\AutoRun\command - 82r9.cmd
\Shell\explore\Command - 82r9.cmd
\Shell\open\Command - 82r9.cmd

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-08-30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0CCAA298-71AA-41A0-890E-B77781B246A0} - (no file)
BHO-{2F27219F-DF4C-481A-BF54-69A8737A6C51} - (no file)
BHO-{FD94C043-22AA-4B30-9FFF-C5B772A8BD79} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Stu\Application Data\Mozilla\Firefox\Profiles\05ii96jx.default\
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
.
------- File Associations (Beta) -------
.
scrfile="%1" %*
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 05:56:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\McrdSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-08-30 6:01:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-30 13:01:39

Pre-Run: 165,157,588,992 bytes free
Post-Run: 165,077,782,528 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

225 --- E O F --- 2008-08-29 17:45:19




And here is the hijackthis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:53 AM, on 8/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mystery%20Solitaire/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mystery%20Solitaire/Images/armhelper.ocx
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...OCX/flashax.cab
O20 - AppInit_DLLs: qsimll.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7022 bytes

Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O20 - AppInit_DLLs: qsimll.dll

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.



NEXT


Manually find and delete this file C:\WINDOWS\system32\geBqRhgH.dll.vir




NEXT


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the ActiveX control to install
4. Click Start
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
6. Click Scan
   Wait for the scan to finish
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
8. Copy and paste that log as a reply to this topic

NEXT


Please download RSIT by random/random and save it to your desktop.

• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.

Please post these logs in your next reply.. Post each log in separate post..

1. ESET Online Scanner
2. RSIT log.txt
3. RSIT info.txt
4. Tell me about your computer behaviour now..

Here is the ESET online scanner log:

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3401 (20080829)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=9c88e12244825449bee48338272d5ba1
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-08-31 02:50:24
# local_time=2008-08-31 07:50:24 (-0800, Pacific Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=445539
# found=1
# scan_time=4367
C:\Documents and Settings\Stu\My Documents\SetupCasino.exe a variant of Win32/PTCasino application (unable to clean - deleted) 00000000000000000000000000000000

Here is the RSIT log.txt:

Logfile of random's system information tool (written by random/random)
Run by Stu at 2008-08-31 07:51:56
Microsoft Windows XP Professional Service Pack 3
System drive C: has 158 GB (66%) free of 238 GB
Total RAM: 1022 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:52:03 AM, on 8/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Stu\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Stu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {0CCAA298-71AA-41A0-890E-B77781B246A0} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {2F27219F-DF4C-481A-BF54-69A8737A6C51} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {FD94C043-22AA-4B30-9FFF-C5B772A8BD79} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mystery%20Solitaire/Images/stg_drm.ocx
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mystery%20Solitaire/Images/armhelper.ocx
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...OCX/flashax.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7389 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CCAA298-71AA-41A0-890E-B77781B246A0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-02-18 97960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F27219F-DF4C-481A-BF54-69A8737A6C51}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD94C043-22AA-4B30-9FFF-C5B772A8BD79}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2007-02-18 609424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-04 267048]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-03-22 339968]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-09 115816]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"nwiz"=C:\WINDOWS\system32\nwiz.exe [2008-05-02 1630208]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-01-03 50528]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Warcraft III\Frozen Throne.exe"="C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Steam\steamapps\coxor\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\coxor\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\ehome\ehshell.exe"="C:\WINDOWS\ehome\ehshell.exe:LocalSubNet:Enabled:Media Center"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59014844-d9b0-11dc-9acd-806d6172696f}]
shell\AutoRun\command - 82r9.cmd
shell\explore\command - 82r9.cmd
shell\open\command - 82r9.cmd


File associations

.scr - open - "%1" %*

List of files/folders created in the last three months

2008-08-31 07:51:56 ----D---- C:\rsit
2008-08-31 06:36:13 ----D---- C:\Program Files\EsetOnlineScanner
2008-08-31 03:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-08-30 06:05:31 ----SHD---- C:\RECYCLER
2008-08-30 06:01:45 ----A---- C:\ComboFix.txt
2008-08-30 05:49:53 ----A---- C:\Boot.bak
2008-08-30 05:49:43 ----D---- C:\cmdcons
2008-08-30 05:47:53 ----D---- C:\QooBox
2008-08-30 05:47:51 ----A---- C:\WINDOWS\zip.exe
2008-08-30 05:47:51 ----A---- C:\WINDOWS\VFind.exe
2008-08-30 05:47:51 ----A---- C:\WINDOWS\swxcacls.exe
2008-08-30 05:47:51 ----A---- C:\WINDOWS\swsc.exe
2008-08-30 05:47:51 ----A---- C:\WINDOWS\swreg.exe
2008-08-30 05:47:51 ----A---- C:\WINDOWS\sed.exe
2008-08-30 05:47:51 ----A---- C:\WINDOWS\Nircmd.exe
2008-08-30 05:47:51 ----A---- C:\WINDOWS\grep.exe
2008-08-30 05:47:51 ----A---- C:\WINDOWS\fdsv.exe
2008-08-29 19:24:41 ----D---- C:\Program Files\CCleaner
2008-08-29 19:18:06 ----D---- C:\WINDOWS\ERDNT
2008-08-29 19:17:42 ----D---- C:\Program Files\ERUNT
2008-08-29 10:48:08 ----D---- C:\WINDOWS\Prefetch
2008-08-29 10:45:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-29 10:45:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-29 10:44:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-29 10:44:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-29 10:44:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-29 10:44:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-29 10:44:10 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-29 10:44:01 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-29 10:43:49 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-29 10:38:58 ----D---- C:\WINDOWS\system32\scripting
2008-08-29 10:38:57 ----D---- C:\WINDOWS\system32\en
2008-08-29 10:38:57 ----D---- C:\WINDOWS\l2schemas
2008-08-29 10:38:56 ----D---- C:\WINDOWS\system32\bits
2008-08-29 10:35:49 ----D---- C:\WINDOWS\ServicePackFiles
2008-08-29 10:32:27 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-08-29 10:30:09 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-08-29 09:33:39 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-29 09:33:31 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-29 09:33:25 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-29 09:33:24 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-29 09:32:54 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-29 09:32:54 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-29 09:32:26 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-08-29 09:32:22 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-08-29 09:32:16 ----N---- C:\WINDOWS\system32\slserv.exe
2008-08-29 09:32:16 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-08-29 09:32:16 ----N---- C:\WINDOWS\system32\slgen.dll
2008-08-29 09:32:16 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-08-29 09:32:16 ----N---- C:\WINDOWS\slrundll.exe
2008-08-29 09:32:15 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-08-29 09:32:04 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-29 09:31:56 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-08-29 09:31:51 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-29 09:31:47 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-29 09:31:45 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-29 09:31:41 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-29 09:31:41 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-29 09:31:40 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-29 09:31:30 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-29 09:31:21 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-29 09:30:41 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-29 09:30:40 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-29 09:30:40 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-29 09:30:38 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-08-29 09:30:36 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-08-29 09:30:35 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-08-29 09:30:26 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-29 09:30:26 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-29 09:29:30 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-29 09:29:28 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-29 09:29:28 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-29 09:29:27 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-29 09:29:19 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-08-29 09:28:37 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-29 09:28:36 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-29 09:28:33 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-29 09:28:33 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-29 09:28:32 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-29 09:28:32 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-29 09:27:59 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-08-29 09:27:58 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-08-29 09:27:45 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-08-29 09:27:29 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-08-29 09:27:12 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-08-29 09:27:12 ----A---- C:\WINDOWS\003157_.tmp
2008-08-29 09:27:06 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-29 09:27:06 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-29 09:27:06 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-29 09:27:06 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-29 09:27:06 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-29 09:27:06 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-29 09:27:06 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-29 09:27:06 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-29 09:26:55 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-29 09:26:55 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-29 09:26:55 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-29 09:26:55 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-29 09:26:55 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-29 09:26:55 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-29 09:26:55 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-29 09:26:50 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-29 09:26:50 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-29 09:26:49 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-29 09:26:42 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-29 09:26:27 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-29 09:26:25 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-29 09:26:24 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-08-29 09:26:23 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-08-29 09:26:21 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-08-29 09:26:19 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-08-29 09:26:17 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-08-29 09:26:17 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-08-29 09:26:16 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-08-29 09:26:00 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-29 08:18:12 ----D---- C:\Documents and Settings\Stu\Application Data\Malwarebytes
2008-08-29 08:17:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-29 08:17:58 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-24 21:52:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-24 21:52:47 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-24 21:52:38 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-24 21:52:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-24 21:50:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-24 21:49:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-24 21:39:53 ----D---- C:\Program Files\Trend Micro
2008-08-22 20:41:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-22 20:22:48 ----D---- C:\VundoFix Backups
2008-08-22 20:22:48 ----A---- C:\VundoFix.txt
2008-08-15 06:19:16 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-08-15 06:19:16 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-14 11:59:05 ----A---- C:\WINDOWS\system32\e3045775-.txt
2008-08-12 15:12:20 ----D---- C:\Documents and Settings\Stu\Application Data\Media Player Classic
2008-08-11 18:58:01 ----D---- C:\Program Files\CalculatemPro
2008-08-10 07:12:30 ----D---- C:\WINDOWS\system32\FlashAX
2008-08-10 07:11:35 ----D---- C:\Documents and Settings\Stu\Application Data\Microgaming
2008-08-09 18:29:47 ----D---- C:\Program Files\e-texaspoker client
2008-08-09 18:16:52 ----D---- C:\Poker
2008-08-01 17:24:48 ----D---- C:\Program Files\PeerGuardian2
2008-08-01 17:17:26 ----D---- C:\Program Files\MagicISO
2008-08-01 02:56:33 ----D---- C:\Program Files\IrfanView
2008-07-31 12:49:44 ----D---- C:\Program Files\Full Tilt Poker
2008-07-29 00:19:10 ----D---- C:\Documents and Settings\Stu\Application Data\SolSuite
2008-07-28 23:37:44 ----D---- C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-07-28 23:34:16 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-28 23:34:02 ----D---- C:\Documents and Settings\Stu\Application Data\SpinTop
2008-07-28 21:21:44 ----D---- C:\Program Files\Apple Software Update
2008-07-28 21:21:41 ----SHD---- C:\Config.Msi
2008-07-28 00:23:33 ----D---- C:\Documents and Settings\Stu\Application Data\OpenOffice.org2
2008-07-28 00:21:19 ----D---- C:\Program Files\OpenOffice.org 2.4
2008-07-28 00:21:06 ----A---- C:\WINDOWS\system32\javaws.exe
2008-07-28 00:21:06 ----A---- C:\WINDOWS\system32\javaw.exe
2008-07-28 00:21:06 ----A---- C:\WINDOWS\system32\java.exe
2008-07-26 21:56:38 ----A---- C:\WINDOWS\ModemLog_LGE CDMA USB Modem #2.txt
2008-07-11 14:46:33 ----D---- C:\Documents and Settings\Stu\Application Data\uTorrent
2008-07-09 14:18:07 ----A---- C:\WINDOWS\LEXSTAT.INI
2008-07-09 14:17:32 ----A---- C:\WINDOWS\uninst.exe
2008-07-09 14:17:24 ----D---- C:\Lxk510
2008-07-09 01:43:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-07-08 03:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-07-08 03:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-07-08 03:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-07-08 03:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-07-08 03:00:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-07-08 03:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-07-07 13:13:02 ----D---- C:\Program Files\Netflix
2008-07-07 12:55:51 ----D---- C:\WINDOWS\nvidia icons
2008-07-07 12:55:38 ----D---- C:\WINDOWS\nview
2008-07-07 12:55:38 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-07-07 12:55:22 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-07-07 12:50:18 ----A---- C:\WINDOWS\NetwkCfg.txt
2008-07-07 12:44:21 ----A---- C:\wizard.txt

List of drivers

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-13 46652]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\system32\System32\Drivers\SYMTDI.SYS []
R2 windrvNT;windrvNT; \??\C:\WINDOWS\system32\windrvNT.sys []
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-03-31 180736]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080829.005\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080829.005\NAVEX15.SYS []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 SYMDNS;SYMDNS; C:\WINDOWS\system32\System32\Drivers\SYMDNS.SYS []
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\system32\System32\Drivers\SYMFW.SYS []
R3 SYMIDS;SYMIDS; C:\WINDOWS\system32\System32\Drivers\SYMIDS.SYS []
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20080829.001\SymIDSCo.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\system32\System32\Drivers\SYMNDIS.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\system32\System32\Drivers\SYMREDRV.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 afpqien2;afpqien2; C:\WINDOWS\system32\drivers\afpqien2.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 QWAVEDRV;QWAVE driver; C:\WINDOWS\system32\DRIVERS\qwavedrv.sys [2005-10-20 14336]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-01-15 30464]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-04-09 12672]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-04-09 21248]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-04-09 22912]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

List of services

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-01-04 587096]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\McrdSvc.exe [2005-10-20 96256]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 RMSvc;Media Center Extender Resource Monitor; C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 28160]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-04 504104]
R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-04-27 1251720]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-01-12 49248]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-21 654848]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 QWAVE;QWAVE service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

Here is the RSIT info.txt:

info.txt logfile of random's system information tool 2008-08-31 07:52:06

Uninstall list

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3-->MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{D7A53E41-3F32-4A44-989C-53DDEBB2130C}
Adobe Fireworks CS3-->C:\Program Files\Common Files\Adobe\Installers\bbef028176efa5abf0233d3e1747be8\Setup.exe
Adobe Fireworks CS3-->MsiExec.exe /I{E16110F7-1C85-4675-99F4-7938F832C825}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin-->MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{15C768E2-AB61-4DE3-952F-6B237A834951}
Adobe Setup-->MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Setup-->MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Anapod CopyGear (remove only)-->"C:\Program Files\Red Chair Software\Shared\anagear_uninst.exe"
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
GearDrvs-->MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotwire Codec Bundle 1.0-->C:\Program Files\Hotwire Codec Bundle 1.0\uninstall.exe
Intel® PRO Network Connections Drivers-->Prounstl.exe
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}
Java™ 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Magic ISO Maker v5.4 (build 0239)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Center Extender-->c:\WINDOWS\eHome\DvcConn.exe /uninstall
Media Center Extender-->MsiExec.exe /I{23FE964A-853B-4176-86D7-9E18B5CA1FC0}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Norton 360 (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_0_0_184\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help-->MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton 360-->MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360-->MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360-->MsiExec.exe /I{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}
Norton 360-->MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton 360-->MsiExec.exe /I{F413B69D-4AD6-42ab-AEA5-0548989FAD50}
Norton Confidential Browser Component-->MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component-->MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component-->MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenOffice.org 2.4-->MsiExec.exe /I{2CD2C0DB-81C3-416B-9FA6-589B9235359B}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SuppSoft-->MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
Symantec Technical Support Controls-->MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
V CAST Music Manager -->C:\PROGRA~1\VERIZO~1\VCASTM~1\Setup.exe /remove /q0
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Media Center Edition 2005 KB905589-->"C:\WINDOWS\$NtUninstallKB905589$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

Security center information

AV: Norton 360
FW: Norton 360

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0604
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

The computer seems to be running great now. There isnt the 2 error messages about .dll anymore when i log on. Doesn't seem like its running as slow as it was. So it seems like we might have got it. so hopefully there isnt anymore left on here

Just a little bit more and then you should be good to go..


1. Please open Notepad

• Click Start, then Run
• Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

Here is the logs you wanted.

Here is the new hijackthislog:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:03:04 PM, on 8/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {0CCAA298-71AA-41A0-890E-B77781B246A0} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {2F27219F-DF4C-481A-BF54-69A8737A6C51} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {FD94C043-22AA-4B30-9FFF-C5B772A8BD79} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mystery%20Solitaire/Images/stg_drm.ocx
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mystery%20Solitaire/Images/armhelper.ocx
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...OCX/flashax.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7348 bytes



Here is the combofix log:

ComboFix 08-08-29.02 - Stu 2008-08-31 15:57:17.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.635 [GMT -7:00]
Running from: C:\Documents and Settings\Stu\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Stu\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-31 )))))))))))))))))))))))))))))))
.

2008-08-31 07:51 . 2008-08-31 07:52 <DIR> d-------- C:\rsit
2008-08-31 06:36 . 2008-08-31 07:50 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-08-29 19:24 . 2008-08-29 19:24 <DIR> d-------- C:\Program Files\CCleaner
2008-08-29 19:17 . 2008-08-29 19:17 <DIR> d-------- C:\Program Files\ERUNT
2008-08-29 10:38 . 2008-08-29 10:38 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-29 10:38 . 2008-08-29 10:38 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-29 10:38 . 2008-08-29 10:38 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-29 10:38 . 2008-08-29 10:38 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-29 10:35 . 2008-08-29 10:39 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-29 09:32 . 2004-08-03 22:41 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2008-08-29 09:31 . 2008-04-13 17:12 412,160 --------- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-29 09:30 . 2008-04-13 17:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-08-29 09:29 . 2008-04-13 17:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-08-29 09:29 . 2008-04-13 17:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-29 09:29 . 2008-04-13 17:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-29 09:29 . 2008-04-13 17:11 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2008-08-29 09:29 . 2008-04-13 17:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-08-29 09:29 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-08-29 09:28 . 2008-04-13 17:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-08-29 09:28 . 2008-04-13 17:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-08-29 09:28 . 2008-04-13 17:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-08-29 09:28 . 2008-04-13 17:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-08-29 09:28 . 2008-04-13 17:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-08-29 09:28 . 2008-04-13 17:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-08-29 09:26 . 2008-04-13 17:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-08-29 08:18 . 2008-08-29 08:18 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\Malwarebytes
2008-08-29 08:18 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-29 08:18 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-29 08:17 . 2008-08-29 08:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-29 08:17 . 2008-08-29 08:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-24 21:39 . 2008-08-24 21:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-22 21:13 . 2008-02-18 17:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-08-22 21:13 . 2008-08-22 21:13 <DIR> d---s---- C:\Documents and Settings\Administrator
2008-08-22 20:22 . 2008-08-29 10:18 <DIR> d-------- C:\VundoFix Backups
2008-08-15 06:19 . 2008-08-23 22:17 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-15 06:19 . 2008-08-29 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-14 11:55 . 2008-04-11 12:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-12 15:12 . 2008-08-12 15:12 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\Media Player Classic
2008-08-11 18:58 . 2008-08-14 00:59 <DIR> d-------- C:\Program Files\CalculatemPro
2008-08-10 07:12 . 2008-08-10 07:12 <DIR> d-------- C:\WINDOWS\system32\FlashAX
2008-08-10 07:11 . 2008-08-10 07:11 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\Microgaming
2008-08-09 18:29 . 2008-08-09 19:53 <DIR> d-------- C:\Program Files\e-texaspoker client
2008-08-09 18:16 . 2008-08-09 18:21 <DIR> d-------- C:\Poker
2008-08-01 17:24 . 2008-08-11 23:49 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-08-01 17:17 . 2008-08-01 17:17 <DIR> d-------- C:\Program Files\MagicISO
2008-08-01 02:56 . 2008-08-01 02:56 <DIR> d-------- C:\Program Files\IrfanView
2008-08-01 01:37 . 2008-08-01 01:37 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys
2008-07-31 12:49 . 2008-08-23 22:09 <DIR> d-------- C:\Program Files\Full Tilt Poker
2008-07-29 00:19 . 2008-07-31 01:56 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\SolSuite
2008-07-28 23:37 . 2008-07-28 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-07-28 23:34 . 2008-07-28 23:34 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\SpinTop
2008-07-28 23:34 . 2008-07-29 00:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-28 21:21 . 2008-07-28 21:21 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-28 00:23 . 2008-08-14 00:42 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\OpenOffice.org2
2008-07-28 00:21 . 2008-07-28 00:21 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-07-11 14:46 . 2008-08-24 21:38 <DIR> d-------- C:\Documents and Settings\Stu\Application Data\uTorrent
2008-07-09 14:18 . 2008-07-09 14:25 158 --a------ C:\WINDOWS\LEXSTAT.INI
2008-07-09 14:17 . 2008-07-09 14:17 <DIR> d-------- C:\Lxk510
2008-07-09 14:17 . 2008-07-09 14:17 <DIR> d-------- C:\Documents and Settings\Stu\WINDOWS
2008-07-09 14:17 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe
2008-07-07 17:40 . 2008-06-13 04:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-07 17:40 . 2008-06-13 04:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-07 17:40 . 2008-05-08 07:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-07 13:26 . 2008-07-07 13:26 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll
2008-07-07 13:13 . 2008-07-07 13:13 <DIR> d-------- C:\Program Files\Netflix
2008-07-07 12:55 . 2008-07-07 12:55 <DIR> d-------- C:\WINDOWS\nview
2008-07-07 12:55 . 2008-07-07 12:55 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-07-07 12:55 . 2008-04-30 17:27 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-07-07 12:55 . 2008-05-02 22:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-07-07 12:55 . 2008-08-31 15:53 182,038 --a------ C:\WINDOWS\system32\nvapps.xml
2008-07-07 12:55 . 2008-05-02 22:46 181,895 --a------ C:\WINDOWS\system32\nvdsp.chm
2008-07-07 12:55 . 2008-05-02 22:46 121,529 --a------ C:\WINDOWS\system32\nvcpl.chm
2008-07-07 12:55 . 2008-05-02 22:46 116,384 --a------ C:\WINDOWS\system32\nv3d.chm
2008-07-07 12:55 . 2008-05-02 22:46 54,988 --a------ C:\WINDOWS\system32\nvmob.chm
2008-07-07 12:55 . 2008-05-02 22:46 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-31 22:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-31 13:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-30 12:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-10 01:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-02 11:34 --------- d-----w C:\Program Files\Folder Lock
2008-07-31 00:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-31 00:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-31 00:28 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-07-28 07:21 --------- d-----w C:\Program Files\Java
2008-07-11 21:44 --------- d-----w C:\Program Files\Azureus
2008-07-09 18:53 --------- d-----w C:\Program Files\Steam
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:01 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-07-07 20:01 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-07-07 20:01 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-07-07 20:01 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-07-07 20:01 --------- d-----w C:\Program Files\Symantec
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ------w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-30_ 6.01.19.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-07 09:07:23 135,168 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\cscript.exe
+ 2008-05-09 10:45:15 512,000 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\jscript.dll
+ 2008-05-09 10:45:16 180,224 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\scrobj.dll
+ 2008-05-09 10:45:16 172,032 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\scrrun.dll
+ 2008-05-09 10:45:16 430,080 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\vbscript.dll
+ 2008-05-08 11:24:44 155,648 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wscript.exe
+ 2008-05-09 10:45:17 90,112 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wshext.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951978\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951978\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\updspapi.dll
+ 2008-05-07 09:07:23 135,168 -c----w C:\WINDOWS\system32\dllcache\cscript.exe
+ 2008-05-09 10:53:39 512,000 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2008-05-09 10:53:39 180,224 -c----w C:\WINDOWS\system32\dllcache\scrobj.dll
+ 2008-05-09 10:53:40 172,032 -c----w C:\WINDOWS\system32\dllcache\scrrun.dll
+ 2008-05-09 10:53:40 430,080 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2008-05-08 11:24:44 155,648 -c----w C:\WINDOWS\system32\dllcache\wscript.exe
+ 2008-05-09 10:53:40 90,112 -c----w C:\WINDOWS\system32\dllcache\wshext.dll
- 2008-04-14 00:11:56 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2008-05-09 10:53:39 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-07-27 22:49:02 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
+ 2007-07-27 22:49:02 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
+ 2005-12-06 03:25:22 139,264 ----a-w C:\WINDOWS\system32\lnod32umc.dll
+ 2005-12-05 20:37:10 106,496 ----a-w C:\WINDOWS\system32\lnod32upd.dll
+ 2007-08-03 01:11:28 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
+ 2007-08-03 01:11:14 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
+ 2007-08-06 20:17:40 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
+ 2007-06-13 18:10:34 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
+ 2004-12-07 18:11:34 258,352 ----a-w C:\WINDOWS\system32\unicows.dll
+ 2008-08-31 14:54:49 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_3ec.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 09:15 50528]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56 64512]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 18:20 339968 C:\WINDOWS\stsystra.exe]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 19:55:40 18432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Steam\\steamapps\\coxor\\counter-strike\\hl.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience

R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 19:55]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2008-04-13 17:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-08-30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 16:01:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2008-08-31 16:02:12
ComboFix-quarantined-files.txt 2008-08-31 23:02:08
ComboFix2.txt 2008-08-30 13:01:45

Pre-Run: 165,177,683,968 bytes free
Post-Run: 165,166,305,280 bytes free

227 --- E O F --- 2008-08-31 10:00:39

i have a question. Do i usually want to select allow change or deny change using the spybot resident teatimer? I dont know if you can answer that question. Or should i even use the resident teatimer?

Lets disable your Spybot Tea-Timer and Ad-Aware 2007 during our fix.. Please re-enable them back when we finish our fix.. Visit below webpage if you do not know how..
http://wiki.castlecops.com/Malware_Removal...toring_Programs


Then do this..

Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {0CCAA298-71AA-41A0-890E-B77781B246A0} - (no file)
O2 - BHO: (no name) - {0CCAA298-71AA-41A0-890E-B77781B246A0} - (no file)
O2 - BHO: (no name) - {FD94C043-22AA-4B30-9FFF-C5B772A8BD79} - (no file)

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.


Reboot your computer and run HijackThis again. Post me a fresh HijackThis log after above step

here is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:19:58 PM, on 8/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {2F27219F-DF4C-481A-BF54-69A8737A6C51} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mystery%20Solitaire/Images/stg_drm.ocx
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mystery%20Solitaire/Images/armhelper.ocx
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...OCX/flashax.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7159 bytes

Hi stu.. Your log looks good to me.. Fix below with HijackThis and then tell me how is your computer now?

O2 - BHO: (no name) - {2F27219F-DF4C-481A-BF54-69A8737A6C51} - (no file)

seems like it runs great. i haven't seen any problems lately. seems like its like it used to be. no error problems like before. Is it smart to use the spybot teatimer? if something pops up and u dont know what it is are u supposed to deny change right?