Ran sdfix which removed many problems but it still seems infected. [So

Hello, mywoes, and welcome to GeeksToGo!

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

I ran combofix. It went throght a number of stage and after stage 50 it rebooted the machine. It started up, but after I logged on only my desktop background showed up. The mouse was there, but now programs or start menu. I also tried starting in safe mode and it only gets to that desktop screen. The task manager works.

OK I used the task manager to run explore. It started up and a wind popped up trying to finish the log report and said do not run other stuff. A bunch of other stuff started running, however, some of the same things that were causing me problems in the first place. On of the things it trys to do is load WordPerfect Office 12 with the Windows installer. I am goint to see if I can get a log of some sort, at least a Hijackthis log. By they way I have not been able to get this to connect to the internet since this began, so I am doing everything by downloading from a different computer and putting it on a memory stick and transfering it to the infected computer.

OK Here are the logs:

Combofix:


ComboFix 09-02-19.01 - William Miller 2009-02-21 14:04:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2608 [GMT -6:00]
Running from: c:\documents and settings\William Miller\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\windows\Readme.txt
c:\windows\system32\AutoRun.inf
c:\windows\system32\bszip.dll
c:\windows\system32\drivers\UACwpjyotqp.sys
c:\windows\system32\gscwun.dll
c:\windows\system32\init32.exe
c:\windows\system32\mfc45.dll
c:\windows\system32\mlJYsqpP.dll.vir
c:\windows\system32\osm3of8s3njd.dll
c:\windows\system32\PpqsYJlm.ini
c:\windows\system32\PpqsYJlm.ini2
c:\windows\system32\rofgobxu.dll
c:\windows\system32\UACepdoybky.dll
c:\windows\system32\UACjpuoomyi.dll
c:\windows\system32\UAClqjnqrpo.dll
c:\windows\system32\UACnmtopmec.dat
c:\windows\system32\UACnremilro.log
c:\windows\system32\UACurunvuna.log
c:\windows\system32\UACvaitxdwy.dll
c:\windows\system32\UACwsvyumpk.log
c:\windows\system32\uniq.tll
c:\windows\system32\win32hlp.cnf
F:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_FREEZESCREENSAVER
-------\Legacy_icf
-------\Service_FreezeScreenSaver


((((((((((((((((((((((((( Files Created from 2009-01-21 to 2009-02-21 )))))))))))))))))))))))))))))))
.

2009-02-21 13:55 . 2009-02-21 13:56 <DIR> d-------- C:\32788R22FWJFW
2009-02-21 09:11 . 2009-02-21 09:11 <DIR> d-------- c:\documents and settings\William Miller\Application Data\Malwarebytes
2009-02-20 20:34 . 2009-02-21 09:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-20 20:34 . 2009-02-20 20:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-20 20:34 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-20 20:34 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-20 05:53 . 2009-02-20 05:53 <DIR> d-------- c:\program files\Trend Micro
2009-02-19 20:42 . 2009-02-19 20:42 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2009-02-19 20:22 . 2009-02-19 20:22 <DIR> d-------- c:\windows\ERUNT
2009-02-19 20:09 . 2009-02-19 21:18 <DIR> d-------- C:\SDFix
2009-02-19 19:05 . 2009-02-19 19:05 <DIR> d-------- c:\program files\Seagate
2009-02-19 19:05 . 2009-02-19 19:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Seagate
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\windows\system32\drivers\NAV
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\program files\Windows Sidebar
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\program files\NortonInstaller
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\program files\Norton AntiVirus
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-18 22:01 . 2009-02-18 22:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-02-18 22:01 . 2009-02-18 22:05 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-18 22:01 . 2009-02-18 22:05 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-02-18 22:01 . 2009-02-18 22:01 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-02-18 22:01 . 2009-02-18 22:05 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-18 22:01 . 2009-02-18 22:05 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-02-18 19:23 . 2009-02-18 19:23 <DIR> d-------- c:\documents and settings\LocalService\Application Data\iolo
2009-02-18 18:57 . 2009-02-18 18:57 <DIR> d-------- c:\program files\iolo
2009-02-18 18:57 . 2009-02-11 19:10 936,288 --a------ c:\windows\system32\Incinerator.dll
2009-02-18 18:57 . 2008-09-24 09:32 28,672 --a------ c:\windows\system32\iolobtdfg.exe
2009-02-18 18:57 . 2008-04-17 09:45 9,341 --a------ c:\windows\system32\drivers\filedisk.sys
2009-02-18 18:57 . 2008-11-18 11:51 8,192 --a------ c:\windows\system32\smrgdf.exe
2009-02-18 18:57 . 2009-02-18 18:57 406 --a------ c:\windows\system32\ioloBootDefrag.cfg
2009-02-18 18:55 . 2009-02-18 18:57 <DIR> d-------- c:\documents and settings\William Miller\Application Data\iolo
2009-02-18 18:55 . 2009-02-18 19:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\iolo
2009-02-17 19:19 . 2009-02-17 19:19 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SmitFraudFixTool
2009-02-17 18:47 . 2009-02-17 18:47 <DIR> d-------- c:\documents and settings\William Miller\Application Data\SmitFraudFixTool
2009-02-17 18:05 . 2009-02-17 18:05 <DIR> d--hs---- c:\windows\system32\config\systemprofile\PrivacIE
2009-02-17 17:46 . 2009-02-17 17:46 <DIR> d--hs---- c:\documents and settings\LocalService\UserData
2009-02-17 17:46 . 2009-02-17 17:46 <DIR> d--hs---- c:\documents and settings\LocalService\PrivacIE
2009-02-17 17:46 . 2009-02-17 17:46 <DIR> d--hs---- c:\documents and settings\LocalService\IECompatCache
2009-02-17 16:57 . 2009-02-17 16:57 <DIR> d--hs---- c:\windows\system32\config\systemprofile\IETldCache
2009-02-17 14:42 . 2009-02-17 14:42 81,920 --a------ C:\dykhyp.exe
2009-02-17 14:41 . 2009-02-18 21:09 32,768 --a------ c:\windows\system32\drivers\ati6eyxx.sys
2009-02-17 14:41 . 2009-02-17 14:41 26,624 --a------ C:\pfkik.exe
2009-02-17 12:59 . 2009-02-17 12:59 104,960 --a------ c:\windows\system32\dllcache\userinit.exe
2009-02-17 12:59 . 2009-02-17 12:59 81,920 --a------ C:\cisq.exe
2009-02-17 12:59 . 2009-02-17 12:59 26,624 --a------ C:\ywruf.exe
2009-02-17 12:57 . 2009-02-17 18:35 303,616 -rahs---- c:\windows\system32\javarun.exe
2009-02-17 12:57 . 2009-02-17 12:57 77,312 --a------ c:\windows\system32\javame.exe
2009-02-17 07:27 . 2009-02-17 07:27 <DIR> d--hs---- c:\documents and settings\William Miller\IECompatCache
2009-02-01 19:34 . 2009-02-01 19:34 <DIR> d-------- C:\New Folder
2009-02-01 19:06 . 2009-02-01 19:06 <DIR> d-------- c:\program files\GetData
2009-02-01 19:01 . 2009-02-01 19:01 <DIR> d-------- c:\documents and settings\William Miller\Application Data\CyberLink
2009-01-31 16:51 . 2008-04-13 13:46 51,200 --a------ c:\windows\system32\drivers\msdv.sys
2009-01-31 16:51 . 2008-04-13 13:46 51,200 --a------ c:\windows\system32\dllcache\msdv.sys
2009-01-31 16:51 . 2008-04-13 13:46 48,128 --a------ c:\windows\system32\dllcache\61883.sys
2009-01-31 16:51 . 2008-04-13 13:46 38,912 --a------ c:\windows\system32\drivers\avc.sys
2009-01-31 16:51 . 2008-04-13 13:46 38,912 --a------ c:\windows\system32\dllcache\avc.sys
2009-01-31 16:48 . 2008-04-13 13:46 61,696 --a------ c:\windows\system32\drivers\ohci1394.sys
2009-01-31 16:48 . 2008-04-13 13:46 61,696 --a------ c:\windows\system32\dllcache\ohci1394.sys
2009-01-31 16:48 . 2008-04-13 13:46 53,376 --a------ c:\windows\system32\drivers\1394bus.sys
2009-01-31 16:48 . 2008-04-13 13:46 53,376 --a------ c:\windows\system32\dllcache\1394bus.sys
2009-01-31 16:48 . 2001-08-17 13:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys
2009-01-31 16:48 . 2001-08-17 13:46 6,400 --a------ c:\windows\system32\dllcache\enum1394.sys
2009-01-31 13:35 . 2009-01-31 13:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-01-31 13:21 . 2009-01-31 13:21 <DIR> d--hs---- c:\documents and settings\William Miller\IETldCache
2009-01-31 13:13 . 2009-01-31 13:14 <DIR> d--h-c--- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-20 03:31 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-20 03:06 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-20 01:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-19 04:05 --------- d-----w c:\program files\Symantec
2009-02-19 03:38 --------- d-----w c:\program files\Norton Security Scan
2009-02-02 01:02 --------- d-----w c:\documents and settings\William Miller\Application Data\DVD Flick
2009-02-01 23:58 --------- d-----w c:\documents and settings\William Miller\Application Data\vlc
2009-01-27 16:24 --------- d-----w c:\program files\Stunt Track Driver
2009-01-01 08:12 --------- d-----w c:\program files\ImageConverter Plus
2008-12-25 01:49 --------- d-----w c:\program files\Google
2008-12-23 22:20 --------- d-----w c:\documents and settings\William Miller\Application Data\dvdcss
2008-12-21 14:40 --------- d-----w c:\program files\VideoLAN
2008-12-21 01:56 --------- d-----w c:\program files\Apple Software Update
2008-09-26 02:06 376 ----a-w c:\documents and settings\William Miller\jobq.dat
2008-09-20 00:49 47,316 ----a-w c:\program files\uninstal.log
2006-02-19 22:16 774,144 ----a-w c:\program files\RngInterstitial.dll
2005-12-06 00:28 916,806 ------w c:\program files\Dec2005_MDX1_x86.cab
2005-12-06 00:28 86,925 ------w c:\program files\Oct2005_xinput_x64.cab
2005-12-06 00:28 46,247 ------w c:\program files\Oct2005_xinput_x86.cab
2005-12-06 00:28 41,888 ------w c:\program files\dxdllreg_x86.cab
2005-12-06 00:28 3,673,932 ------w c:\program files\Dec2005_MDX1_x86_Archive.cab
2005-12-06 00:28 1,358,864 ------w c:\program files\Dec2005_d3dx9_28_x64.cab
2005-12-06 00:27 1,080,344 ------w c:\program files\Dec2005_d3dx9_28_x86.cab
2005-10-28 01:30 4,488,480 ----a-w c:\documents and settings\Ryan\WordStars2.01_setup.exe
2007-12-05 01:28 80 --sha-r c:\windows\system32\4DF86F78CF.dll
2008-07-23 00:36 56 --sha-r c:\windows\system32\4DF86F78CF.sys
2008-07-23 00:36 1,890 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-08-25 13:38 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082520080826\index.dat
.

------- Sigcheck -------

2004-08-10 04:00 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 18:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\ServicePackFiles\i386\userinit.exe
2009-02-17 12:59 104960 ffd414d64080785952f88436a9167e1f c:\windows\system32\userinit.exe
2009-02-17 12:59 104960 ffd414d64080785952f88436a9167e1f c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Google Update"="c:\documents and settings\William Miller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-18 39408]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2008-10-04 235936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Distillr\Acrotray.exe" [2004-12-14 483328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-11 4583424]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-26 316728]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 75584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-30 177448]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2005-07-26 25214]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-07-21 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.VQJK"= DC31DEC.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6eyxx.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^William Miller^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\William Miller\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^William Miller^Start Menu^Programs^Startup^Screen Saver Control.lnk]
path=c:\documents and settings\William Miller\Start Menu\Programs\Startup\Screen Saver Control.lnk
backup=c:\windows\pss\Screen Saver Control.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 15:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2004-08-10 03:04 59392 c:\windows\ehome\ehtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Nortel Networks\\Extranet.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\javarun.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1002000.007\SymEFA.sys [2009-02-18 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1002000.007\BHDrvx86.sys [2009-02-18 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1002000.007\cchpx86.sys [2009-02-18 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [2009-02-18 274808]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-07-30 161064]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-02-18 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-02-18 712048]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2009-02-18 115560]
R2 SoftwareDownloadCenter;Software Download Center;c:\srccode\SDCService\SDCService.exe [2007-09-28 1560403]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2005-07-26 9817]
R3 EuMusDesignVirtualAudioCableWdm_jrm;MuvEnum Virtual Cable;c:\windows\system32\drivers\vacjrmkd.sys [2007-05-05 35624]
S0 ati6eyxx;ati6eyxx;c:\windows\system32\drivers\ati6eyxx.sys [2009-02-17 32768]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [2005-12-27 515803]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2005-07-26 137392]
S3 KodakPPCAM;Kodak EZ200 DIGITAL CAMERA;c:\windows\system32\drivers\dc31vid.sys [2006-04-08 430336]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2006-04-12 38272]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\DRIVERS\sustucap.sys --> c:\windows\system32\DRIVERS\sustucap.sys [?]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2006-04-12 21376]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\Bulk533.sys [2005-12-27 10986]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dd23984-fe3f-11d9-b90f-444553544200}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - F:\system.exe
\Shell\Open\command - F:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e323e8f-c924-11dd-aca9-444553544200}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - system.exe
\Shell\Open\command - system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d174e56-feea-11dd-ad1e-444553544200}]
\Shell\AutoRun\command - F:\InstallSeagateManager.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b942e5d4-1871-11dc-a999-444553544200}]
\Shell\AutoRun\command - F:\ClearPlayEasyUpdates.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-21 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-02-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-24 19:49]

2009-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3192582744-3556994540-3364813709-1005.job
- c:\documents and settings\William Miller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 18:42]

2009-02-21 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDetect.exe []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-InetCntrl - c:\windows\system32\InetCntrl\InetCntrl.exe
Notify-byxnghhg - (no file)
Notify-crypt - (no file)
Notify-fygrzqkn - (no file)


.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{00951C02-5731-44e9-B2F5-544EC2279417} - {00951C02-5731-44e9-B2F5-544EC2279417} - mscoree.dll
Trusted Zone: turbotax.com
DPF: {0C528348-18DC-4ECE-819B-624E226028DA} - hxxp://wsso.mmm.com/Frontier_program_launcher.CAB
DPF: {4BECECDE-E494-4F69-A3DE-DA0B77726307} - hxxp://legalwebdev.mmm.com/WorkSite/includes/iManFile.cab
DPF: {53D1658C-D028-49B6-9C26-2C41665718FE} - hxxp://intra4.mmm.com/sdc/cabs/SDC.CAB
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C}
DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62}
FF - ProfilePath - c:\documents and settings\William Miller\Application Data\Mozilla\Firefox\Profiles\jq1hyu27.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.lds.org/ldsorg/v/index.jsp?vgnextoid=e419fb40e21cef00VgnVCM1000001f5e340aRCRD|about:blank
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\William Miller\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1441.4352\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 14:52:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\controlset002\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,e6,9a,fb,83,3a,b0,4a,94,41,fe,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9d,e6,9a,fb,83,3a,b0,4a,94,41,fe,\

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C71B26DC-AE9F-824E-D74D-1F72DEA879CF}*]
"eacindhcii"=hex:66,61,61,6a,6d,64,6f,6f,67,63,6f,64,00,31
"dadiccdp"=hex:64,62,6f,68,6a,6d,6d,6b,61,6e,66,64,64,61,70,68,64,70,69,62,69,
63,62,65,6a,62,6c,63,6e,70,6a,67,6c,63,6c,62,65,6e,61,6e,00,00
"iakhllngmbjjanopkk"=hex:6a,61,67,6d,68,6a,6c,67,66,68,70,6f,62,68,6d,62,64,68,
6b,6f,00,00
"haigfmoehchnboek"=hex:6a,61,67,6d,68,6a,6c,67,66,68,70,6f,62,68,6d,62,64,68,
6b,6f,00,00

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Æ·*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"verticalChoices"="weatherV"
"firstLaunch"="false"
DUMPHIVE0.003 (REGF)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lotus\Notes\nslsvice.exe
c:\program files\Lotus\Notes\nsl.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Symantec Shared\Security Center\symwsc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\taskmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-02-21 15:03:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-21 21:03:10

Pre-Run: 133,993,852,928 bytes free
Post-Run: 134,692,089,856 bytes free

Current=2 Default=2 Failed=4 LastKnownGood=3 Sets=1,2,3,4
406 --- E O F --- 2009-02-11 09:13:38


Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:51 PM, on 2/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\lotus\notes\nslsvice.exe
C:\Program Files\lotus\notes\nsl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Srccode\SDCService\SDCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Distillr\Acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\William Miller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
O3 - Toolbar: (no name) - {E0019445-4C1F-414D-A70E-AD80F231C584} - (no file)
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\William Miller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ZuneIt - {00951C02-5731-44e9-B2F5-544EC2279417} - mscoree.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C528348-18DC-4ECE-819B-624E226028DA} (Frontier.Frontier_Launcher) - http://wsso.mmm.com/...am_launcher.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcente...trolLite_EN.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O16 - DPF: {4BECECDE-E494-4F69-A3DE-DA0B77726307} (WebTransferCtrl Class) - http://legalwebdev.m...es/iManFile.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {53D1658C-D028-49B6-9C26-2C41665718FE} (RequestX.SDC) - http://intra4.mmm.com/sdc/cabs/SDC.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161823591093
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast....ostClientIE.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://3msource.3m....acbvf6EstuImzy
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} -
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://us-mail-16.mmm.com/dwa7W.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave...ownloadCtrl.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://3msource.3m....uniperSetup.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co....cab?10,0,910,0
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\Program Files\lotus\notes\nslsvice.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Software Download Center (SoftwareDownloadCenter) - 3M - C:\Srccode\SDCService\SDCService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 15014 bytes

Edited by mywoes, 21 February 2009 - 03:09 PM.

In Task Manager, click on the File tab, and click New Task (Run...). Type the following and press ENTER:

explorer.exe

Do you have your desktop back? The ComboFix log may be saved in C:\ComboFix.txt or C:\Qoobox\ComboFix.txt.

I did get my desktop back and got the logs. See my amendment to my previous reply. When I have to do this to get my desktop each time i reboot. Also, my interent still does not work. Things are looking better. I also removed the programs what were trying install when I would start up.

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\dykhyp.exe
C:\pfkik.exe
C:\cisq.exe
C:\ywruf.exe
c:\windows\system32\4DF86F78CF.dll
c:\windows\system32\4DF86F78CF.sys
F:\system.exe

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\SystemCertificates\AddressBook*]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C71B26DC-AE9F-824E-D74D-1F72DEA879CF}*]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005]

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dd23984-fe3f-11d9-b90f-444553544200}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e323e8f-c924-11dd-aca9-444553544200}]
[-HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[-HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

Before I do this, I wanted to let you know that in order to get the ComboFix to I had to rename it Combo-Fix. I also removed the prgrams that were trying to run. Becuase of this Do I need to do anything differently?

That's fine. Just make sure you place CFScript.txt on top of Combo-Fix.exe rather than ComboFix.exe.

OK. Here are the logs:

ComboFix 09-02-19.01 - William Miller 02/21/2009 16:27:02.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2477 [GMT -6:00]
Running from: c:\documents and settings\William Miller\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\William Miller\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\cisq.exe
C:\dykhyp.exe
C:\pfkik.exe
c:\windows\system32\4DF86F78CF.dll
c:\windows\system32\4DF86F78CF.sys
C:\ywruf.exe
F:\system.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cisq.exe
C:\dykhyp.exe
C:\pfkik.exe
c:\windows\system32\4DF86F78CF.dll
c:\windows\system32\4DF86F78CF.sys
C:\ywruf.exe

.
((((((((((((((((((((((((( Files Created from 2009-01-21 to 2009-02-21 )))))))))))))))))))))))))))))))
.

2009-02-21 09:11 . 2009-02-21 09:11 <DIR> d-------- c:\documents and settings\William Miller\Application Data\Malwarebytes
2009-02-20 20:34 . 2009-02-21 09:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-20 20:34 . 2009-02-20 20:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-20 20:34 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-20 20:34 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-20 05:53 . 2009-02-20 05:53 <DIR> d-------- c:\program files\Trend Micro
2009-02-19 20:42 . 2009-02-19 20:42 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2009-02-19 20:22 . 2009-02-19 20:22 <DIR> d-------- c:\windows\ERUNT
2009-02-19 20:09 . 2009-02-19 21:18 <DIR> d-------- C:\SDFix
2009-02-19 19:05 . 2009-02-19 19:05 <DIR> d-------- c:\program files\Seagate
2009-02-19 19:05 . 2009-02-19 19:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Seagate
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\windows\system32\drivers\NAV
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\program files\Windows Sidebar
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\program files\NortonInstaller
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\program files\Norton AntiVirus
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-18 22:01 . 2009-02-18 22:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-02-18 22:01 . 2009-02-18 22:05 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-18 22:01 . 2009-02-18 22:05 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-02-18 22:01 . 2009-02-18 22:01 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-02-18 22:01 . 2009-02-18 22:05 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-18 22:01 . 2009-02-18 22:05 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-02-18 19:23 . 2009-02-18 19:23 <DIR> d-------- c:\documents and settings\LocalService\Application Data\iolo
2009-02-18 18:57 . 2009-02-18 18:57 <DIR> d-------- c:\program files\iolo
2009-02-18 18:57 . 2009-02-11 19:10 936,288 --a------ c:\windows\system32\Incinerator.dll
2009-02-18 18:57 . 2008-09-24 09:32 28,672 --a------ c:\windows\system32\iolobtdfg.exe
2009-02-18 18:57 . 2008-04-17 09:45 9,341 --a------ c:\windows\system32\drivers\filedisk.sys
2009-02-18 18:57 . 2008-11-18 11:51 8,192 --a------ c:\windows\system32\smrgdf.exe
2009-02-18 18:57 . 2009-02-18 18:57 406 --a------ c:\windows\system32\ioloBootDefrag.cfg
2009-02-18 18:55 . 2009-02-18 18:57 <DIR> d-------- c:\documents and settings\William Miller\Application Data\iolo
2009-02-18 18:55 . 2009-02-18 19:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\iolo
2009-02-17 19:19 . 2009-02-17 19:19 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SmitFraudFixTool
2009-02-17 18:47 . 2009-02-17 18:47 <DIR> d-------- c:\documents and settings\William Miller\Application Data\SmitFraudFixTool
2009-02-17 18:05 . 2009-02-17 18:05 <DIR> d--hs---- c:\windows\system32\config\systemprofile\PrivacIE
2009-02-17 17:46 . 2009-02-17 17:46 <DIR> d--hs---- c:\documents and settings\LocalService\UserData
2009-02-17 17:46 . 2009-02-17 17:46 <DIR> d--hs---- c:\documents and settings\LocalService\PrivacIE
2009-02-17 17:46 . 2009-02-17 17:46 <DIR> d--hs---- c:\documents and settings\LocalService\IECompatCache
2009-02-17 16:57 . 2009-02-17 16:57 <DIR> d--hs---- c:\windows\system32\config\systemprofile\IETldCache
2009-02-17 14:41 . 2009-02-18 21:09 32,768 --a------ c:\windows\system32\drivers\ati6eyxx.sys
2009-02-17 12:59 . 2009-02-17 12:59 104,960 --a------ c:\windows\system32\dllcache\userinit.exe
2009-02-17 12:57 . 2009-02-17 18:35 303,616 -rahs---- c:\windows\system32\javarun.exe
2009-02-17 12:57 . 2009-02-17 12:57 77,312 --a------ c:\windows\system32\javame.exe
2009-02-17 07:27 . 2009-02-17 07:27 <DIR> d--hs---- c:\documents and settings\William Miller\IECompatCache
2009-02-01 19:34 . 2009-02-01 19:34 <DIR> d-------- C:\New Folder
2009-02-01 19:06 . 2009-02-01 19:06 <DIR> d-------- c:\program files\GetData
2009-02-01 19:01 . 2009-02-01 19:01 <DIR> d-------- c:\documents and settings\William Miller\Application Data\CyberLink
2009-01-31 16:51 . 2008-04-13 13:46 51,200 --a------ c:\windows\system32\drivers\msdv.sys
2009-01-31 16:51 . 2008-04-13 13:46 51,200 --a------ c:\windows\system32\dllcache\msdv.sys
2009-01-31 16:51 . 2008-04-13 13:46 48,128 --a------ c:\windows\system32\dllcache\61883.sys
2009-01-31 16:51 . 2008-04-13 13:46 38,912 --a------ c:\windows\system32\drivers\avc.sys
2009-01-31 16:51 . 2008-04-13 13:46 38,912 --a------ c:\windows\system32\dllcache\avc.sys
2009-01-31 16:48 . 2008-04-13 13:46 61,696 --a------ c:\windows\system32\drivers\ohci1394.sys
2009-01-31 16:48 . 2008-04-13 13:46 61,696 --a------ c:\windows\system32\dllcache\ohci1394.sys
2009-01-31 16:48 . 2008-04-13 13:46 53,376 --a------ c:\windows\system32\drivers\1394bus.sys
2009-01-31 16:48 . 2008-04-13 13:46 53,376 --a------ c:\windows\system32\dllcache\1394bus.sys
2009-01-31 16:48 . 2001-08-17 13:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys
2009-01-31 16:48 . 2001-08-17 13:46 6,400 --a------ c:\windows\system32\dllcache\enum1394.sys
2009-01-31 13:35 . 2009-01-31 13:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-01-31 13:21 . 2009-01-31 13:21 <DIR> d--hs---- c:\documents and settings\William Miller\IETldCache
2009-01-31 13:13 . 2009-01-31 13:14 <DIR> d--h-c--- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-20 03:31 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-20 03:06 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-20 01:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-19 04:05 --------- d-----w c:\program files\Symantec
2009-02-19 03:38 --------- d-----w c:\program files\Norton Security Scan
2009-02-02 01:02 --------- d-----w c:\documents and settings\William Miller\Application Data\DVD Flick
2009-02-01 23:58 --------- d-----w c:\documents and settings\William Miller\Application Data\vlc
2009-01-27 16:24 --------- d-----w c:\program files\Stunt Track Driver
2009-01-01 08:12 --------- d-----w c:\program files\ImageConverter Plus
2008-12-25 01:49 --------- d-----w c:\program files\Google
2008-12-23 22:20 --------- d-----w c:\documents and settings\William Miller\Application Data\dvdcss
2008-12-21 14:40 --------- d-----w c:\program files\VideoLAN
2008-12-21 01:56 --------- d-----w c:\program files\Apple Software Update
2008-09-26 02:06 376 ----a-w c:\documents and settings\William Miller\jobq.dat
2008-09-20 00:49 47,316 ----a-w c:\program files\uninstal.log
2006-02-19 22:16 774,144 ----a-w c:\program files\RngInterstitial.dll
2005-12-06 00:28 916,806 ------w c:\program files\Dec2005_MDX1_x86.cab
2005-12-06 00:28 86,925 ------w c:\program files\Oct2005_xinput_x64.cab
2005-12-06 00:28 46,247 ------w c:\program files\Oct2005_xinput_x86.cab
2005-12-06 00:28 41,888 ------w c:\program files\dxdllreg_x86.cab
2005-12-06 00:28 3,673,932 ------w c:\program files\Dec2005_MDX1_x86_Archive.cab
2005-12-06 00:28 1,358,864 ------w c:\program files\Dec2005_d3dx9_28_x64.cab
2005-12-06 00:27 1,080,344 ------w c:\program files\Dec2005_d3dx9_28_x86.cab
2005-10-28 01:30 4,488,480 ----a-w c:\documents and settings\Ryan\WordStars2.01_setup.exe
2008-07-23 00:36 1,890 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-08-25 13:38 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082520080826\index.dat
.

------- Sigcheck -------

2004-08-10 04:00 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 18:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\ServicePackFiles\i386\userinit.exe
2009-02-17 12:59 104960 ffd414d64080785952f88436a9167e1f c:\windows\system32\userinit.exe
2009-02-17 12:59 104960 ffd414d64080785952f88436a9167e1f c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-02-21_15.01.22.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-19 01:23:22 1,487,272 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-21 21:20:02 1,413,248 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-21 22:35:25 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_d0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Distillr\Acrotray.exe" [2004-12-14 483328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-11 4583424]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-26 316728]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 75584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-30 177448]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2005-07-26 25214]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-07-21 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.VQJK"= DC31DEC.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6eyxx.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^William Miller^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\William Miller\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^William Miller^Start Menu^Programs^Startup^Screen Saver Control.lnk]
path=c:\documents and settings\William Miller\Start Menu\Programs\Startup\Screen Saver Control.lnk
backup=c:\windows\pss\Screen Saver Control.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 15:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2004-08-10 03:04 59392 c:\windows\ehome\ehtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Nortel Networks\\Extranet.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\javarun.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1002000.007\SymEFA.sys [2009-02-18 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1002000.007\BHDrvx86.sys [2009-02-18 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1002000.007\cchpx86.sys [2009-02-18 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [2009-02-18 274808]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-07-30 161064]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-02-18 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-02-18 712048]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2009-02-18 115560]
R2 SoftwareDownloadCenter;Software Download Center;c:\srccode\SDCService\SDCService.exe [2007-09-28 1560403]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2005-07-26 9817]
R3 EuMusDesignVirtualAudioCableWdm_jrm;MuvEnum Virtual Cable;c:\windows\system32\drivers\vacjrmkd.sys [2007-05-05 35624]
S0 ati6eyxx;ati6eyxx;c:\windows\system32\drivers\ati6eyxx.sys [2009-02-17 32768]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [2005-12-27 515803]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2005-07-26 137392]
S3 KodakPPCAM;Kodak EZ200 DIGITAL CAMERA;c:\windows\system32\drivers\dc31vid.sys [2006-04-08 430336]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2006-04-12 38272]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\DRIVERS\sustucap.sys --> c:\windows\system32\DRIVERS\sustucap.sys [?]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2006-04-12 21376]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\Bulk533.sys [2005-12-27 10986]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-21 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-02-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-24 19:49]

2009-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3192582744-3556994540-3364813709-1005.job
- c:\documents and settings\William Miller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 18:42]

2009-02-21 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDetect.exe []
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: {{00951C02-5731-44e9-B2F5-544EC2279417} - {00951C02-5731-44e9-B2F5-544EC2279417} - mscoree.dll
DPF: {0C528348-18DC-4ECE-819B-624E226028DA} - hxxp://wsso.mmm.com/Frontier_program_launcher.CAB
DPF: {4BECECDE-E494-4F69-A3DE-DA0B77726307} - hxxp://legalwebdev.mmm.com/WorkSite/includes/iManFile.cab
DPF: {53D1658C-D028-49B6-9C26-2C41665718FE} - hxxp://intra4.mmm.com/sdc/cabs/SDC.CAB
FF - ProfilePath - c:\documents and settings\William Miller\Application Data\Mozilla\Firefox\Profiles\jq1hyu27.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.lds.org/ldsorg/v/index.jsp?vgnextoid=e419fb40e21cef00VgnVCM1000001f5e340aRCRD|about:blank
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 16:38:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\controlset002\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
@DACL=(02 0000)
"LastKey"="My Computer\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer"
"View"=hex:2c,00,00,00,02,00,00,00,03,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,ff,ff,ff,89,00,00,00,98,00,00,00,75,05,00,00,73,03,00,00,4f,01,00,\
"FindFlags"=dword:0000000e

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray]
@DACL=(02 0000)
@SACL=
"Services"=dword:0000001e
"HotPlugFlags"=dword:00000000

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Tour]
@DACL=(02 0000)
"RunCount"=dword:00000000

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers]
@DACL=(02 0000)
"h:\\\\?\\IDE#CdRomSONY_DVD-ROM_DDU1615____________________FDS1____#5&264a8ea8&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}+PlayDVDMovieOnArrival"="MSOpenFolder\00\00????"
"h:\\\\?\\IDE#CdRomSONY_CD-RW__CRX217E_____________________1DS1____#5&264a8ea8&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}+ShowPicturesOnArrival"="EHomePhotosHandler\00\00????"
"h:\\\\?\\STORAGE#RemovableMedia#7&16b7a6ba&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}+ShowPicturesOnArrival"="Picasa2ImportPicturesOnArrival\00\00????"
"h:\\\\?\\IDE#CdRomSONY_DVD-ROM_DDU1615____________________FDS1____#5&264a8ea8&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}+PlayMusicFilesOnArrival"="MSTakeNoAction\00\00????"
"h:\\\\?\\USB#Vid_041e&Pid_4152#C9ECC61A0002FA9D#{14480d3f-7a47-4a75-aaef-b14f56397153}+MTPMediaPlayerArrival"="MSTakeNoAction\00\00????"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserDefaults]
@DACL=(02 0000)
"h:\\\\?\\IDE#CdRomSONY_DVD-ROM_DDU1615____________________FDS1____#5&264a8ea8&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}+PlayDVDMovieOnArrival"="EHomeVideoDropTarget"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{4b7a0957-fd70-11d9-b907-806d6172696f}]
@DACL=(02 0000)
"Drive Type"=dword:00000003

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{7e398540-6c85-11da-a706-806d6172696f}]
@DACL=(02 0000)
"Drive Type"=dword:00000002
"CurrentCDWriteSpeed"=dword:ffffffff
"MaxCDWriteSpeed"=dword:00000030

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}]
@DACL=(02 0000)
@SACL=
@="Explorer"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\CleanupWiz]
@DACL=(02 0000)
@SACL=
"Last used time"=hex:70,13,d4,22,3b,0a,c6,01
"Days between clean up"=dword:0000003c
"NoRun"=dword:00000001

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asmx]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aspx]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="IEXPLORE.EXE"
"MRUList"="bca"
"b"="wmplayer.exe"
"c"="firefox.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="wmplayer.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="MPEG_Streamclip.exe"
"MRUList"="fgbedca"
"b"="moviemk.exe"
"c"="wmplayer.exe"
"d"="WaxInvoker.exe"
"e"="firefox.exe"
"f"="vlc.exe"
"g"="dvdflick.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="sspipes.scr"
"MRUList"="fbdcae"
"b"="IEXPLORE.EXE"
"c"="ois.exe"
"d"="mspaint.exe"
"e"="PicasaPhotoViewer.exe"
"f"="moviemk.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="nvu.exe"
"MRUList"="ba"
"b"="iexplore.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="WINWORD.EXE"
"MRUList"="abgefcd"
"b"="iexplore.exe"
"c"="NLNOTES.EXE"
"d"="wpwin12.exe"
"e"="soffice.BIN"
"f"="PMW.exe"
"g"="firefox.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR-MS]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="shimgvw.dll"
"MRUList"="hcidgfeba"
"b"="mspaint.exe"
"c"="ois.exe"
"d"="iexplore.exe"
"e"="nvu.exe"
"f"="imsdwarfv2.exe"
"g"="PhotoshopElementsEditor.exe"
"h"="PaintDotNet.exe"
"i"="firefox.exe"
"j"="PicasaPhotoViewer.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="iexplore.exe"
"MRUList"="ba"
"b"="FIREFOX.EXE"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="iexplore.exe"
"MRUList"="faedbc"
"b"="nvu.exe"
"c"="POWERPNT.EXE"
"d"="PhotoshopElementsEditor.exe"
"e"="FIREFOX.EXE"
"f"="PaintDotNet.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithList]
@Class="Shell"
@DACL=(02 0000)

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ivf]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe]
@DACL=(02 0000)
@SACL=
"ProgID"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\OpenWithList]
@DACL=(02 0000)
"a"="PicasaPhotoViewer.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg]
@DACL=(02 0000)
@SACL=
"ProgID"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithList]
@DACL=(02 0000)
"a"="PicasaPhotoViewer.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg]
@DACL=(02 0000)
@SACL=
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="PaintDotNet.exe"
"MRUList"="bijcfadhg"
"b"="mspaint.exe"
"c"="FIREFOX.EXE"
"d"="moviemk.exe"
"e"="buzzEdit.exe"
"f"="OIS.EXE"
"g"="WaxInvoker.exe"
"h"="IEXPLORE.EXE"
"i"="PicasaPhotoViewer.exe"
"j"="chrome.exe"
"k"="PicasaPhotoViewer.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="mmjblaunch.exe"
"MRUList"="cba"
"b"="IEXPLORE.EXE"
"c"="firefox.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="iexplore.exe"
"MRUList"="ba"
"b"="audacity.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3]
@DACL=(02 0000)
@SACL=
"Progid"="mp3file"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="audacity.exe"
"MRUList"="cjabfihge"
"b"="IEXPLORE.EXE"
"c"="wmplayer.exe"
"d"="Video Edit Magic.exe"
"e"="DVDMF.exe"
"f"="moviemk.exe"
"g"="wmeditor.exe"
"h"="wavepad.exe"
"i"="Digital Media Converter.exe"
"j"="firefox.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="wmplayer.exe"
"MRUList"="ba"
"b"="moviemk.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="iexplore.exe"
"MRUList"="bcead"
"b"="ois.exe"
"c"="PaintDotNet.exe"
"d"="PicasaPhotoViewer.exe"
"e"="firefox.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppt]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppt\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="Acrobat.exe"
"MRUList"="befcda"
"b"="POWERPNT.EXE"
"c"="IEXPLORE.EXE"
"d"="NLNOTES.EXE"
"e"="firefox.exe"
"f"="moviemk.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra\OpenWithProgids]
@DACL=(02 0000)
"RealPlayer.RA.6"=hex(0):

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="RealPlay.exe"
"MRUList"="cba"
"b"="IEXPLORE.EXE"
"c"="firefox.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\OpenWithProgids]
@DACL=(02 0000)
"RealPlayer.RAM.6"=hex(0):

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rf]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rjs]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rjs\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\OpenWithProgids]
@DACL=(02 0000)
"RealPlayer.RM.6"=hex(0):

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmm]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmm\OpenWithProgids]
@DACL=(02 0000)
"RealPlayer.RAM.6"=hex(0):

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmm\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmp]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmp\OpenWithProgids]
@DACL=(02 0000)
"RealJukebox.RMP.1"=hex(0):

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmp\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rms]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rms\OpenWithProgids]
@DACL=(02 0000)
"RealPlayer.RMS.6"=hex(0):

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rms\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmx]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmx\OpenWithProgids]
@DACL=(02 0000)
"RealJukebox.RMX.1"=hex(0):

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmx\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rnx]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rnx\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rp]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rp\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsml]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsml\OpenWithProgids]
@DACL=(02 0000)
"RealPlayer.RSML.6"=hex(0):

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsml\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rt]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rt\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="WINWORD.EXE"
"MRUList"="acb"
"b"="iexplore.exe"
"c"="firefox.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rv]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rv\OpenWithProgids]
@DACL=(02 0000)
"RealPlayer.RV.6"=hex(0):

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rv\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdp]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\OpenWithProgids]
@DACL=(02 0000)
"RealPlayer.SMIL.6"=hex(0):

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\OpenWithProgids]
@DACL=(02 0000)
"RealPlayer.SMIL.6"=hex(0):

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ssm]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ssm\OpenWithProgids]
@DACL=(02 0000)
"SSM"=hex(0):

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ssm\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif]
@DACL=(02 0000)
@SACL=
"ProgID"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="MSPVIEW.EXE"
"MRUList"="bac"
"b"="OIS.EXE"
"c"="PicasaPhotoViewer.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff]
@DACL=(02 0000)
@SACL=
"ProgID"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="MSPVIEW.EXE"
"MRUList"="dcbae&q

One additional note: I have not rebooted since I did the logs. But I tried the task manager and it not working. I worry whether I should reboot giving my previous need for the task manager.

Looks like the log got cut off, if you could post the rest.

Also, please don't reboot your computer.

ComboFix 09-02-19.01 - William Miller 02/21/2009 16:27:02.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2477 [GMT -6:00]
Running from: c:\documents and settings\William Miller\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\William Miller\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\cisq.exe
C:\dykhyp.exe
C:\pfkik.exe
c:\windows\system32\4DF86F78CF.dll
c:\windows\system32\4DF86F78CF.sys
C:\ywruf.exe
F:\system.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cisq.exe
C:\dykhyp.exe
C:\pfkik.exe
c:\windows\system32\4DF86F78CF.dll
c:\windows\system32\4DF86F78CF.sys
C:\ywruf.exe

.
((((((((((((((((((((((((( Files Created from 2009-01-21 to 2009-02-21 )))))))))))))))))))))))))))))))
.

2009-02-21 09:11 . 2009-02-21 09:11 <DIR> d-------- c:\documents and settings\William Miller\Application Data\Malwarebytes
2009-02-20 20:34 . 2009-02-21 09:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-20 20:34 . 2009-02-20 20:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-20 20:34 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-20 20:34 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-20 05:53 . 2009-02-20 05:53 <DIR> d-------- c:\program files\Trend Micro
2009-02-19 20:42 . 2009-02-19 20:42 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2009-02-19 20:22 . 2009-02-19 20:22 <DIR> d-------- c:\windows\ERUNT
2009-02-19 20:09 . 2009-02-19 21:18 <DIR> d-------- C:\SDFix
2009-02-19 19:05 . 2009-02-19 19:05 <DIR> d-------- c:\program files\Seagate
2009-02-19 19:05 . 2009-02-19 19:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Seagate
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\windows\system32\drivers\NAV
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\program files\Windows Sidebar
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\program files\NortonInstaller
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\program files\Norton AntiVirus
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-18 22:01 . 2009-02-18 22:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-02-18 22:01 . 2009-02-18 22:05 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-18 22:01 . 2009-02-18 22:05 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-02-18 22:01 . 2009-02-18 22:01 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-02-18 22:01 . 2009-02-18 22:05 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-18 22:01 . 2009-02-18 22:05 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-02-18 19:23 . 2009-02-18 19:23 <DIR> d-------- c:\documents and settings\LocalService\Application Data\iolo
2009-02-18 18:57 . 2009-02-18 18:57 <DIR> d-------- c:\program files\iolo
2009-02-18 18:57 . 2009-02-11 19:10 936,288 --a------ c:\windows\system32\Incinerator.dll
2009-02-18 18:57 . 2008-09-24 09:32 28,672 --a------ c:\windows\system32\iolobtdfg.exe
2009-02-18 18:57 . 2008-04-17 09:45 9,341 --a------ c:\windows\system32\drivers\filedisk.sys
2009-02-18 18:57 . 2008-11-18 11:51 8,192 --a------ c:\windows\system32\smrgdf.exe
2009-02-18 18:57 . 2009-02-18 18:57 406 --a------ c:\windows\system32\ioloBootDefrag.cfg
2009-02-18 18:55 . 2009-02-18 18:57 <DIR> d-------- c:\documents and settings\William Miller\Application Data\iolo
2009-02-18 18:55 . 2009-02-18 19:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\iolo
2009-02-17 19:19 . 2009-02-17 19:19 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SmitFraudFixTool
2009-02-17 18:47 . 2009-02-17 18:47 <DIR> d-------- c:\documents and settings\William Miller\Application Data\SmitFraudFixTool
2009-02-17 18:05 . 2009-02-17 18:05 <DIR> d--hs---- c:\windows\system32\config\systemprofile\PrivacIE
2009-02-17 17:46 . 2009-02-17 17:46 <DIR> d--hs---- c:\documents and settings\LocalService\UserData
2009-02-17 17:46 . 2009-02-17 17:46 <DIR> d--hs---- c:\documents and settings\LocalService\PrivacIE
2009-02-17 17:46 . 2009-02-17 17:46 <DIR> d--hs---- c:\documents and settings\LocalService\IECompatCache
2009-02-17 16:57 . 2009-02-17 16:57 <DIR> d--hs---- c:\windows\system32\config\systemprofile\IETldCache
2009-02-17 14:41 . 2009-02-18 21:09 32,768 --a------ c:\windows\system32\drivers\ati6eyxx.sys
2009-02-17 12:59 . 2009-02-17 12:59 104,960 --a------ c:\windows\system32\dllcache\userinit.exe
2009-02-17 12:57 . 2009-02-17 18:35 303,616 -rahs---- c:\windows\system32\javarun.exe
2009-02-17 12:57 . 2009-02-17 12:57 77,312 --a------ c:\windows\system32\javame.exe
2009-02-17 07:27 . 2009-02-17 07:27 <DIR> d--hs---- c:\documents and settings\William Miller\IECompatCache
2009-02-01 19:34 . 2009-02-01 19:34 <DIR> d-------- C:\New Folder
2009-02-01 19:06 . 2009-02-01 19:06 <DIR> d-------- c:\program files\GetData
2009-02-01 19:01 . 2009-02-01 19:01 <DIR> d-------- c:\documents and settings\William Miller\Application Data\CyberLink
2009-01-31 16:51 . 2008-04-13 13:46 51,200 --a------ c:\windows\system32\drivers\msdv.sys
2009-01-31 16:51 . 2008-04-13 13:46 51,200 --a------ c:\windows\system32\dllcache\msdv.sys
2009-01-31 16:51 . 2008-04-13 13:46 48,128 --a------ c:\windows\system32\dllcache\61883.sys
2009-01-31 16:51 . 2008-04-13 13:46 38,912 --a------ c:\windows\system32\drivers\avc.sys
2009-01-31 16:51 . 2008-04-13 13:46 38,912 --a------ c:\windows\system32\dllcache\avc.sys
2009-01-31 16:48 . 2008-04-13 13:46 61,696 --a------ c:\windows\system32\drivers\ohci1394.sys
2009-01-31 16:48 . 2008-04-13 13:46 61,696 --a------ c:\windows\system32\dllcache\ohci1394.sys
2009-01-31 16:48 . 2008-04-13 13:46 53,376 --a------ c:\windows\system32\drivers\1394bus.sys
2009-01-31 16:48 . 2008-04-13 13:46 53,376 --a------ c:\windows\system32\dllcache\1394bus.sys
2009-01-31 16:48 . 2001-08-17 13:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys
2009-01-31 16:48 . 2001-08-17 13:46 6,400 --a------ c:\windows\system32\dllcache\enum1394.sys
2009-01-31 13:35 . 2009-01-31 13:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-01-31 13:21 . 2009-01-31 13:21 <DIR> d--hs---- c:\documents and settings\William Miller\IETldCache
2009-01-31 13:13 . 2009-01-31 13:14 <DIR> d--h-c--- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-20 03:31 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-20 03:06 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-20 01:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-19 04:05 --------- d-----w c:\program files\Symantec
2009-02-19 03:38 --------- d-----w c:\program files\Norton Security Scan
2009-02-02 01:02 --------- d-----w c:\documents and settings\William Miller\Application Data\DVD Flick
2009-02-01 23:58 --------- d-----w c:\documents and settings\William Miller\Application Data\vlc
2009-01-27 16:24 --------- d-----w c:\program files\Stunt Track Driver
2009-01-01 08:12 --------- d-----w c:\program files\ImageConverter Plus
2008-12-25 01:49 --------- d-----w c:\program files\Google
2008-12-23 22:20 --------- d-----w c:\documents and settings\William Miller\Application Data\dvdcss
2008-12-21 14:40 --------- d-----w c:\program files\VideoLAN
2008-12-21 01:56 --------- d-----w c:\program files\Apple Software Update
2008-09-26 02:06 376 ----a-w c:\documents and settings\William Miller\jobq.dat
2008-09-20 00:49 47,316 ----a-w c:\program files\uninstal.log
2006-02-19 22:16 774,144 ----a-w c:\program files\RngInterstitial.dll
2005-12-06 00:28 916,806 ------w c:\program files\Dec2005_MDX1_x86.cab
2005-12-06 00:28 86,925 ------w c:\program files\Oct2005_xinput_x64.cab
2005-12-06 00:28 46,247 ------w c:\program files\Oct2005_xinput_x86.cab
2005-12-06 00:28 41,888 ------w c:\program files\dxdllreg_x86.cab
2005-12-06 00:28 3,673,932 ------w c:\program files\Dec2005_MDX1_x86_Archive.cab
2005-12-06 00:28 1,358,864 ------w c:\program files\Dec2005_d3dx9_28_x64.cab
2005-12-06 00:27 1,080,344 ------w c:\program files\Dec2005_d3dx9_28_x86.cab
2005-10-28 01:30 4,488,480 ----a-w c:\documents and settings\Ryan\WordStars2.01_setup.exe
2008-07-23 00:36 1,890 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-08-25 13:38 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082520080826\index.dat
.

------- Sigcheck -------

2004-08-10 04:00 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 18:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\ServicePackFiles\i386\userinit.exe
2009-02-17 12:59 104960 ffd414d64080785952f88436a9167e1f c:\windows\system32\userinit.exe
2009-02-17 12:59 104960 ffd414d64080785952f88436a9167e1f c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-02-21_15.01.22.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-19 01:23:22 1,487,272 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-21 21:20:02 1,413,248 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-21 22:35:25 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_d0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Distillr\Acrotray.exe" [2004-12-14 483328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-11 4583424]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-26 316728]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 75584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-30 177448]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2005-07-26 25214]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-07-21 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.VQJK"= DC31DEC.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6eyxx.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^William Miller^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\William Miller\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^William Miller^Start Menu^Programs^Startup^Screen Saver Control.lnk]
path=c:\documents and settings\William Miller\Start Menu\Programs\Startup\Screen Saver Control.lnk
backup=c:\windows\pss\Screen Saver Control.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 15:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2004-08-10 03:04 59392 c:\windows\ehome\ehtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Nortel Networks\\Extranet.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\javarun.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1002000.007\SymEFA.sys [2009-02-18 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1002000.007\BHDrvx86.sys [2009-02-18 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1002000.007\cchpx86.sys [2009-02-18 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [2009-02-18 274808]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-07-30 161064]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-02-18 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-02-18 712048]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2009-02-18 115560]
R2 SoftwareDownloadCenter;Software Download Center;c:\srccode\SDCService\SDCService.exe [2007-09-28 1560403]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2005-07-26 9817]
R3 EuMusDesignVirtualAudioCableWdm_jrm;MuvEnum Virtual Cable;c:\windows\system32\drivers\vacjrmkd.sys [2007-05-05 35624]
S0 ati6eyxx;ati6eyxx;c:\windows\system32\drivers\ati6eyxx.sys [2009-02-17 32768]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [2005-12-27 515803]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2005-07-26 137392]
S3 KodakPPCAM;Kodak EZ200 DIGITAL CAMERA;c:\windows\system32\drivers\dc31vid.sys [2006-04-08 430336]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2006-04-12 38272]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\DRIVERS\sustucap.sys --> c:\windows\system32\DRIVERS\sustucap.sys [?]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2006-04-12 21376]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\Bulk533.sys [2005-12-27 10986]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-21 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-02-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-24 19:49]

2009-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3192582744-3556994540-3364813709-1005.job
- c:\documents and settings\William Miller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 18:42]

2009-02-21 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDetect.exe []
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: {{00951C02-5731-44e9-B2F5-544EC2279417} - {00951C02-5731-44e9-B2F5-544EC2279417} - mscoree.dll
DPF: {0C528348-18DC-4ECE-819B-624E226028DA} - hxxp://wsso.mmm.com/Frontier_program_launcher.CAB
DPF: {4BECECDE-E494-4F69-A3DE-DA0B77726307} - hxxp://legalwebdev.mmm.com/WorkSite/includes/iManFile.cab
DPF: {53D1658C-D028-49B6-9C26-2C41665718FE} - hxxp://intra4.mmm.com/sdc/cabs/SDC.CAB
FF - ProfilePath - c:\documents and settings\William Miller\Application Data\Mozilla\Firefox\Profiles\jq1hyu27.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.lds.org/ldsorg/v/index.jsp?vgnextoid=e419fb40e21cef00VgnVCM1000001f5e340aRCRD|about:blank
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 16:38:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\controlset002\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
@DACL=(02 0000)
"LastKey"="My Computer\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer"
"View"=hex:2c,00,00,00,02,00,00,00,03,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,ff,ff,ff,89,00,00,00,98,00,00,00,75,05,00,00,73,03,00,00,4f,01,00,\
"FindFlags"=dword:0000000e

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray]
@DACL=(02 0000)
@SACL=
"Services"=dword:0000001e
"HotPlugFlags"=dword:00000000

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Tour]
@DACL=(02 0000)
"RunCount"=dword:00000000

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers]
@DACL=(02 0000)
"h:\\\\?\\IDE#CdRomSONY_DVD-ROM_DDU1615____________________FDS1____#5&264a8ea8&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}+PlayDVDMovieOnArrival"="MSOpenFolder\00\00????"
"h:\\\\?\\IDE#CdRomSONY_CD-RW__CRX217E_____________________1DS1____#5&264a8ea8&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}+ShowPicturesOnArrival"="EHomePhotosHandler\00\00????"
"h:\\\\?\\STORAGE#RemovableMedia#7&16b7a6ba&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}+ShowPicturesOnArrival"="Picasa2ImportPicturesOnArrival\00\00????"
"h:\\\\?\\IDE#CdRomSONY_DVD-ROM_DDU1615____________________FDS1____#5&264a8ea8&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}+PlayMusicFilesOnArrival"="MSTakeNoAction\00\00????"
"h:\\\\?\\USB#Vid_041e&Pid_4152#C9ECC61A0002FA9D#{14480d3f-7a47-4a75-aaef-b14f56397153}+MTPMediaPlayerArrival"="MSTakeNoAction\00\00????"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserDefaults]
@DACL=(02 0000)
"h:\\\\?\\IDE#CdRomSONY_DVD-ROM_DDU1615____________________FDS1____#5&264a8ea8&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}+PlayDVDMovieOnArrival"="EHomeVideoDropTarget"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{4b7a0957-fd70-11d9-b907-806d6172696f}]
@DACL=(02 0000)
"Drive Type"=dword:00000003

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{7e398540-6c85-11da-a706-806d6172696f}]
@DACL=(02 0000)
"Drive Type"=dword:00000002
"CurrentCDWriteSpeed"=dword:ffffffff
"MaxCDWriteSpeed"=dword:00000030

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}]
@DACL=(02 0000)
@SACL=
@="Explorer"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\CleanupWiz]
@DACL=(02 0000)
@SACL=
"Last used time"=hex:70,13,d4,22,3b,0a,c6,01
"Days between clean up"=dword:0000003c
"NoRun"=dword:00000001

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asmx]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aspx]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="IEXPLORE.EXE"
"MRUList"="bca"
"b"="wmplayer.exe"
"c"="firefox.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="wmplayer.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="MPEG_Streamclip.exe"
"MRUList"="fgbedca"
"b"="moviemk.exe"
"c"="wmplayer.exe"
"d"="WaxInvoker.exe"
"e"="firefox.exe"
"f"="vlc.exe"
"g"="dvdflick.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="sspipes.scr"
"MRUList"="fbdcae"
"b"="IEXPLORE.EXE"
"c"="ois.exe"
"d"="mspaint.exe"
"e"="PicasaPhotoViewer.exe"
"f"="moviemk.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="nvu.exe"
"MRUList"="ba"
"b"="iexplore.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="WINWORD.EXE"
"MRUList"="abgefcd"
"b"="iexplore.exe"
"c"="NLNOTES.EXE"
"d"="wpwin12.exe"
"e"="soffice.BIN"
"f"="PMW.exe"
"g"="firefox.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR-MS]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="shimgvw.dll"
"MRUList"="hcidgfeba"
"b"="mspaint.exe"
"c"="ois.exe"
"d"="iexplore.exe"
"e"="nvu.exe"
"f"="imsdwarfv2.exe"
"g"="PhotoshopElementsEditor.exe"
"h"="PaintDotNet.exe"
"i"="firefox.exe"
"j"="PicasaPhotoViewer.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="iexplore.exe"
"MRUList"="ba"
"b"="FIREFOX.EXE"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="iexplore.exe"
"MRUList"="faedbc"
"b"="nvu.exe"
"c"="POWERPNT.EXE"
"d"="PhotoshopElementsEditor.exe"
"e"="FIREFOX.EXE"
"f"="PaintDotNet.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithList]
@Class="Shell"
@DACL=(02 0000)

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ivf]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe]
@DACL=(02 0000)
@SACL=
"ProgID"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\OpenWithList]
@DACL=(02 0000)
"a"="PicasaPhotoViewer.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg]
@DACL=(02 0000)
@SACL=
"ProgID"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithList]
@DACL=(02 0000)
"a"="PicasaPhotoViewer.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg]
@DACL=(02 0000)
@SACL=
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="PaintDotNet.exe"
"MRUList"="bijcfadhg"
"b"="mspaint.exe"
"c"="FIREFOX.EXE"
"d"="moviemk.exe"
"e"="buzzEdit.exe"
"f"="OIS.EXE"
"g"="WaxInvoker.exe"
"h"="IEXPLORE.EXE"
"i"="PicasaPhotoViewer.exe"
"j"="chrome.exe"
"k"="PicasaPhotoViewer.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="mmjblaunch.exe"
"MRUList"="cba"
"b"="IEXPLORE.EXE"
"c"="firefox.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="iexplore.exe"
"MRUList"="ba"
"b"="audacity.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3]
@DACL=(02 0000)
@SACL=
"Progid"="mp3file"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="audacity.exe"
"MRUList"="cjabfihge"
"b"="IEXPLORE.EXE"
"c"="wmplayer.exe"
"d"="Video Edit Magic.exe"
"e"="DVDMF.exe"
"f"="moviemk.exe"
"g"="wmeditor.exe"
"h"="wavepad.exe"
"i"="Digital Media Converter.exe"
"j"="firefox.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="wmplayer.exe"
"MRUList"="ba"
"b"="moviemk.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="iexplore.exe"
"MRUList"="bcead"
"b"="ois.exe"
"c"="PaintDotNet.exe"
"d"="PicasaPhotoViewer.exe"
"e"="firefox.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppt]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppt\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="Acrobat.exe"
"MRUList"="befcda"
"b"="POWERPNT.EXE"
"c"="IEXPLORE.EXE"
"d"="NLNOTES.EXE"
"e"="firefox.exe"
"f"="moviemk.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra\OpenWithProgids]
@DACL=(02 0000)
"RealPlayer.RA.6"=hex(0):

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="RealPlay.exe"
"MRUList"="cba"
"b"="IEXPLORE.EXE"
"c"="firefox.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\OpenWithProgids]
@DACL=(02 0000)
"RealPlayer.RAM.6"=hex(0):

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rf]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rjs]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rjs\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\OpenWithProgids]
@DACL=(02 0000)
"RealPlayer.RM.6"=hex(0):

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmm]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmm\OpenWithProgids]
@DACL=(02 0000)
"RealPlayer.RAM.6"=hex(0):

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmm\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmp]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmp\OpenWithProgids]
@DACL=(02 0000)
"RealJukebox.RMP.1"=hex(0):

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmp\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rms]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rms\OpenWithProgids]
@DACL=(02 0000)
"RealPlayer.RMS.6"=hex(0):

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rms\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmx]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmx\OpenWithProgids]
@DACL=(02 0000)
"RealJukebox.RMX.1"=hex(0):

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmx\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rnx]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rnx\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rp]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rp\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsml]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsml\OpenWithProgids]
@DACL=(02 0000)
"RealPlayer.RSML.6"=hex(0):

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsml\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rt]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rt\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="WINWORD.EXE"
"MRUList"="acb"
"b"="iexplore.exe"
"c"="firefox.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rv]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rv\OpenWithProgids]
@DACL=(02 0000)
"RealPlayer.RV.6"=hex(0):

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rv\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdp]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\OpenWithProgids]
@DACL=(02 0000)
"RealPlayer.SMIL.6"=hex(0):

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\OpenWithProgids]
@DACL=(02 0000)
"RealPlayer.SMIL.6"=hex(0):

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd]
@DACL=(02 0000)
@SACL=

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ssm]
@DACL=(02 0000)
"Application"=""

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ssm\OpenWithProgids]
@DACL=(02 0000)
"SSM"=hex(0):

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ssm\UserChoice]
@DACL=(02 0000)
"Progid"="Applications\\Realplay.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif]
@DACL=(02 0000)
@SACL=
"ProgID"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="MSPVIEW.EXE"
"MRUList"="bac"
"b"="OIS.EXE"
"c"="PicasaPhotoViewer.exe"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff]
@DACL=(02 0000)
@SACL=
"ProgID"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\OpenWithList]
@Class="Shell"
@DACL=(02 0000)
"a"="MSPVIEW.EXE"
"MRUList"="dcbae"
"b"="Paint

You might want to find where it left off and post the rest, as it looks like it's too long to post in only 1 reply.

One more try In Three parts:

Part 1

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2477 [GMT -6:00]
Running from: c:\documents and settings\William Miller\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\William Miller\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\cisq.exe
C:\dykhyp.exe
C:\pfkik.exe
c:\windows\system32\4DF86F78CF.dll
c:\windows\system32\4DF86F78CF.sys
C:\ywruf.exe
F:\system.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cisq.exe
C:\dykhyp.exe
C:\pfkik.exe
c:\windows\system32\4DF86F78CF.dll
c:\windows\system32\4DF86F78CF.sys
C:\ywruf.exe

.
((((((((((((((((((((((((( Files Created from 2009-01-21 to 2009-02-21 )))))))))))))))))))))))))))))))
.

2009-02-21 09:11 . 2009-02-21 09:11 <DIR> d-------- c:\documents and settings\William Miller\Application Data\Malwarebytes
2009-02-20 20:34 . 2009-02-21 09:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-20 20:34 . 2009-02-20 20:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-20 20:34 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-20 20:34 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-20 05:53 . 2009-02-20 05:53 <DIR> d-------- c:\program files\Trend Micro
2009-02-19 20:42 . 2009-02-19 20:42 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2009-02-19 20:22 . 2009-02-19 20:22 <DIR> d-------- c:\windows\ERUNT
2009-02-19 20:09 . 2009-02-19 21:18 <DIR> d-------- C:\SDFix
2009-02-19 19:05 . 2009-02-19 19:05 <DIR> d-------- c:\program files\Seagate
2009-02-19 19:05 . 2009-02-19 19:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Seagate
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\windows\system32\drivers\NAV
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\program files\Windows Sidebar
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\program files\NortonInstaller
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\program files\Norton AntiVirus
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-18 22:01 . 2009-02-18 22:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-02-18 22:01 . 2009-02-18 22:05 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-18 22:01 . 2009-02-18 22:05 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-02-18 22:01 . 2009-02-18 22:01 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-02-18 22:01 . 2009-02-18 22:05 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-18 22:01 . 2009-02-18 22:05 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-02-18 19:23 . 2009-02-18 19:23 <DIR> d-------- c:\documents and settings\LocalService\Application Data\iolo
2009-02-18 18:57 . 2009-02-18 18:57 <DIR> d-------- c:\program files\iolo
2009-02-18 18:57 . 2009-02-11 19:10 936,288 --a------ c:\windows\system32\Incinerator.dll
2009-02-18 18:57 . 2008-09-24 09:32 28,672 --a------ c:\windows\system32\iolobtdfg.exe
2009-02-18 18:57 . 2008-04-17 09:45 9,341 --a------ c:\windows\system32\drivers\filedisk.sys
2009-02-18 18:57 . 2008-11-18 11:51 8,192 --a------ c:\windows\system32\smrgdf.exe
2009-02-18 18:57 . 2009-02-18 18:57 406 --a------ c:\windows\system32\ioloBootDefrag.cfg
2009-02-18 18:55 . 2009-02-18 18:57 <DIR> d-------- c:\documents and settings\William Miller\Application Data\iolo
2009-02-18 18:55 . 2009-02-18 19:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\iolo
2009-02-17 19:19 . 2009-02-17 19:19 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SmitFraudFixTool
2009-02-17 18:47 . 2009-02-17 18:47 <DIR> d-------- c:\documents and settings\William Miller\Application Data\SmitFraudFixTool
2009-02-17 18:05 . 2009-02-17 18:05 <DIR> d--hs---- c:\windows\system32\config\systemprofile\PrivacIE
2009-02-17 17:46 . 2009-02-17 17:46 <DIR> d--hs---- c:\documents and settings\LocalService\UserData
2009-02-17 17:46 . 2009-02-17 17:46 <DIR> d--hs---- c:\documents and settings\LocalService\PrivacIE
2009-02-17 17:46 . 2009-02-17 17:46 <DIR> d--hs---- c:\documents and settings\LocalService\IECompatCache
2009-02-17 16:57 . 2009-02-17 16:57 <DIR> d--hs---- c:\windows\system32\config\systemprofile\IETldCache
2009-02-17 14:41 . 2009-02-18 21:09 32,768 --a------ c:\windows\system32\drivers\ati6eyxx.sys
2009-02-17 12:59 . 2009-02-17 12:59 104,960 --a------ c:\windows\system32\dllcache\userinit.exe
2009-02-17 12:57 . 2009-02-17 18:35 303,616 -rahs---- c:\windows\system32\javarun.exe
2009-02-17 12:57 . 2009-02-17 12:57 77,312 --a------ c:\windows\system32\javame.exe
2009-02-17 07:27 . 2009-02-17 07:27 <DIR> d--hs---- c:\documents and settings\William Miller\IECompatCache
2009-02-01 19:34 . 2009-02-01 19:34 <DIR> d-------- C:\New Folder
2009-02-01 19:06 . 2009-02-01 19:06 <DIR> d-------- c:\program files\GetData
2009-02-01 19:01 . 2009-02-01 19:01 <DIR> d-------- c:\documents and settings\William Miller\Application Data\CyberLink
2009-01-31 16:51 . 2008-04-13 13:46 51,200 --a------ c:\windows\system32\drivers\msdv.sys
2009-01-31 16:51 . 2008-04-13 13:46 51,200 --a------ c:\windows\system32\dllcache\msdv.sys
2009-01-31 16:51 . 2008-04-13 13:46 48,128 --a------ c:\windows\system32\dllcache\61883.sys
2009-01-31 16:51 . 2008-04-13 13:46 38,912 --a------ c:\windows\system32\drivers\avc.sys
2009-01-31 16:51 . 2008-04-13 13:46 38,912 --a------ c:\windows\system32\dllcache\avc.sys
2009-01-31 16:48 . 2008-04-13 13:46 61,696 --a------ c:\windows\system32\drivers\ohci1394.sys
2009-01-31 16:48 . 2008-04-13 13:46 61,696 --a------ c:\windows\system32\dllcache\ohci1394.sys
2009-01-31 16:48 . 2008-04-13 13:46 53,376 --a------ c:\windows\system32\drivers\1394bus.sys
2009-01-31 16:48 . 2008-04-13 13:46 53,376 --a------ c:\windows\system32\dllcache\1394bus.sys
2009-01-31 16:48 . 2001-08-17 13:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys
2009-01-31 16:48 . 2001-08-17 13:46 6,400 --a------ c:\windows\system32\dllcache\enum1394.sys
2009-01-31 13:35 . 2009-01-31 13:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-01-31 13:21 . 2009-01-31 13:21 <DIR> d--hs---- c:\documents and settings\William Miller\IETldCache
2009-01-31 13:13 . 2009-01-31 13:14 <DIR> d--h-c--- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-20 03:31 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-20 03:06 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-20 01:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-19 04:05 --------- d-----w c:\program files\Symantec
2009-02-19 03:38 --------- d-----w c:\program files\Norton Security Scan
2009-02-02 01:02 --------- d-----w c:\documents and settings\William Miller\Application Data\DVD Flick
2009-02-01 23:58 --------- d-----w c:\documents and settings\William Miller\Application Data\vlc
2009-01-27 16:24 --------- d-----w c:\program files\Stunt Track Driver
2009-01-01 08:12 --------- d-----w c:\program files\ImageConverter Plus
2008-12-25 01:49 --------- d-----w c:\program files\Google
2008-12-23 22:20 --------- d-----w c:\documents and settings\William Miller\Application Data\dvdcss
2008-12-21 14:40 --------- d-----w c:\program files\VideoLAN
2008-12-21 01:56 --------- d-----w c:\program files\Apple Software Update
2008-09-26 02:06 376 ----a-w c:\documents and settings\William Miller\jobq.dat
2008-09-20 00:49 47,316 ----a-w c:\program files\uninstal.log
2006-02-19 22:16 774,144 ----a-w c:\program files\RngInterstitial.dll
2005-12-06 00:28 916,806 ------w c:\program files\Dec2005_MDX1_x86.cab
2005-12-06 00:28 86,925 ------w c:\program files\Oct2005_xinput_x64.cab
2005-12-06 00:28 46,247 ------w c:\program files\Oct2005_xinput_x86.cab
2005-12-06 00:28 41,888 ------w c:\program files\dxdllreg_x86.cab
2005-12-06 00:28 3,673,932 ------w c:\program files\Dec2005_MDX1_x86_Archive.cab
2005-12-06 00:28 1,358,864 ------w c:\program files\Dec2005_d3dx9_28_x64.cab
2005-12-06 00:27 1,080,344 ------w c:\program files\Dec2005_d3dx9_28_x86.cab
2005-10-28 01:30 4,488,480 ----a-w c:\documents and settings\Ryan\WordStars2.01_setup.exe
2008-07-23 00:36 1,890 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-08-25 13:38 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082520080826\index.dat
.

------- Sigcheck -------

2004-08-10 04:00 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 18:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\ServicePackFiles\i386\userinit.exe
2009-02-17 12:59 104960 ffd414d64080785952f88436a9167e1f c:\windows\system32\userinit.exe
2009-02-17 12:59 104960 ffd414d64080785952f88436a9167e1f c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-02-21_15.01.22.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-19 01:23:22 1,487,272 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-21 21:20:02 1,413,248 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-21 22:35:25 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_d0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Distillr\Acrotray.exe" [2004-12-14 483328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-11 4583424]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-26 316728]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 75584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-30 177448]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2005-07-26 25214]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-07-21 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.VQJK"= DC31DEC.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6eyxx.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^William Miller^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\William Miller\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^William Miller^Start Menu^Programs^Startup^Screen Saver Control.lnk]
path=c:\documents and settings\William Miller\Start Menu\Programs\Startup\Screen Saver Control.lnk
backup=c:\windows\pss\Screen Saver Control.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 15:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2004-08-10 03:04 59392 c:\windows\ehome\ehtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Nortel Networks\\Extranet.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\javarun.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1002000.007\SymEFA.sys [2009-02-18 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1002000.007\BHDrvx86.sys [2009-02-18 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1002000.007\cchpx86.sys [2009-02-18 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [2009-02-18 274808]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-07-30 161064]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-02-18 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-02-18 712048]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2009-02-18 115560]
R2 SoftwareDownloadCenter;Software Download Center;c:\srccode\SDCService\SDCService.exe [2007-09-28 1560403]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2005-07-26 9817]
R3 EuMusDesignVirtualAudioCableWdm_jrm;MuvEnum Virtual Cable;c:\windows\system32\drivers\vacjrmkd.sys [2007-05-05 35624]
S0 ati6eyxx;ati6eyxx;c:\windows\system32\drivers\ati6eyxx.sys [2009-02-17 32768]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [2005-12-27 515803]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2005-07-26 137392]
S3 KodakPPCAM;Kodak EZ200 DIGITAL CAMERA;c:\windows\system32\drivers\dc31vid.sys [2006-04-08 430336]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2006-04-12 38272]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\DRIVERS\sustucap.sys --> c:\windows\system32\DRIVERS\sustucap.sys [?]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2006-04-12 21376]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\Bulk533.sys [2005-12-27 10986]

One more try with the files being uploaded.