Trojan.Vundo [RESOLVED]

Hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Thank you for responding so fast!!!

Here is the Combo Fix log:

ComboFix 08-04-22.5 - Ron Oliver 2008-04-24 16:16:36.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.888 [GMT -4:00]
Running from: C:\Users\Ron Oliver\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Adssite Advanced Toolbar
C:\Program Files\FunWebProducts
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\3.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\3.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\3.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\3.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\3.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\3.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\3.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\3.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\3.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\3.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\3.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\3.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\3.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\3.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\3.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\3.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\3.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\3.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\3.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
C:\Program Files\video activex access
C:\Program Files\video activex access\ot.ico
C:\Program Files\video activex access\ts.ico
C:\Program Files\Video Add-on
C:\Program Files\VideoAccessCodec
C:\Program Files\VideoAccessCodec\install.ico
C:\Program Files\VideoAccessCodec\Uninstall.exe
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\ProgramData\Microsoft\Windows\Start Menu\Online Security Guide.url
C:\ProgramData\Microsoft\Windows\Start Menu\Security Troubleshooting.url
C:\ProgramData\SeekmoSA
C:\ProgramData\SeekmoSA\SeekmoSA.dat
C:\ProgramData\SeekmoSA\SeekmoSA_kyf.dat
C:\ProgramData\SeekmoSA\SeekmoSAAbout.mht
C:\ProgramData\SeekmoSA\SeekmoSAEULA.mht
C:\Users\Ron Oliver\AppData\Roaming\Adssite Advanced Toolbar
C:\Users\Ron Oliver\AppData\Roaming\Adssite Advanced Toolbar\selected.xml
C:\Windows\dat.txt
C:\Windows\system32\andt.sys
C:\Windows\system32\drmgs.sys
C:\Windows\system32\f3PSSavr.scr
C:\Windows\system32\Indt2.sys
C:\Windows\system32\routing.exe
C:\Windows\system32\tmp0_11572140447.bk
C:\Windows\system32\tmp0_120100890797.bk
C:\Windows\system32\tmp0_129616717209.bk
C:\Windows\system32\tmp0_138588579204.bk
C:\Windows\system32\tmp0_156962730362.bk
C:\Windows\system32\tmp0_177394191488.bk
C:\Windows\system32\tmp0_177626556142.bk
C:\Windows\system32\tmp0_209141782910.bk
C:\Windows\system32\tmp0_213478660808.bk
C:\Windows\system32\tmp0_237781633972.bk
C:\Windows\system32\tmp0_25586448564.bk
C:\Windows\system32\tmp0_265969734406.bk
C:\Windows\system32\tmp0_29053406567.bk
C:\Windows\system32\tmp0_309951838212.bk
C:\Windows\system32\tmp0_321972829301.bk
C:\Windows\system32\tmp0_333213509253.bk
C:\Windows\system32\tmp0_363262187343.bk
C:\Windows\system32\tmp0_377965648601.bk
C:\Windows\system32\tmp0_404922512456.bk
C:\Windows\system32\tmp0_428123281.bk
C:\Windows\system32\tmp0_455779233688.bk
C:\Windows\system32\tmp0_509410690165.bk
C:\Windows\system32\tmp0_517703125156.bk
C:\Windows\system32\tmp0_520112513274.bk
C:\Windows\system32\tmp0_527598266857.bk
C:\Windows\system32\tmp0_575323132818.bk
C:\Windows\system32\tmp0_61331575333.bk
C:\Windows\system32\tmp0_619913301710.bk
C:\Windows\system32\tmp0_628171545584.bk
C:\Windows\system32\tmp0_648865290937.bk
C:\Windows\system32\tmp0_658477707891.bk
C:\Windows\system32\tmp0_676403243953.bk
C:\Windows\system32\tmp0_684429434426.bk
C:\Windows\system32\tmp0_68660886617.bk
C:\Windows\system32\tmp0_69070369032.bk
C:\Windows\system32\tmp0_71135066008.bk
C:\Windows\system32\tmp0_714151513875.bk
C:\Windows\system32\tmp0_791706184649.bk
C:\Windows\system32\tmp0_802709364711.bk
C:\Windows\system32\tmp0_814343481732.bk
C:\Windows\system32\tmp0_839320162959.bk
C:\Windows\system32\tmp0_851888572570.bk
C:\Windows\system32\tmp0_868868668593.bk
C:\Windows\system32\tmp0_883439570449.bk
C:\Windows\system32\tmp1_160300666338.bk
C:\Windows\system32\tmp1_176517692134.bk
C:\Windows\system32\tmp1_205097138137.bk
C:\Windows\system32\tmp1_211676802678.bk
C:\Windows\system32\tmp1_234885677292.bk
C:\Windows\system32\tmp1_293456327338.bk
C:\Windows\system32\tmp1_293754885648.bk
C:\Windows\system32\tmp1_317121569134.bk
C:\Windows\system32\tmp1_32514607124.bk
C:\Windows\system32\tmp1_41065668837.bk
C:\Windows\system32\tmp1_421224783738.bk
C:\Windows\system32\tmp1_43276438319.bk
C:\Windows\system32\tmp1_44476707834.bk
C:\Windows\system32\tmp1_471038260085.bk
C:\Windows\system32\tmp1_491197277498.bk
C:\Windows\system32\tmp1_515718201048.bk
C:\Windows\system32\tmp1_516759483760.bk
C:\Windows\system32\tmp1_524577706255.bk
C:\Windows\system32\tmp1_551257682096.bk
C:\Windows\system32\tmp1_581087480530.bk
C:\Windows\system32\tmp1_581940370077.bk
C:\Windows\system32\tmp1_599064731598.bk
C:\Windows\system32\tmp1_610287766170.bk
C:\Windows\system32\tmp1_626510465386.bk
C:\Windows\system32\tmp1_629722450515.bk
C:\Windows\system32\tmp1_636811521166.bk
C:\Windows\system32\tmp1_662409190088.bk
C:\Windows\system32\tmp1_673874652706.bk
C:\Windows\system32\tmp1_674233646910.bk
C:\Windows\system32\tmp1_681685522333.bk
C:\Windows\system32\tmp1_720531723423.bk
C:\Windows\system32\tmp1_726191412650.bk
C:\Windows\system32\tmp1_731212476102.bk
C:\Windows\system32\tmp1_739520293082.bk
C:\Windows\system32\tmp1_757813856122.bk
C:\Windows\system32\tmp1_772312107722.bk
C:\Windows\system32\tmp1_776164486543.bk
C:\Windows\system32\tmp1_786517820317.bk
C:\Windows\system32\tmp1_79140663109.bk
C:\Windows\system32\tmp1_832547288918.bk
C:\Windows\system32\tmp1_845984295189.bk
C:\Windows\system32\tmp2_264224416393.bk
C:\Windows\system32\tmp2_266264564541.bk
C:\Windows\system32\tmp2_345017721104.bk
C:\Windows\system32\tmp2_364866278945.bk
C:\Windows\system32\tmp2_372027341567.bk
C:\Windows\system32\tmp2_443233617464.bk
C:\Windows\system32\tmp2_457856588045.bk
C:\Windows\system32\tmp2_474475580802.bk
C:\Windows\system32\tmp2_575811886895.bk
C:\Windows\system32\tmp2_675735376365.bk
C:\Windows\system32\tmp2_71193328142.bk
C:\Windows\system32\tmp2_754034414912.bk
C:\Windows\system32\tmp2_864706894564.bk
C:\Windows\system32\tmp3_12279472987.bk
C:\Windows\system32\tmp3_140251489382.bk
C:\Windows\system32\tmp3_145507587600.bk
C:\Windows\system32\tmp3_168880207568.bk
C:\Windows\system32\tmp3_221661384922.bk
C:\Windows\system32\tmp3_225281769681.bk
C:\Windows\system32\tmp3_258936340748.bk
C:\Windows\system32\tmp3_272109104230.bk
C:\Windows\system32\tmp3_279330177169.bk
C:\Windows\system32\tmp3_29469587519.bk
C:\Windows\system32\tmp3_309099533812.bk
C:\Windows\system32\tmp3_344175602485.bk
C:\Windows\system32\tmp3_3647963504.bk
C:\Windows\system32\tmp3_368935203988.bk
C:\Windows\system32\tmp3_380218438147.bk
C:\Windows\system32\tmp3_387341386420.bk
C:\Windows\system32\tmp3_416422797046.bk
C:\Windows\system32\tmp3_44688198392.bk
C:\Windows\system32\tmp3_492083529977.bk
C:\Windows\system32\tmp3_496373379880.bk
C:\Windows\system32\tmp3_508255783729.bk
C:\Windows\system32\tmp3_514988200348.bk
C:\Windows\system32\tmp3_522925720492.bk
C:\Windows\system32\tmp3_52721522866.bk
C:\Windows\system32\tmp3_567810843659.bk
C:\Windows\system32\tmp3_575215288401.bk
C:\Windows\system32\tmp3_57569250430.bk
C:\Windows\system32\tmp3_60898472903.bk
C:\Windows\system32\tmp3_624105786382.bk
C:\Windows\system32\tmp3_635429479558.bk
C:\Windows\system32\tmp3_659149874477.bk
C:\Windows\system32\tmp3_662397151819.bk
C:\Windows\system32\tmp3_713057433040.bk
C:\Windows\system32\tmp3_717419207794.bk
C:\Windows\system32\tmp3_727625310024.bk
C:\Windows\system32\tmp3_729632330005.bk
C:\Windows\system32\tmp3_763546610010.bk
C:\Windows\system32\tmp3_768272593591.bk
C:\Windows\system32\tmp3_776629244156.bk
C:\Windows\system32\tmp3_794792796747.bk
C:\Windows\system32\tmp3_829361134117.bk
C:\Windows\system32\tmp3_9432362115.bk
C:\Windows\system32\tmp3_95659777372.bk
C:\Windows\system32\tmp4_142632533597.bk
C:\Windows\system32\tmp4_153698418131.bk
C:\Windows\system32\tmp4_171898379185.bk
C:\Windows\system32\tmp4_173665361956.bk
C:\Windows\system32\tmp4_207944763853.bk
C:\Windows\system32\tmp4_239005450322.bk
C:\Windows\system32\tmp4_240918443791.bk
C:\Windows\system32\tmp4_263605259892.bk
C:\Windows\system32\tmp4_265260697659.bk
C:\Windows\system32\tmp4_27534842480.bk
C:\Windows\system32\tmp4_292777894351.bk
C:\Windows\system32\tmp4_31755836528.bk
C:\Windows\system32\tmp4_358731677661.bk
C:\Windows\system32\tmp4_35999635709.bk
C:\Windows\system32\tmp4_372597567534.bk
C:\Windows\system32\tmp4_432722614573.bk
C:\Windows\system32\tmp4_440219497103.bk
C:\Windows\system32\tmp4_447391398309.bk
C:\Windows\system32\tmp4_466984333920.bk
C:\Windows\system32\tmp4_471600626789.bk
C:\Windows\system32\tmp4_506041111420.bk
C:\Windows\system32\tmp4_518295111244.bk
C:\Windows\system32\tmp4_52454456569.bk
C:\Windows\system32\tmp4_551199707878.bk
C:\Windows\system32\tmp4_57584126810.bk
C:\Windows\system32\tmp4_581890321542.bk
C:\Windows\system32\tmp4_589568471705.bk
C:\Windows\system32\tmp4_61103848468.bk
C:\Windows\system32\tmp4_6276248066.bk
C:\Windows\system32\tmp4_652774304832.bk
C:\Windows\system32\tmp4_668310736887.bk
C:\Windows\system32\tmp4_684379570716.bk
C:\Windows\system32\tmp4_684924146585.bk
C:\Windows\system32\tmp4_692275603500.bk
C:\Windows\system32\tmp4_738811341356.bk
C:\Windows\system32\tmp4_788511883121.bk
C:\Windows\system32\tmp4_801399886939.bk
C:\Windows\system32\tmp4_80769880669.bk
C:\Windows\system32\tmp4_8227912204.bk
C:\Windows\system32\tmp4_823455144462.bk
C:\Windows\system32\tmp4_84816552408.bk
C:\Windows\system32\tmp5_814582790299.bk

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_perfmons
-------\Service_Routing


((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
.

2008-04-22 22:02 . 2008-04-22 22:03 <DIR> d-------- C:\Users\Ron Oliver\font
2008-04-22 22:00 . 2008-04-22 22:00 <DIR> d-------- C:\Users\Ron Oliver\fonts
2008-04-22 17:10 . 2008-04-22 17:35 <DIR> d-------- C:\VundoFix Backups
2008-04-22 16:51 . 2008-04-22 16:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-21 00:11 . 2008-04-22 16:06 0 --ah----- C:\ntuser.dat.LOG2
2008-04-21 00:11 . 2008-04-22 16:06 0 --ah----- C:\ntuser.dat.LOG1
2008-04-21 00:11 . 2008-04-21 00:11 0 --a------ C:\ntuser.dat
2008-04-20 22:02 . 2008-04-20 22:02 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-20 21:52 . 2008-04-20 21:52 <DIR> d-------- C:\logs
2008-04-16 21:11 . 2008-04-16 21:11 209 --a------ C:\Windows\ODBCINST.INI
2008-04-16 17:15 . 2008-04-16 17:15 177 --a------ C:\Windows\CTReg.ini
2008-04-16 17:13 . 2008-04-16 17:13 <DIR> d-------- C:\Program Files\Reallusion
2008-04-16 17:13 . 2008-04-16 17:13 995,328 --a------ C:\Windows\System32\CrazyTalk.dll
2008-04-16 17:13 . 2008-04-16 17:13 386,560 --a------ C:\Windows\System32\pngu3266.dll
2008-04-16 15:19 . 2008-04-18 23:36 <DIR> d-------- C:\Windows\Lhsp
2008-04-16 15:12 . 2008-04-16 15:12 <DIR> d-------- C:\Users\Ron Oliver\AppData\Roaming\MusicNet
2008-04-15 17:17 . 2008-04-15 17:17 54,156 --ah----- C:\Windows\QTFont.qfn
2008-04-15 17:17 . 2008-04-15 17:17 1,409 --a------ C:\Windows\QTFont.for
2008-04-14 19:29 . 2008-04-15 21:06 <DIR> d-------- C:\Users\Ron Oliver\WhiteCap
2008-04-14 19:24 . 2008-04-14 19:25 <DIR> d-------- C:\Program Files\QuickTime
2008-04-14 15:59 . 2007-03-28 09:16 344,064 --a------ C:\Windows\System32\lxddcoin.dll
2008-04-14 15:48 . 2006-12-06 00:19 44 --a------ C:\Windows\System32\lxddrwrd.ini
2008-04-14 15:47 . 2008-04-14 15:54 <DIR> d-------- C:\Program Files\Lexmark 2500 Series
2008-04-14 15:46 . 2007-04-16 06:05 983,107 --a------ C:\Windows\System32\lxddgf.dll
2008-04-14 15:46 . 2007-03-02 09:59 684,032 --a------ C:\Windows\System32\lxddcomc.dll
2008-04-14 15:46 . 2007-04-26 01:21 537,520 --a------ C:\Windows\System32\lxddcoms.exe
2008-04-14 15:46 . 2007-03-02 10:05 425,984 --a------ C:\Windows\System32\lxddcomm.dll
2008-04-14 15:46 . 2007-04-26 01:21 394,160 --a------ C:\Windows\System32\lxddcfg.exe
2008-04-14 15:46 . 2007-04-25 22:17 208,896 --a------ C:\Windows\System32\lxddgrd.dll
2008-04-14 15:46 . 2007-04-25 22:23 86,016 --a------ C:\Windows\System32\lxddcub.dll
2008-04-14 15:46 . 2007-03-15 22:36 77,906 --a------ C:\Windows\System32\lxddcfg.dll
2008-04-14 15:46 . 2007-04-25 22:20 77,824 --a------ C:\Windows\System32\lxddcu.dll
2008-04-14 15:46 . 2007-04-25 22:26 36,864 --a------ C:\Windows\System32\lxddcur.dll
2008-04-14 15:46 . 2007-04-26 00:59 1,932 --a------ C:\Windows\System32\lxdd.loc
2008-04-09 21:19 . 2008-02-14 19:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-09 21:19 . 2008-02-19 01:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-09 21:19 . 2008-02-29 02:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-09 21:19 . 2008-02-29 02:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 21:19 . 2008-02-29 02:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-09 21:19 . 2008-02-29 02:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-09 21:19 . 2008-02-29 02:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-09 21:19 . 2008-02-29 02:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-09 21:19 . 2008-02-29 02:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-09 21:18 . 2008-02-29 00:16 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-09 21:17 . 2008-02-21 00:43 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-09 21:17 . 2008-03-07 22:14 148,992 --a------ C:\Windows\System32\drivers\ks.sys
2008-04-09 21:17 . 2007-12-16 07:42 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-09 21:17 . 2007-12-16 07:41 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-04-07 10:45 . 2008-04-22 22:26 <DIR> d-------- C:\Users\Ron Oliver\AppData\Roaming\uTorrent
2008-04-03 00:30 . 2008-04-03 00:30 139 --a------ C:\Windows\System32\1.tsk
2008-04-02 16:01 . 2004-12-23 05:27 27,392 --------- C:\Windows\System32\drivers\ULCDRHlp.sys
2008-04-02 15:31 . 2008-04-02 15:31 <DIR> d-------- C:\Program Files\NovaStor
2008-04-02 15:17 . 2001-05-09 23:28 249,856 --------- C:\Windows\System32\Ftsrch.dll
2008-04-02 15:17 . 2003-09-11 10:49 114,688 --------- C:\Windows\UPSCR.Scr
2008-04-02 15:17 . 2003-09-11 10:49 114,688 --------- C:\Windows\System32\UPSCR.Scr
2008-04-02 15:17 . 1996-09-11 14:33 48,640 --------- C:\Windows\System32\INETWH32.DLL
2008-04-02 15:17 . 2003-09-19 20:42 40,960 --a------ C:\Windows\System32\Ulead Photo Express ScreenSaver.scr
2008-04-02 15:15 . 2004-03-15 12:34 24,576 --------- C:\Windows\System32\UleadPhotoExplorer85_Res.dll
2008-04-02 15:15 . 2004-03-15 12:33 24,576 --------- C:\Windows\System32\Ulead Photo Explorer 85.scr
2008-04-02 15:13 . 2008-04-02 15:27 216 --a------ C:\Windows\Ulead32.ini
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\Windows\System32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 23:03 --------- d-----w C:\ProgramData\Google Updater
2008-04-22 21:35 --------- d-----w C:\Program Files\PowerISO
2008-04-21 02:02 --------- d-----w C:\ProgramData\Symantec
2008-04-19 03:54 --------- d-----w C:\Users\Ron Oliver\AppData\Roaming\CyberLink
2008-04-19 03:54 --------- d-----w C:\ProgramData\CyberLink
2008-04-19 03:44 --------- d-----w C:\Program Files\Google
2008-04-19 03:38 --------- d-----w C:\Program Files\LimeWire
2008-04-17 20:13 --------- d-----w C:\Program Files\Opera
2008-04-17 19:58 --------- d-----w C:\Program Files\DVDVIDEOSOFT
2008-04-17 19:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-17 19:54 --------- d-----w C:\Program Files\DivX
2008-04-17 19:51 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-04-17 19:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-16 23:38 --------- d-----w C:\Program Files\Picasa2
2008-04-15 22:00 --------- d-----w C:\Users\Ron Oliver\AppData\Roaming\LimeWire
2008-04-15 20:55 --------- d-----w C:\Program Files\Lexmark Fax Solutions
2008-04-14 20:09 --------- d-----w C:\Program Files\Lx_cats
2008-04-14 20:04 --------- d-----w C:\Users\Ron Oliver\AppData\Roaming\Lexmark Productivity Studio
2008-04-14 19:48 --------- d-----w C:\Program Files\Lexmark Toolbar
2008-04-10 18:44 --------- d-----w C:\Program Files\Windows Mail
2008-04-10 09:47 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-07 14:51 --------- d-----w C:\Program Files\MagicISO
2008-04-07 14:46 --------- d-----w C:\Program Files\uTorrent
2008-04-07 14:20 --------- d-----w C:\Users\Ron Oliver\AppData\Roaming\BitTorrent
2008-04-07 14:16 --------- d-----w C:\Program Files\Napoleon's Campaigns
2008-04-07 14:04 --------- d-----w C:\ProgramData\Viewpoint
2008-04-07 13:31 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-02 19:28 --------- d-----w C:\Program Files\Ulead Systems
2008-04-02 19:24 --------- d-----w C:\ProgramData\Ulead Systems
2008-04-02 19:14 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-04-01 19:52 --------- d-----w C:\Program Files\BitLord2
2008-03-28 16:21 --------- d-----w C:\ProgramData\SmartSound Software Inc
2008-03-24 02:32 --------- d-----w C:\Users\Ron Oliver\AppData\Roaming\Apple Computer
2008-03-19 20:12 --------- d-----w C:\ProgramData\Autodesk
2008-03-11 00:35 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-11 00:35 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-10 17:22 --------- d-----w C:\Program Files\MarineCorps
2008-03-07 17:40 13,035 ----a-w C:\Windows\system32\drivers\SymRedir.cat
2008-03-07 17:40 1,358 ----a-w C:\Windows\system32\drivers\SymRedir.inf
2008-03-07 17:39 39,984 ----a-w C:\Windows\system32\drivers\symids.sys
2008-03-07 17:39 37,936 ----a-w C:\Windows\system32\drivers\symndisv.sys
2008-03-07 17:39 27,696 ----a-w C:\Windows\system32\drivers\symredrv.sys
2008-03-07 17:39 191,536 ----a-w C:\Windows\system32\drivers\symtdi.sys
2008-03-07 17:39 145,968 ----a-w C:\Windows\system32\drivers\symfw.sys
2008-03-07 17:39 12,848 ----a-w C:\Windows\system32\drivers\symdns.sys
2008-03-07 01:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-03-06 04:58 --------- d-----w C:\Program Files\Pocket Tanks Deluxe
2008-03-06 04:43 10,332 --sha-w C:\Windows\System32\KGyGaAvL.sys
2008-03-03 23:09 --------- d-----w C:\Program Files\Autodesk
2008-03-03 01:36 --------- d-----w C:\Program Files\Gunner 2
2008-03-02 04:00 --------- d-----w C:\Program Files\ReflexiveArcade
2008-03-01 21:57 --------- d-----w C:\Users\Ron Oliver\AppData\Roaming\WildTangent
2008-02-29 01:28 --------- d-----w C:\Users\Ron Oliver\AppData\Roaming\Autodesk
2008-02-28 23:45 --------- d-----w C:\ProgramData\Macrovision
2008-02-28 21:54 --------- d-----w C:\Program Files\CyberLink
2008-02-27 08:02 --------- d-----w C:\Program Files\Windows Live
2008-02-26 21:58 --------- d-----w C:\Program Files\DNA
2008-02-26 21:58 --------- d-----w C:\Program Files\BitTorrent
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-13 21:52 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 21:44 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 21:44 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 21:43 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 21:43 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 21:43 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 21:43 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 21:43 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 21:43 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-13 21:43 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 21:43 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 21:43 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 21:43 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-10 00:08 0 ----a-w C:\Users\Ron Oliver\AppData\Roaming\wklnhst.dat
2008-02-01 16:11 586,240 ----a-w C:\Windows\WLXPGSS.SCR
2007-08-30 10:10 174 --sha-w C:\Program Files\desktop.ini
2007-05-17 01:46 262,144 ----a-w C:\ProgramData\ntuser.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C3C4699-B285-475F-BE47-0B26088CE876}]
C:\Program Files\Video ActiveX Access\iesplg.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="TOSCDSPD.EXE" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-12-25 23:05 20480]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"Google Update"="C:\Users\Ron Oliver\AppData\Local\Google\Update\1.1.25.0\GoogleUpdate.exe" [2008-03-18 17:23 51184]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 15:35 90112]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 19:40 413696]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-11 18:21 180224]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-15 19:53 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 14:14 4444160 C:\Windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" []
"HWSetup"="\HWSetup.exe" [ ]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 00:42 438272]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 13:39 411192]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 19:49 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-03-22 14:46 448632]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-04-26 21:56 538744]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 20:14 34352]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-21 14:31 1862144]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-06-04 22:05 116328]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-05-04 02:40 312240]
"LaunchList"="C:\Program Files\Pinnacle\Studio 10\LaunchList.exe" [ ]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 06:00 204800]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 19:36 267048]
"SetPoint"="C:\Program Files\Logitech\SetPoint\KEM.EXE" [2004-10-28 10:29 581632]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-27 06:32 898344]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 03:05 217088]
"DMASwitch"="C:\Program Files\CyberLink\PowerDirector\CLDMA.exe" [2004-10-29 16:47 57344]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43 90112]
"Ulead Photo Express Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe" [2003-09-19 20:23 69632]
"NovaBackup 7 Tray Control"="C:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe" [2004-07-02 12:52 204943]
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-05-04 02:38 291760]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-03-05 03:40 20480]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"MSServer"="C:\Windows\system32\fccyvWMd.dll" [ ]
"CrazyTalk Serve"="C:\Windows\system32\CrazyTalk.dll" [2008-04-16 17:13 995328]

C:\Users\Ron Oliver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]
YouTube Uploader.lnk - C:\Users\Ron Oliver\AppData\Local\YouTube\Uploader\youtubeuploader.exe [2007-11-09 14:33:08 71152]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-27 18:02:15 124400]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-12-25 23:05:46 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2007-12-25 23:03:49 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Lexmark 2500 Series\\app4r.exe"= C:\Program Files\Lexmark 2500 Series\app4r.exe:*:Enabled:Lexmark Imaging Studio

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E0E485DF-904E-465C-88FA-26CA2F9B46E9}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{49D2668C-67A4-4BC2-A80F-A80E4591854D}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{A3CCB61F-0BE1-45A2-9125-8F3A14C757F5}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{943AAC42-FC88-42BD-834F-B9A07C17B244}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{237BF11E-25D2-4E46-A332-D409FD0B516F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8278B7D7-C326-493B-8D08-926EF7CB820C}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxddwbgw.exe:
"{F13FAFA6-301B-420B-8D16-118AC9BE7582}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxddwbgw.exe:
"{63B92D5D-BF04-42F3-8A1F-5A17EF960287}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{A590006E-E8CA-4BA1-A7FF-D0BFB08CDAF8}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{F524B69B-94FF-4961-A4E4-E21E9221202A}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{B8703410-F094-4541-9358-9B96B0DF331E}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{91C4B550-4631-485D-8CCD-567A41D2849D}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxddjswx.exe:
"{BFC7C6BC-61DA-460C-9639-58C924ABCFC7}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxddjswx.exe:
"{8C5D1618-4382-4F1F-8A77-4FC1E4AA8FDD}"= UDP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{0065343F-CC50-4FA2-A24F-9640ED5AA159}"= TCP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{2575A67A-D142-4157-B0AA-DFD7CC570B69}"= UDP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{C008F379-82D9-4C44-AF0E-FAE78CDA4850}"= TCP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{A88E86D0-6D18-4025-8040-E8FB684816E1}"= UDP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{0C5CC79D-D6AE-4EF3-8ED9-23B5A98D753F}"= TCP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{5F16352F-9759-4F45-8650-2F55B77EDAE9}"= UDP:C:\Windows\System32\lxddcoms.exe:Lexmark Communications System
"{09C4D45B-7FE9-4B48-81D0-E54050B58C8E}"= TCP:C:\Windows\System32\lxddcoms.exe:Lexmark Communications System
"{3ECD3178-0D24-44C3-9BA3-4D7916C95F5E}"= UDP:C:\Program Files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{8D14EDCA-A74C-4F72-9740-30F51F513075}"= TCP:C:\Program Files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{DB56E425-A376-41AB-854D-E771F956DD8C}"= UDP:C:\Program Files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{BED395A2-40CE-44B2-A9DF-26839D24BC80}"= TCP:C:\Program Files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{D3AF71AD-2F2E-4215-9050-7A9789153B27}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxddpswx.exe:
"{D66E2A3C-1D26-4CE6-AC5A-CEDAB3D4922B}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxddpswx.exe:
"{62F3ADF8-76E6-430D-9390-AEEDCB47227E}"= UDP:C:\Program Files\Lexmark 2500 Series\lxddmon.exe:
"{3DDC5F59-3FD8-40C0-BA86-0722A8CC0ADA}"= TCP:C:\Program Files\Lexmark 2500 Series\lxddmon.exe:
"{26637001-BA6C-4848-9020-096081987639}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxddtime.exe:
"{2CEC39FF-2484-4089-AA28-A60F15D245FB}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxddtime.exe:
"{406B63C2-CA40-4272-B27B-FCD873FCE51E}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{17A7F638-BEE0-4F01-8A91-B57F52BC7652}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{93B9DF02-CF7C-44A0-95DB-948A622EF372}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{F1E6E613-6E46-4EBE-A8A1-25AD15278F7A}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 19:25]
R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-04-27 23:13]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080423.002\IDSvix86.sys [2008-02-13 12:18]
R2 AFinding;AFinding Service;C:\Windows\system32\afinding.exe [2006-11-02 05:46]
R2 lxdd_device;lxdd_device;C:\Windows\system32\lxddcoms.exe [2007-04-26 01:21]
R2 pinger;pinger;C:\Toshiba\IVP\ISM\pinger.exe [2007-01-25 20:47]
R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-04-27 23:15]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-26 00:55]
R2 WServing;WServing Service;C:\Windows\system32\wserving.exe [2006-11-02 05:46]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-07-14 05:30]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-25 01:07]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;C:\Windows\system32\DRIVERS\Ma730Pt.sys [2007-03-05 10:42]
R3 Ma730VaA;MA730 Bluetooth Advanced Audio;C:\Windows\system32\DRIVERS\Ma730VaA.sys [2007-01-26 17:32]
R3 Ma730Vad;MA730 Bluetooth Audio;C:\Windows\system32\DRIVERS\Ma730Vad.sys [2007-01-26 18:48]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 13:39]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 14:50]
R3 UVCFTR;UVCFTR;C:\Windows\system32\DRIVERS\UVCFTR_S.SYS [2007-03-13 00:47]
S2 FLEXlm Service 1;FLEXlm Service 1;C:\Users\Ron Oliver\Downloads\acad\Autodesk Network License Manager\lmgrd.exe []
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-04-26 01:21]
S2 MyWebSearchService;My Web Search Service;C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe []
S3 mamovec;mamovec;C:\Windows\system32\Drivers\mamovec.sys [2005-06-16 18:11]
S3 mamovem;mamovem;C:\Windows\system32\Drivers\mamovem.sys [2005-06-16 18:13]
S3 mamoveu;mamoveu;C:\Windows\system32\DRIVERS\mamoveu.sys [2007-08-13 14:50]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys [2007-06-18 16:19]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys [2007-01-22 20:33]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\system32\DRIVERS\motport.sys [2007-06-18 16:18]
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2006-02-14 14:50]
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2005-09-27 19:57]
S4 KR3NPXP;KR3NPXP;C:\Windows\system32\drivers\kr3npxp.sys [2006-09-27 23:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d29c392-ab61-11dc-9ea6-001b38178db8}]
\shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-22 22:30:00 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - ron.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-04-24 20:34:59 C:\Windows\Tasks\User_Feed_Synchronization-{9ACF4B5B-2A40-4C71-9D21-B7E3159453D0}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-04-24 20:35:30 C:\Windows\Tasks\User_Feed_Synchronization-{9FF88E28-4939-4F99-97BC-2D22092C72DF}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 16:27:38
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Windows\System32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\NovaStor\NovaBACKUP\NSENGINE.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-04-24 16:39:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-24 20:37:46

Pre-Run: 128,799,064,064 bytes free
Post-Run: 128,555,642,880 bytes free

648 --- E O F --- 2008-04-24 19:59:37
















---------------------------------------------------------------------------------------------------------------------






Here is the HijackThis Log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:39 PM, on 4/24/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Ulead Systems\Autodetector\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\CalCheck.exe
C:\Program Files\NovaStor\NovaBACKUP\NBKCTRL.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Ron Oliver\AppData\Local\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Users\Ron Oliver\AppData\Local\YouTube\Uploader\youtubeuploader.exe
C:\Windows\System32\mobsync.exe
C:\PROGRA~1\NovaStor\NOVABA~1\NSENGINE.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://amc.workbrai...n...e&locale=EN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1C3C4699-B285-475F-BE47-0B26088CE876} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 10\LaunchList.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [DMASwitch] "C:\Program Files\CyberLink\PowerDirector\CLDMA.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {1C3C4699-B285-475F-BE47-0B26088CE876} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Windows\System32\1.tsk
F:\LaunchU3.exe

Folder::
C:\Program Files\Video ActiveX Access
C:\PROGRA~1\MYWEBS~1

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d29c392-ab61-11dc-9ea6-001b38178db8}]

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Reboot and post a new HijackThis log

Hello,

Thanks again for replying so quickly!!!!!



Here is the new Hijack this Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:17 PM, on 4/24/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Ulead Systems\Autodetector\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\CalCheck.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\NovaStor\NovaBACKUP\NBKCTRL.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\NovaStor\NOVABA~1\NSENGINE.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Ron Oliver\AppData\Local\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Users\Ron Oliver\AppData\Local\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://amc.workbrai...n...e&locale=EN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 10\LaunchList.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [DMASwitch] "C:\Program Files\CyberLink\PowerDirector\CLDMA.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe
O4 - HKLM\..\Run: [NovaBackup 7 Tray Control] "C:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fccyvWMd.dll,#1
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\Windows\system32\CrazyTalk.dll,DllServeMediaFile
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ron Oliver\AppData\Local\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: YouTube Uploader.lnk = Ron Oliver\AppData\Local\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {F72A7B0E-0DD8-11D1-BD6E-00AA00B92AF1} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...etup1.0.1.0.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4E77DBA6-3506-46EC-93C0-AB1E0DBD7E4A} (ZtServiceManager Class) - http://mvod.web.aol..../ServiceMgr.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v5.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://parishent.spa...nPUplden-us.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://activation.re...lk_he/setup.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace...ronGameHost.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://myspace.obero...aploader_v6.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.2.1.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\Windows\system32\afinding.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXlm Service 1 - Unknown owner - C:\Users\Ron Oliver\Downloads\acad\Autodesk Network License Manager\lmgrd.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe (file missing)
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WServing Service (WServing) - Unknown owner - C:\Windows\system32\wserving.exe

--
End of file - 16225 bytes

Can you post the ComboFix log, and do this


1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fccyvWMd.dll,#1
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...etup1.0.1.0.cab
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe (file missing)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\Windows\system32\afinding.exe


Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.


Reboot and post a new HijackThis log

Hello,


Here is the log from that website after I scanned the file.







Antivirus Version Last Update Result
AhnLab-V3 2008.4.24.0 2008.04.24 -
AntiVir 7.8.0.8 2008.04.24 TR/Dldr.Delf.gru
Authentium 4.93.8 2008.04.24 -
Avast 4.8.1169.0 2008.04.24 -
AVG 7.5.0.516 2008.04.25 Downloader.Generic7.HGQ
BitDefender 7.2 2008.04.25 -
CAT-QuickHeal 9.50 2008.04.24 TrojanDownloader.Delf.gru
ClamAV 0.92.1 2008.04.24 -
DrWeb 4.44.0.09170 2008.04.24 -
eSafe 7.0.15.0 2008.04.21 -
eTrust-Vet 31.3.5733 2008.04.25 -
Ewido 4.0 2008.04.24 -
F-Prot 4.4.2.54 2008.04.24 W32/D_Downloader!GSA
F-Secure 6.70.13260.0 2008.04.25 Trojan-Downloader.Win32.Delf.gru
FileAdvisor 1 2008.04.25 -
Fortinet 3.14.0.0 2008.04.24 -
Ikarus T3.1.1.26 2008.04.24 Trojan-Dropper.Win32.Delf.se
Kaspersky 7.0.0.125 2008.04.25 Trojan-Downloader.Win32.Delf.gru
McAfee 5281 2008.04.24 -
Microsoft 1.3408 2008.04.22 TrojanDropper:Win32/Delf.SE
NOD32v2 3053 2008.04.24 -
Norman 5.80.02 2008.04.24 -
Panda 9.0.0.4 2008.04.24 Trj/Downloader.MDW
Prevx1 V2 2008.04.25 Generic.Malware
Rising 20.41.32.00 2008.04.24 -
Sophos 4.28.0 2008.04.25 Mal/Generic-A
Sunbelt 3.0.1056.0 2008.04.17 -
Symantec 10 2008.04.25 -
TheHacker 6.2.92.291 2008.04.24 Trojan/Downloader.Delf.gru
VBA32 3.12.6.5 2008.04.24 Trojan-Downloader.Win32.Delf.gru
VirusBuster 4.3.26:9 2008.04.24 -
Webwasher-Gateway 6.6.2 2008.04.25 Trojan.Dldr.Delf.gru
Additional information
File size: 186880 bytes
MD5...: 4cfd08a706b9c0a6713d7ad6230aa4a9
SHA1..: a35491afcbd3b997aec19e1749bb5e910d68cb5f
SHA256: 1a5ccb8efb18ea4c57a405d8a8fd468a059377ad4ea5e6856cdb73610f2bf2f7
SHA512: 09421aec0836ef062dce7e024f6b3bef8069ac584cf6f164f78def63dfe08215
31b882d679daf30d828a9e53f8db224b3d224738217914a79e773405e3c4f9dc
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10027b3c
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x26f3c 0x27000 6.39 929deae9d0ab16763b3a2ebe833b2203
DATA 0x28000 0x964 0xa00 4.10 229ffecbad18e9befcaf86390b19fa53
BSS 0x29000 0xd01 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x2a000 0xef2 0x1000 4.67 5c9fad1810cc35cd4afec339ee5b1229
.tls 0x2b000 0xc 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x2c000 0x18 0x200 0.26 705af593c60c5d4dc2cc3ce81ff045fb
.reloc 0x2d000 0x285c 0x2a00 6.62 429cc5779827b266c1a7c0cb96cca153
.rsrc 0x30000 0x2000 0x2000 3.91 4b6466176bcb1cbb5bc54ca86132263a

( 12 imports )
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, CreateFileA, CloseHandle
> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
> advapi32.dll: RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCreateKeyExA, RegCloseKey
> kernel32.dll: WriteFile, WaitForSingleObject, VirtualQuery, TerminateProcess, SystemTimeToFileTime, Sleep, SetFileTime, SetFilePointer, SetEvent, SetEndOfFile, ResetEvent, ReadFile, LocalFileTimeToFileTime, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalAlloc, GetVersionExA, GetThreadLocale, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, GetACP, FormatMessageA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateProcessA, CreateFileA, CreateEventA, CompareStringA, CloseHandle
> version.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA
> user32.dll: MessageBoxA, LoadStringA, GetSystemMetrics, CharNextA
> advapi32.dll: StartServiceCtrlDispatcherA, SetServiceStatus, RegisterServiceCtrlHandlerA, QueryServiceStatus, OpenServiceA, OpenSCManagerA, DeleteService, CreateServiceA, ControlService, CloseServiceHandle
> kernel32.dll: Sleep
> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayRedim, SafeArrayCreate, VarBstrFromBool, VarBstrFromDate, VarBstrFromCy, VarBoolFromStr, VarCyFromStr, VarDateFromStr, VarR8FromStr, VarI4FromStr, VarNot, VarNeg, VariantChangeTypeEx, VariantCopyInd, VariantCopy, VariantClear, VariantInit

( 0 exports )

Prevx info: http://info.prevx.co...88DB100155815EC









--------------------------------

Here's a new HijackThis after I rebooted:

--------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:49:18 PM, on 4/24/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Ulead Systems\Autodetector\Monitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\CalCheck.exe
C:\Program Files\NovaStor\NovaBACKUP\NBKCTRL.exe
C:\PROGRA~1\NovaStor\NOVABA~1\NSENGINE.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Ron Oliver\AppData\Local\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Users\Ron Oliver\AppData\Local\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://amc.workbrai...n...e&locale=EN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 10\LaunchList.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [DMASwitch] "C:\Program Files\CyberLink\PowerDirector\CLDMA.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe
O4 - HKLM\..\Run: [NovaBackup 7 Tray Control] "C:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\Windows\system32\CrazyTalk.dll,DllServeMediaFile
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ron Oliver\AppData\Local\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: YouTube Uploader.lnk = Ron Oliver\AppData\Local\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {F72A7B0E-0DD8-11D1-BD6E-00AA00B92AF1} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4E77DBA6-3506-46EC-93C0-AB1E0DBD7E4A} (ZtServiceManager Class) - http://mvod.web.aol..../ServiceMgr.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v5.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://parishent.spa...nPUplden-us.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://activation.re...lk_he/setup.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace...ronGameHost.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://myspace.obero...aploader_v6.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.2.1.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\Windows\system32\afinding.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXlm Service 1 - Unknown owner - C:\Users\Ron Oliver\Downloads\acad\Autodesk Network License Manager\lmgrd.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe (file missing)
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WServing Service (WServing) - Unknown owner - C:\Windows\system32\wserving.exe

--
End of file - 16369 bytes

Hello

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

• Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
• Under Additional Scans check the boxes beside Reg - App Paths, Reg - Bot Check, Reg - Desktop Components, Reg - Disabled MS Config Items, Reg - File Additional Folder Scans, File - Lop Check, and File - Purity Scan.
• Under Drivers change it to Non-Microsoft.
• Check the box beside Scan All User Accounts at the top
• Under Files Created Within and Files Modified Within change it to 90 days.
• Now click the Run Scan button on the toolbar.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way

Hello,

I have attached the file. But when you said "Reg - File Additional Folder Scans" did you mean "File - Additional Folder Scans" only or did you mean you wanted "File - Additional Folder Scans" AND " Reg - File Associations?"

Anyway, I left out the "Reg - File Associations" just in case.

Hello

Start OTScanIt. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> afinding.exe -> %SystemRoot%\System32\afinding.exe
[Win32 Services - Non-Microsoft Only]
YY -> (AFinding) AFinding Service [Win32_Own | Auto | Running] -> %SystemRoot%\System32\afinding.exe
YY -> (MyWebSearchService) My Web Search Service [Win32_Own | Auto | Stopped] -> %SystemDrive%\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> 00TCrdMain -> [%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe]
YN -> HSON -> [%ProgramFiles%\TOSHIBA\TBS\HSON.exe]
YN -> HWSetup -> [\HWSetup.exe hwSetUP]
YN -> NDSTray.exe -> [NDSTray.exe]
YN -> SmoothView -> [%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe]
YN -> TPwrMain -> [%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE]
YN -> Windows Defender -> [%ProgramFiles%\Windows Defender\MSASCui.exe -hide]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Google Update -> %SystemDrive%\Users\Parish Enterprises\AppData\Local\Google\Update\1.1.25.0\GoogleUpdate.exe ["C:\Users\Ron Oliver\AppData\Local\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en]
YN -> TOSCDSPD -> [TOSCDSPD.EXE]
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Sidebar -> [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem]
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Sidebar -> [%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem]
< Run [HKEY_USERS\S-1-5-21-1272644403-126684899-3784368222-1003\] > -> HKEY_USERS\S-1-5-21-1272644403-126684899-3784368222-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> Google Update -> %SystemDrive%\Users\Parish Enterprises\AppData\Local\Google\Update\1.1.25.0\GoogleUpdate.exe ["C:\Users\Ron Oliver\AppData\Local\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en]
YN -> TOSCDSPD -> [TOSCDSPD.EXE]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MyWebSearch\bar\3.bin\MWSBAR.DLL [My Web Search]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1272644403-126684899-3784368222-1003\] > -> HKEY_USERS\S-1-5-21-1272644403-126684899-3784368222-1003\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MyWebSearch\bar\3.bin\MWSBAR.DLL [My Web Search]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {d9288080-1baa-4bc4-9cf8-a92d743db949}:Exec -> %SystemDrive%\Users\ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk [Run IMVU]
YN -> {F72A7B0E-0DD8-11D1-BD6E-00AA00B92AF1}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. []
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\
YN -> Add to Windows &Live Favorites ->
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\
YN -> Add to Windows &Live Favorites ->
[Files/Folders - Created Within 90 days]
NY -> VundoFix Backups -> %SystemDrive%\VundoFix Backups
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> pskt.ini -> %AllUsersProfile%\pskt.ini
NY -> WildTangent -> %AppData%\WildTangent
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> WildTangent -> %AppData%\WildTangent
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.




Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan. Check all the boxes and click Start Scan
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Reboot and post a new HijackThis log

Hello,

I have attached the two logs that you have requested.

Can you post a new HijackThis log, don't attach it though

Here you are


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:36:16 PM, on 4/25/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\CalCheck.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Ron Oliver\AppData\Local\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://amc.workbrai...n...e&locale=EN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 10\LaunchList.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [DMASwitch] "C:\Program Files\CyberLink\PowerDirector\CLDMA.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe
O4 - HKLM\..\Run: [NovaBackup 7 Tray Control] "C:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\Windows\system32\CrazyTalk.dll,DllServeMediaFile
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: YouTube Uploader.lnk = Ron Oliver\AppData\Local\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4E77DBA6-3506-46EC-93C0-AB1E0DBD7E4A} (ZtServiceManager Class) - http://mvod.web.aol..../ServiceMgr.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v5.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://parishent.spa...nPUplden-us.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://activation.re...lk_he/setup.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace...ronGameHost.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.2.1.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\Windows\system32\afinding.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXlm Service 1 - Unknown owner - C:\Users\Ron Oliver\Downloads\acad\Autodesk Network License Manager\lmgrd.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WServing Service (WServing) - Unknown owner - C:\Windows\system32\wserving.exe

--
End of file - 14641 bytes

Hello

Open Notepad and Copy (Control+C) and Paste (Control+V) the following code into the Notepad window.

@echo off
sc stop AFinding
sc delete AFinding
sc stop perfmons
sc delete perfmons
sc stop WServing
sc delete WServing
del C:\Windows\system32\afinding.exe
del C:\Windows\system32\perfs.exe
del C:\Windows\system32\wserving.exe
del FixService.bat

Click on 'File' then 'Save As'
In the Save in drop down box select Desktop
In the File name box type in FixService.bat
In the Save as type drop down box select All Files
Close Notepad.

Now, find FixService.bat on your Desktop and Double click it
A window will open and close, do not be concerned this is normal.


Reboot and post a new HijackThis log

Here you go:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:54:17 PM, on 4/25/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Ulead Systems\Autodetector\Monitor.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\CalCheck.exe
C:\Program Files\NovaStor\NovaBACKUP\NBKCTRL.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\NovaStor\NOVABA~1\NSENGINE.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Users\Ron Oliver\AppData\Local\YouTube\Uploader\youtubeuploader.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://amc.workbrai...n...e&locale=EN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 10\LaunchList.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [DMASwitch] "C:\Program Files\CyberLink\PowerDirector\CLDMA.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe
O4 - HKLM\..\Run: [NovaBackup 7 Tray Control] "C:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\Windows\system32\CrazyTalk.dll,DllServeMediaFile
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: YouTube Uploader.lnk = Ron Oliver\AppData\Local\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4E77DBA6-3506-46EC-93C0-AB1E0DBD7E4A} (ZtServiceManager Class) - http://mvod.web.aol..../ServiceMgr.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v5.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://parishent.spa...nPUplden-us.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://activation.re...lk_he/setup.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace...ronGameHost.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.2.1.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\Windows\system32\afinding.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXlm Service 1 - Unknown owner - C:\Users\Ron Oliver\Downloads\acad\Autodesk Network License Manager\lmgrd.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WServing Service (WServing) - Unknown owner - C:\Windows\system32\wserving.exe

--
End of file - 14702 bytes