explorer.exe; svchost.exe; and rundll32.exe seem to be the major problems, not to mention a load of spyware, viruses, and trojans which have been so far, undetectable, yet ever so present.

Enumerated, for easy reading, are my problems:

1.) I am requesting assistance in recovering my HP dv8000 [custom built] laptop.
2.) Firefox does not function properly; upon load, my default google homepage is loaded, along with a secondary tab, which leads to a "scam" antivirus link, advising the installation of some adware scanner. [pure bogus]

2a.) Upon "Google Searching," I found a post with similar issues, in regards to the website being pulled up.
[link to forum: http://forum.dobreprogramy.pl/viewtopic.ph...6&p=1605439]
[COPY of website attempted to be loaded: http://83.149.75.33/info.png?cmp=ghrnc&...d=http&z=cl] <-- Do Not OPEN

3.) Internet access to desired websites is highly limited, and non-functional.
4.) I have Kaspersky Internet Security; receives continuous warnings that "so&so file" is attempting access to the internet, and is suspicious. These are files which have never, to my knowledge trigered an alert. So far, they are as follows: explorer.exe, rundll32.exe, and svchost.exe *which should access internet, but not in this way.*
5. Additional alerts inform me that the aforementioned files / executables are "attempting to load new or modified modules."

=======
I have attached, for your review, a copy of my HijackThisLog file, and wait upon your assistance.

Thanks in advance for your time, and I hope to hear from you!


~High-School Student.

This post has been edited by mhilliard_13: May 18 2008, 09:03 AM

Hello mhilliard_13 and Welcome to Geeks To Go!

Sorry for the delay, been a busy this week.
I have reviewed your log and found traces of malware on your system. Please stick with me until we get you cleaned up.
Read this post completely before proceeding with the fix. If you have questions regarding my instructions, please don't hesitate to ask.

Let's start.

First,

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Then,

Download and scan with SUPERAntiSpyware Free for Home Users

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

Finally,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Please post back with the following logs.

- Malwarebytes log
- SuperAntispyware log
- DSS log ->> Main and Extra

All the programs you instructed me to install & utilize seemed to work swell.

Attached hereto, for your review, are the logs created by these programs:

- Malwarebytes' Anti-Malware
- SUPERAntiSpyware Free for Home Users
- Deckard's System Scanner (DSS)

**********************************************************************
** Note: All of the above are enclosed as an attachment below. **


I patiently await your timely reply. Thanks in advance!

This post has been edited by mhilliard_13: May 18 2008, 12:07 PM

Ah! I don't know what's occurred, as of now.
Windows update automatically downloaded 87 updates, completed their installation, restarted, and now I get error messages stating the following:

GrooveMonitor.exe - Ordinal Not Found
The ordinal 13 could not be located in the dynamic link library iertutil.dll.

dwwin.exe - Ordinal Not Found
The ordinal 13 could not be located in the dynamic link library iertutil.dll.

SynTPStart.exe - Ordinal Not Found
The ordinal 13 could not be located in the dynamic link library iertutil.dll.

I'm not quite sure how to fix this, and also need help with this error, as well.

This post has been edited by mhilliard_13: May 18 2008, 05:43 PM

We'll figure that one out later. Right now, let's focus on getting your system cleaned up.
Oh and no next attaching logs. Pasting them on your post will do. Makes it much easier to read.

Next,

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   -----------------------------------------------------------
   
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
     
     -----------------------------------------------------------
   
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
   
   
   -----------------------------------------------------------
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

ComboFix 08-05-15.3 - Michael Hilliard 2008-05-18 23:00:53.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1526 [GMT -5:00]
Running from: C:\Documents and Settings\Michael Hilliard\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.

2008-05-18 22:32 . 2008-05-18 22:32 0 --a--c--- C:\WINDOWS\system32\dllcache\SET681.tmp
2008-05-18 20:22 . 2008-05-18 20:22 63,488 --a------ C:\WINDOWS\xobglu16.dll
2008-05-18 20:22 . 2008-05-18 20:22 23,552 --a------ C:\WINDOWS\xobglu32.dll
2008-05-18 18:58 . 2008-03-01 08:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-18 18:58 . 2007-04-17 04:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-18 18:58 . 2007-03-08 00:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-18 18:58 . 2008-03-01 08:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-18 18:58 . 2008-03-01 08:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-18 18:58 . 2008-03-01 08:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-18 18:58 . 2008-03-01 08:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-18 18:58 . 2008-03-01 08:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-18 18:58 . 2008-02-22 05:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-18 13:57 . 2008-05-18 13:57 <DIR> d-------- C:\Documents and Settings\Michael Hilliard\Application Data\Talkback
2008-05-18 12:36 . 2008-05-18 12:36 <DIR> d-------- C:\Deckard
2008-05-18 10:41 . 2008-05-18 10:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-18 10:40 . 2008-05-18 10:40 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-18 10:40 . 2008-05-18 10:40 <DIR> d-------- C:\Documents and Settings\Michael Hilliard\Application Data\SUPERAntiSpyware.com
2008-05-17 19:48 . 2008-05-17 19:48 27 --a------ C:\WINDOWS\SmartAudio.INI
2008-05-17 17:52 . 2008-05-17 17:52 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-17 15:14 . 2008-05-17 15:14 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-17 15:14 . 2008-05-17 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-17 15:04 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-05-17 15:04 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-05-17 15:03 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-05-17 15:03 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-05-17 15:03 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-05-17 15:03 . 2004-08-03 23:10 19,328 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys
2008-05-17 15:03 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-05-17 15:03 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-05-17 15:03 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-05-17 15:03 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-05-17 15:01 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-05-17 14:56 . 2006-03-15 07:00 221,184 --a--c--- C:\WINDOWS\system32\dllcache\wmpns.dll
2008-05-17 14:56 . 2004-08-03 22:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-05-17 14:56 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-05-17 14:51 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-05-17 14:48 . 2001-08-17 22:36 53,760 --a--c--- C:\WINDOWS\system32\dllcache\wiamsmud.dll
2008-05-17 14:47 . 2001-08-17 22:36 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-05-17 14:46 . 2006-03-15 07:00 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2008-05-17 14:45 . 2001-08-17 13:28 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys
2008-05-17 14:45 . 2001-08-17 12:10 35,871 --a--c--- C:\WINDOWS\system32\dllcache\wbfirdma.sys
2008-05-17 14:45 . 2004-08-03 23:08 31,744 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
2008-05-17 14:45 . 2004-08-03 22:29 23,615 --a--c--- C:\WINDOWS\system32\dllcache\wch7xxnt.sys
2008-05-17 14:42 . 2004-08-03 22:29 33,599 --a--c--- C:\WINDOWS\system32\dllcache\watv04nt.sys
2008-05-17 14:42 . 2004-08-03 22:29 29,311 --a--c--- C:\WINDOWS\system32\dllcache\watv01nt.sys
2008-05-17 14:42 . 2004-08-03 22:29 19,551 --a--c--- C:\WINDOWS\system32\dllcache\watv02nt.sys
2008-05-17 14:41 . 2004-08-03 22:29 11,775 --a--c--- C:\WINDOWS\system32\dllcache\wadv05nt.sys
2008-05-17 14:40 . 2001-08-17 12:13 19,528 --a--c--- C:\WINDOWS\system32\dllcache\w840nd.sys
2008-05-17 14:40 . 2001-08-17 12:13 19,016 --a--c--- C:\WINDOWS\system32\dllcache\w926nd.sys
2008-05-17 14:40 . 2001-08-17 12:13 16,925 --a--c--- C:\WINDOWS\system32\dllcache\w940nd.sys
2008-05-17 14:40 . 2004-08-03 22:29 12,415 --a--c--- C:\WINDOWS\system32\dllcache\wadv01nt.sys
2008-05-17 14:40 . 2004-08-03 22:29 12,127 --a--c--- C:\WINDOWS\system32\dllcache\wadv02nt.sys
2008-05-17 14:39 . 2006-03-15 07:00 363,520 --a--c--- C:\WINDOWS\system32\dllcache\w3svc.dll
2008-05-17 14:38 . 2006-03-15 07:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\w3svapi.dll
2008-05-17 14:37 . 2001-08-17 13:28 64,605 --a--c--- C:\WINDOWS\system32\dllcache\vvoice.sys
2008-05-17 14:35 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-05-17 14:34 . 2001-08-17 22:36 211,968 --a--c--- C:\WINDOWS\system32\dllcache\um54scan.dll
2008-05-17 14:33 . 2001-08-17 22:36 216,064 --a--c--- C:\WINDOWS\system32\dllcache\um34scan.dll
2008-05-17 14:32 . 2001-08-17 13:52 36,736 --a--c--- C:\WINDOWS\system32\dllcache\ultra.sys
2008-05-17 14:31 . 2006-03-15 07:00 103,424 --a--c--- C:\WINDOWS\system32\dllcache\uihelper.dll
2008-05-17 14:31 . 2001-08-17 13:48 11,520 --a--c--- C:\WINDOWS\system32\dllcache\twotrack.sys
2008-05-17 14:29 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-05-17 14:29 . 2001-08-17 12:51 166,784 --a--c--- C:\WINDOWS\system32\dllcache\tridxpm.sys
2008-05-17 14:27 . 2004-08-03 23:00 149,376 --a--c--- C:\WINDOWS\system32\dllcache\tffsport.sys
2008-05-17 14:27 . 2001-08-17 12:51 138,528 --a--c--- C:\WINDOWS\system32\dllcache\tgiulnt5.sys
2008-05-17 14:27 . 2001-08-17 12:14 123,995 --a--c--- C:\WINDOWS\system32\dllcache\tjisdn.sys
2008-05-17 14:27 . 2001-08-17 14:56 81,408 --a--c--- C:\WINDOWS\system32\dllcache\tgiul50.dll
2008-05-17 14:27 . 2001-08-17 12:13 37,961 --a--c--- C:\WINDOWS\system32\dllcache\tdk100b.sys
2008-05-17 14:27 . 2001-08-17 12:13 17,129 --a--c--- C:\WINDOWS\system32\dllcache\tdkcd31.sys
2008-05-17 14:26 . 2001-08-17 14:56 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-05-17 14:26 . 2001-08-17 22:36 94,293 --a--c--- C:\WINDOWS\system32\dllcache\sxports.dll
2008-05-17 14:26 . 2001-08-17 12:50 36,640 --a--c--- C:\WINDOWS\system32\dllcache\t2r4mini.sys
2008-05-17 14:26 . 2001-08-17 14:07 32,640 --a--c--- C:\WINDOWS\system32\dllcache\symc8xx.sys
2008-05-17 14:26 . 2001-08-17 14:07 30,688 --a--c--- C:\WINDOWS\system32\dllcache\sym_u3.sys
2008-05-17 14:26 . 2001-08-17 13:49 30,464 --a--c--- C:\WINDOWS\system32\dllcache\tbatm155.sys
2008-05-17 14:26 . 2001-08-17 14:07 28,384 --a--c--- C:\WINDOWS\system32\dllcache\sym_hi.sys
2008-05-17 14:26 . 2001-08-17 14:07 16,256 --a--c--- C:\WINDOWS\system32\dllcache\symc810.sys
2008-05-17 14:26 . 2001-08-17 13:52 7,040 --a--c--- C:\WINDOWS\system32\dllcache\tandqic.sys
2008-05-17 14:23 . 2006-03-15 07:00 45,056 --a--c--- C:\WINDOWS\system32\dllcache\ssinc51.dll
2008-05-17 14:22 . 2001-08-17 12:11 48,736 --a--c--- C:\WINDOWS\system32\dllcache\srwlnd5.sys
2008-05-17 14:21 . 2006-03-15 07:00 101,376 --a--c--- C:\WINDOWS\system32\dllcache\srusbusd.dll
2008-05-17 14:21 . 2001-08-17 22:36 99,328 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2008-05-17 14:20 . 2001-08-17 22:36 114,688 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.dll
2008-05-17 14:20 . 2001-08-17 22:36 106,584 --a--c--- C:\WINDOWS\system32\dllcache\spdports.dll
2008-05-17 14:20 . 2001-08-17 13:51 61,824 --a--c--- C:\WINDOWS\system32\dllcache\speed.sys
2008-05-17 14:20 . 2001-08-17 12:51 37,040 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.sys
2008-05-17 14:20 . 2001-08-17 22:36 24,660 --a--c--- C:\WINDOWS\system32\dllcache\spxupchk.dll
2008-05-17 14:20 . 2001-08-17 14:07 19,072 --a--c--- C:\WINDOWS\system32\dllcache\sparrow.sys
2008-05-17 14:20 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-05-17 14:19 . 2001-08-17 12:51 58,368 --a--c--- C:\WINDOWS\system32\dllcache\smiminib.sys
2008-05-17 14:19 . 2001-08-17 12:51 20,752 --a--c--- C:\WINDOWS\system32\dllcache\sonync.sys
2008-05-17 14:19 . 2001-08-17 13:53 9,600 --a--c--- C:\WINDOWS\system32\dllcache\sonymc.sys
2008-05-17 14:19 . 2004-08-03 23:00 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonyait.sys
2008-05-17 14:19 . 2001-08-17 13:53 7,040 --a--c--- C:\WINDOWS\system32\dllcache\snyaitmc.sys
2008-05-17 14:17 . 2001-08-17 14:56 147,200 --a--c--- C:\WINDOWS\system32\dllcache\smidispb.dll
2008-05-17 14:17 . 2006-03-15 07:00 15,872 --a--c--- C:\WINDOWS\system32\dllcache\smierrsm.dll
2008-05-17 14:16 . 2001-08-17 12:10 35,913 --a--c--- C:\WINDOWS\system32\dllcache\smcirda.sys
2008-05-17 14:16 . 2001-08-17 12:12 25,034 --a--c--- C:\WINDOWS\system32\dllcache\smcpwr2n.sys
2008-05-17 14:16 . 2001-08-17 12:12 24,576 --a--c--- C:\WINDOWS\system32\dllcache\smc8000n.sys
2008-05-17 14:16 . 2004-08-03 23:07 16,128 --a--c--- C:\WINDOWS\system32\dllcache\smbbatt.sys
2008-05-17 14:16 . 2004-08-03 23:07 6,912 --a--c--- C:\WINDOWS\system32\dllcache\smbclass.sys
2008-05-17 14:16 . 2001-08-17 13:57 6,784 --a--c--- C:\WINDOWS\system32\dllcache\smbhc.sys
2008-05-17 14:15 . 2001-08-17 22:36 45,568 --a--c--- C:\WINDOWS\system32\dllcache\smb3w.dll
2008-05-17 14:15 . 2001-08-17 22:36 33,792 --a--c--- C:\WINDOWS\system32\dllcache\smb0w.dll
2008-05-17 14:15 . 2006-03-15 07:00 31,744 --a--c--- C:\WINDOWS\system32\dllcache\smb6w.dll
2008-05-17 14:15 . 2001-08-17 22:36 28,672 --a--c--- C:\WINDOWS\system32\dllcache\sma0w.dll
2008-05-17 14:15 . 2001-08-17 22:36 28,160 --a--c--- C:\WINDOWS\system32\dllcache\sm91w.dll
2008-05-17 14:13 . 2001-08-17 12:50 101,760 --a--c--- C:\WINDOWS\system32\dllcache\sis300ip.sys
2008-05-17 14:13 . 2006-03-15 07:00 18,944 --a--c--- C:\WINDOWS\system32\dllcache\simptcp.dll
2008-05-17 14:12 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-05-17 14:12 . 2001-07-21 14:29 161,568 --a--c--- C:\WINDOWS\system32\dllcache\sgsmusb.sys
2008-05-17 14:12 . 2001-08-17 12:51 98,080 --a--c--- C:\WINDOWS\system32\dllcache\sgiulnt5.sys
2008-05-17 14:12 . 2001-08-17 12:19 36,480 --a--c--- C:\WINDOWS\system32\dllcache\sfmanm.sys
2008-05-17 14:12 . 2001-07-21 14:29 18,400 --a--c--- C:\WINDOWS\system32\dllcache\sgsmld.sys
2008-05-17 14:12 . 2001-08-17 13:48 17,664 --a--c--- C:\WINDOWS\system32\dllcache\sermouse.sys
2008-05-17 14:12 . 2001-08-17 13:53 6,912 --a--c--- C:\WINDOWS\system32\dllcache\seaddsmc.sys
2008-05-17 14:12 . 2001-08-17 13:53 6,784 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
2008-05-17 14:10 . 2001-08-17 14:56 210,496 --a--c--- C:\WINDOWS\system32\dllcache\s3mvirge.dll
2008-05-17 14:09 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-05-17 14:09 . 2001-08-17 13:28 714,762 --a--c--- C:\WINDOWS\system32\dllcache\r2mdmkxx.sys
2008-05-17 14:09 . 2001-08-17 22:36 86,097 --a--c--- C:\WINDOWS\system32\dllcache\reslog32.dll
2008-05-17 14:09 . 2004-08-03 22:59 79,104 --a--c--- C:\WINDOWS\system32\dllcache\rocket.sys
2008-05-17 14:09 . 2001-08-17 22:36 41,472 --a--c--- C:\WINDOWS\system32\dllcache\qvusd.dll
2008-05-17 14:09 . 2001-08-17 12:12 37,563 --a--c--- C:\WINDOWS\system32\dllcache\rlnet5.sys
2008-05-17 14:09 . 2001-08-17 13:51 19,584 --a--c--- C:\WINDOWS\system32\dllcache\rasirda.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 20:18 3,545,600 ----a-w C:\WINDOWS\system32\logonuiX.exe
2008-04-22 21:07 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-22 21:01 --------- d-----w C:\Program Files\Windows Plus
2008-04-14 00:11 94,208 ----a-w C:\WINDOWS\system32\eappgnui.dll
2008-04-14 00:09 6,144 ----a-w C:\WINDOWS\system32\kbdpash.dll
2008-04-14 00:09 6,144 ----a-w C:\WINDOWS\system32\kbdnepr.dll
2008-04-14 00:09 6,144 ----a-w C:\WINDOWS\system32\kbdiultn.dll
2008-04-14 00:09 6,144 ----a-w C:\WINDOWS\system32\kbdbhc.dll
2008-04-13 18:43 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:40 10,240 ----a-w C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-04-13 18:14 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 16:36 144,384 ----a-w C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-04 01:01 142,848 ----a-w C:\WINDOWS\system32\IESetting.dll
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\SETE7.tmp
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\SETA3.tmp
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\SETA4.tmp
.

((((((((((((((((((((((((((((( snapshot_2008-05-18_22.52.06.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-19 03:49:37 12,956,192 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
+ 2008-05-19 04:02:38 13,006,368 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
- 2008-05-19 03:46:37 991,008 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
+ 2008-05-19 04:02:28 992,800 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 07:00 15360]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 13:27 65536]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 10:56 409600]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-15 07:00 33280 C:\WINDOWS\system32\rundll32.exe]
"BluetoothAuthenticationAgent"="rundll32.exe" [2006-03-15 07:00 33280 C:\WINDOWS\system32\rundll32.exe]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 11:18 49152]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 07:39 49152]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006-03-15 07:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2006-03-15 07:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-15 07:00 59392]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 14:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-15 07:00 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-04-15 17:26 1519616 C:\WINDOWS\system32\nwiz.exe]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]
"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-03-15 07:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-03-15 07:00 455168]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]

C:\Documents and Settings\Michael Hilliard\Start Menu\Programs\Startup\
Styler.lnk - C:\Documents and Settings\Michael Hilliard\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2008-04-23 23:49:24 15086]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2008-05-14 20:40 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Hilliard^Start Menu^Programs^Startup^Client Default.lnk]
path=C:\Documents and Settings\Michael Hilliard\Start Menu\Programs\Startup\Client Default.lnk
backup=C:\WINDOWS\pss\Client Default.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Hilliard^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Michael Hilliard\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Hilliard^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter® 2.LNK]
path=C:\Documents and Settings\Michael Hilliard\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter® 2.LNK
backup=C:\WINDOWS\pss\Registration Ghost Recon Advanced Warfighter® 2.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Michael Hilliard^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=C:\Documents and Settings\Michael Hilliard\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=C:\WINDOWS\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2004-08-10 04:04 59392 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GlassToast]
--a------ 2007-02-01 17:26 860160 C:\Documents and Settings\Michael Hilliard\Desktop\glasstoast\glasstoast.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2006-06-02 14:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-12-15 11:18 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2005-11-16 08:30 503808 C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2006-03-15 07:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--ahs---- 2008-04-13 19:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New Value #1]
C:\Documents and Settings\Michael Hilliard\Desktop\vistart_2661_english_skin_default OLDDD\vistart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-04-15 17:26 7561216 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-04-15 17:26 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-04-15 17:26 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2006-03-15 07:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2006-03-15 07:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2005-12-12 11:39 94208 C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
--a------ 2007-09-02 13:58 495616 C:\Program Files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2007-09-15 02:27 1015808 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-11-04 13:40 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk]
--a------ 2007-11-16 01:40 1937920 C:\Program Files\TopDesk\topdesk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
C:\Program Files\ViStart\ViStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"NSCService"=3 (0x3)
"ccSetMgr"=2 (0x2)
"CLTNetCnService"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5daf40ae-114b-11dd-9ea5-0016d434dde6}]
\Shell\AutoRun\command - E:\ntde1ect.com
\Shell\explore\Command - E:\ntde1ect.com
\Shell\open\Command - E:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c10eae7f-1168-11dd-9ea8-0016d434dde6}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 23:02:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-18 23:04:00
ComboFix-quarantined-files.txt 2008-05-19 04:03:52
ComboFix2.txt 2008-05-19 03:53:46
ComboFix3.txt 2008-05-18 01:25:56

Pre-Run: 78,857,793,536 bytes free
Post-Run: 78,838,525,952 bytes free

340 --- E O F --- 2008-05-19 03:02:39


This post has been edited by mhilliard_13: May 18 2008, 10:04 PM

Attached is the HJT Log:

*****************************************************************88
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:11, on 5/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /nodetect
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] "C:\Program Files\LClock\lclock.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - Startup: Styler.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1209267429781
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10663 bytes

Ok next,

Please download DAFT and save it to your desktop:

1. Double-click the daft.exe icon.
2. Click on the Scan button.
3. Select everything it is displaying there
4. Click the Fix button.
5. Then rescan with DAFT again - it should say now that "All associations are OK"
6. Close DAFT if you receive that message. This means that it is fixed now.

Then post back with a DAFT log along with a new DSS main.txt

Daft.txt log is as follows:

DAFT Log saved on 2008-05-20 16:37:04
-----------------------------------------------------------------------
All associations okay!

Deckard's log is as follows:

Deckard's System Scanner v20071014.68
Run by Michael Hilliard on 2008-05-20 16:37:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Michael Hilliard.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38, on 5/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Progr