Today, I had a red shield pop up in the lower right corner saying that a spyware infection has been detected. When I click on it, it asks, would you like to update your security software and download System Live Protect?? I have my other window security alert icon too. So, I have 2 red shields, the one in question, the white X on it is bigger. I'm wondering if I can get some help??

Logfile of HijackThis v1.99.1
Scan saved at 1:17:41 AM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\pipmon.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\pipmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [pipmon] pipmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [PaperPort 8.0 SE Registration Reminder] "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\djrwdtya.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: To-do List.lnk = C:\Program Files\HTP\To-do List\todolist.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200605...ex/qtplugin.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Insaniquarium Deluxe\Images\stg_drm.ocx
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.playfirst.com/play/game/dinerda...h2.1.0.0.67.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1156482906293
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156514192078
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {E39FEDC3-8B80-428F-A2DE-6A09D67704EF} - http://www.clixies.com/plugin/Clixies.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://yme.music.yahoo.com/qos/cabs/DiagCo...tionControl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)

ows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\pipmon.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\pipmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Shell Browser Object Class - {00534B55-3155-CA4F-B41D-0E922121D03C} - C:\WINDOWS\system32\browsemu.dll
O2 - BHO: (no name) - {397D7D63-816E-4ECF-8761-775C932C5CF1} - C:\WINDOWS\iDonate.dll (file missing)
O2 - BHO: (no name) - {4A3817BD-EB24-4D45-B6A5-6996B9319977} - C:\WINDOWS\system32\ssqpq.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\ljixfrwl.dll
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINDOWS\system32\urqrrrq.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [pipmon] pipmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [PaperPort 8.0 SE Registration Reminder] "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\djrwdtya.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: To-do List.lnk = C:\Program Files\HTP\To-do List\todolist.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200605...ex/qtplugin.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Insaniquarium Deluxe\Images\stg_drm.ocx
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.playfirst.com/play/game/dinerda...h2.1.0.0.67.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1156482906293
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156514192078
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {E39FEDC3-8B80-428F-A2DE-6A09D67704EF} - http://www.clixies.com/plugin/Clixies.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://yme.music.yahoo.com/qos/cabs/DiagCo...tionControl.cab
O20 - Winlogon Notify: ssqpq - C:\WINDOWS\system32\ssqpq.dll
O20 - Winlogon Notify: urqrrrq - C:\WINDOWS\SYSTEM32\urqrrrq.dll
O20 - Winlogon Notify: winjyp32 - C:\WINDOWS\SYSTEM32\winjyp32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)

--
End of file - 9581 bytes




300_saver_01
Abexo Free Registry Cleaner
AI RoboForm (All Users)
Alice Greenfingers
Alice Greenfingers
ArcSoft PhotoStudio 5.5
AVG Anti-Spyware 7.5
Birdies
BitZip (remove only)
BitZipper 5.0.1
Broadcom 440x Driver Installer
Broadcom Advanced Control Suite
Canon CanoScan Toolbox 4.9
Canon i960
Canon ScanGear Starter
Coffee Tycoon
Da Vinci's Secret
DivX Codec
Doras Carnival 2 - At the Boardwalk (remove only)
Dora's Carnival 2: Boardwalk Adventure
Dora's World Adventure
Dr Watson for Microsoft Windows OneCare Live v1.1.1067.8
Escape From Paradise
Escape From Paradise (remove only)
Fairy Godmother Tycoon
Fish Tycoon
FTDI USB Serial Converter Drivers
Happy Hour
HijackThis 2.0.0
Ice Cream Tycoon
Insaniquarium Deluxe
Intel® Extreme Graphics Driver
J2SE Runtime Environment 5.0 Update 9
Lemonade Tycoon
Lemonade Tycoon 2
Manual CanoScan LiDE 25
Meeting Manager for Netscape Navigator and Mozilla
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.6)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
Mystery P.I. - The Lottery Ticket
Nanny Mania
PaperPort 8.0 SE
Personal ImageManager
Plantasia
QuickTime
RealArcade
RegistryFix v6.1
Roller Rush Deluxe
SAMSUNG CDMA Modem Driver Set
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Shipping Assistant 3.1
Shoppers' Hotline Control Center
SoundMAX
Stand O' Food
To-do List 2.4.0
Tropix
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB927891)
Update for Windows XP (KB936357)
Video Professor Virus Protection 1.03
Virtools 3D Life Player
Virtual Villagers
Westward
Westward
Windows Defender Signatures
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WordPerfect Office 2002
WordPerfect Office 2002

Hello and welcome aboard

Please download Combofix to your desktop:

• Double-click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

here is the report. Also, just to let you know when my computer starts up, it takes about 10 minutes before the shield pops up.

ComboFix 07-08-04.3 - "Owner" 2007-08-06 13:24:26.1 [GMT -5:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\iifefee.dll
C:\WINDOWS\system32\ljixfrwl.dll
C:\WINDOWS\system32\pfpgnxcb.exe
C:\WINDOWS\system32\qpqss.bak1
C:\WINDOWS\system32\qpqss.bak2
C:\WINDOWS\system32\qpqss.ini
C:\WINDOWS\system32\rqrpoll.dll
C:\WINDOWS\system32\srvswc2.dll
C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\urqrrrq.dll
C:\WINDOWS\system32\winjyp32.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 )))))))))))))))))))))))))))))))


2007-08-06 13:23 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-06 01:29 <DIR> d-------- C:\Program Files\Beauty Factory
2007-08-05 23:10 125,504 --a------ C:\WINDOWS\system32\djrwdtya.dll
2007-08-05 17:51 1,572,864 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-08-05 17:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\DivX
2007-08-05 17:26 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-05 11:36 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-05 11:27 1,886 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-05 11:23 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-05 11:23 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-05 11:23 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-05 10:52 51,200 --a------ C:\umbk.exe
2007-08-05 10:52 32,768 --a------ C:\WINDOWS\system32\pipmon.exe
2007-08-05 10:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
2007-08-05 10:21 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\GoodSync
2007-08-04 18:06 <DIR> d-------- C:\Program Files\HTP
2007-08-04 13:56 86,082 --a------ C:\WINDOWS\system32\ftdiunin.exe
2007-08-04 13:56 77,890 --a------ C:\WINDOWS\system32\FTLang.dll
2007-08-04 13:56 60,572 --a------ C:\WINDOWS\system32\drivers\ftser2k.sys
2007-08-04 13:56 48,625 --a------ C:\WINDOWS\system32\ftserui2.dll
2007-08-04 13:56 28,449 --a------ C:\WINDOWS\system32\drivers\ftdibus.sys
2007-08-04 13:56 159,744 --a------ C:\WINDOWS\system32\Neto.dll
2007-08-04 13:56 151,552 --a------ C:\WINDOWS\system32\LoadDll.dll
2007-08-04 13:56 <DIR> d-------- C:\Program Files\Shoppers Hotline
2007-08-01 14:43 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\ArcSoft
2007-07-31 01:36 <DIR> d-------- C:\DOCUME~1\Owner\data
2007-07-30 08:49 196,608 --a------ C:\WINDOWS\system32\libssl32.dll
2007-07-30 08:49 <DIR> d-------- C:\OpenSSL
2007-07-30 07:36 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SpeedBit
2007-07-30 07:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpeedBit
2007-07-29 20:29 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\WinRAR
2007-07-28 23:01 19 --a------ C:\WINDOWS\popcinfo.dat
2007-07-28 14:47 <DIR> d-------- C:\Program Files\Tropix
2007-07-28 14:45 <DIR> d-------- C:\Program Files\Insaniquarium Deluxe
2007-07-28 14:42 <DIR> d-------- C:\Program Files\Mystery P.I. - The Lottery Ticket
2007-07-26 20:38 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Chicken Chase
2007-07-26 17:45 <DIR> d-------- C:\Program Files\Coffee Tycoon
2007-07-26 17:44 <DIR> d-------- C:\Program Files\Ice Cream Tycoon
2007-07-26 17:41 <DIR> d-------- C:\Program Files\Lemonade Tycoon 2
2007-07-26 17:41 <DIR> d-------- C:\Program Files\Lemonade Tycoon
2007-07-26 17:36 <DIR> d-------- C:\Sim City 4
2007-07-26 17:32 <DIR> d-------- C:\Program Files\Fairy Godmother Tycoon
2007-07-26 17:30 <DIR> d-------- C:\Program Files\Plantasia
2007-07-25 16:06 <DIR> d-------- C:\Program Files\Mortimer Beckett And The Secrets Of Spooky Manor
2007-07-24 16:31 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-07-24 16:31 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-07-24 16:31 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-07-24 16:31 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-07-24 16:31 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-07-24 16:31 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-07-24 16:31 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-07-24 16:31 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-07-24 16:31 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-07-24 16:31 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-07-24 16:31 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-07-24 16:31 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-07-24 16:31 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-07-24 16:31 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-07-24 16:31 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-07-24 16:31 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-07-24 16:31 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-07-24 16:31 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-07-24 16:31 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-07-24 15:51 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-07-23 02:19 <DIR> d-------- C:\Program Files\Westward
2007-07-22 16:53 673 --a------ C:\WINDOWS\wwwconfig.dat
2007-07-22 16:43 <DIR> d-------- C:\Program Files\Profitville
2007-07-22 16:37 40,960 --a------ C:\WINDOWS\system32\Fish Tycoon.scr
2007-07-22 16:37 <DIR> d-------- C:\Program Files\Fish Tycoon
2007-07-22 16:35 <DIR> d-------- C:\Program Files\Happy Hour
2007-07-22 16:35 <DIR> d-------- C:\Program Files\Birdies
2007-07-21 23:11 <DIR> d-------- C:\Program Files\Legacy Interactive
2007-07-21 11:11 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Big Fish Games
2007-07-21 11:09 <DIR> d-------- C:\DOCUME~1\Owner\Saved Games
2007-07-17 00:49 <DIR> d-------- C:\Program Files\Alice Greenfingers
2007-07-16 00:17 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\My Games
2007-07-15 23:55 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\iWin
2007-07-15 23:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\iWin
2007-07-11 03:02 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-07-09 19:41 <DIR> d-------- C:\Program Files\WildGames
2007-07-09 19:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WildTangent
2007-07-09 17:31 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Canon
2007-07-09 17:14 <DIR> d-------- C:\Program Files\Canon
2007-07-09 17:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-07-09 17:11 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-07-09 17:11 <DIR> d-------- C:\Program Files\ArcSoft
2007-07-09 17:10 57,344 --a------ C:\WINDOWS\system32\CNQU110.DLL
2007-07-09 17:10 352,256 --a------ C:\WINDOWS\system32\CNQL1213.DLL
2007-07-09 17:10 <DIR> d--h----- C:\CanoScan
2007-07-07 17:01 <DIR> d-------- C:\Program Files\BitZipper
2007-07-07 17:01 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\BitZipper
2007-07-07 16:42 <DIR> d-------- C:\Program Files\Escape From Paradise


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-05 23:31 --------- d-------- C:\Program Files\GameHouse
2007-08-05 11:02 --------- d-------- C:\Program Files\Siber Systems
2007-08-04 15:57 6934 --a------ C:\WINDOWS\mozver.dat
2007-08-04 13:56 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 13:52 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\.BitZip
2007-08-01 16:40 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Help
2007-07-31 03:10 --------- d-------- C:\Program Files\Yahoo! Games
2007-07-26 20:21 --------- d-------- C:\Program Files\PlayFirst
2007-07-17 20:59 --------- d-------- C:\Program Files\Doras Carnival 2 At the Boardwalk
2007-07-15 23:46 --------- d-------- C:\Program Files\hp deskjet 3820 series
2007-07-15 23:35 --------- d-------- C:\Program Files\Hewlett-Packard
2007-07-15 23:34 --------- d-------- C:\Program Files\Nick Jr. Arcade
2007-07-15 23:30 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\GameHouse
2007-07-09 17:12 --------- d-------- C:\Program Files\Common Files\scansoft shared
2007-07-09 17:12 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-05 00:13 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Gamelab
2007-07-02 17:59 437 --a------ C:\WINDOWS\PowerReg.dat
2007-06-30 19:09 --------- d-------- C:\Program Files\Snowy Lunch Rush
2007-06-30 19:09 --------- d-------- C:\Program Files\Burger Island(2)
2007-06-30 19:09 --------- d-------- C:\Program Files\Burger Island
2007-06-30 19:09 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Uniblue
2007-06-30 19:09 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\SpywareBot
2007-06-30 19:09 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\NewzToolz
2007-06-30 15:46 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\PlayFirst
2007-06-30 15:44 287 --a------ C:\WINDOWS\bbbconfig.dat
2007-06-29 14:22 --------- d-------- C:\Program Files\Games
2007-06-29 14:02 4096 --a------ C:\WINDOWS\d3dx.dat
2007-06-29 01:38 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Sandlot Games
2007-06-28 21:03 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Google
2007-06-28 18:53 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\SpinTop
2007-06-16 02:02 --------- d-------- C:\Program Files\Zylom Games
2007-06-16 02:02 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Zylom
2007-06-15 09:11 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Gaijin Ent
2007-06-15 00:53 --------- d-------- C:\Program Files\Burger Rush
2007-06-15 00:41 --------- d-------- C:\Program Files\ReflexiveArcade
2007-06-14 13:17 774144 --a------ C:\Program Files\RngInterstitial.dll
2007-06-14 13:17 --------- d-------- C:\Program Files\Real
2007-06-14 13:17 --------- d-------- C:\Program Files\Common Files\Real
2007-06-12 19:46 --------- d-------- C:\Program Files\Google
2007-06-11 11:22 50 --a------ C:\WINDOWS\system32\Mf520def.dat
2007-05-20 23:39 23348 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-05-16 10:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 10:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-09 17:15 38 --a------ C:\WINDOWS\system32\hnetcom2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00534B55-3155-CA4F-B41D-0E922121D03C}]
2007-02-14 13:35 0 --a------ C:\WINDOWS\system32\browsemu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{397D7D63-816E-4ECF-8761-775C932C5CF1}]
C:\WINDOWS\iDonate.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10]
"PaperPort PTD"="C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" []
"PaperPort 8.0 SE Registration Reminder"="C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" []
"NetMeter"="C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe" []
"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" []
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" []
"pipmon"="pipmon.exe" [2007-08-05 10:52 C:\WINDOWS\system32\pipmon.exe]
"SetDefPrt"="C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe" []
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-07-29 19:34]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-02-11 09:45]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
To-do List.lnk - C:\Program Files\HTP\To-do List\todolist.exe [2005-04-18 01:59:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.2.lnk]
backup=C:\WINDOWS\pss\eFax 4.2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartUI.lnk]
backup=C:\WINDOWS\pss\SmartUI.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CashSurfers CashBar Navigator]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.2]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spc_w]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]

R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys
S0 szkg;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys
S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys
S3 brparimg;Brother Multi Function Parallel Image driver;C:\WINDOWS\system32\DRIVERS\BrParImg.sys
S3 BrParWdm;Brother WDM Parallel Driver;C:\WINDOWS\system32\Drivers\BrParwdm.sys
S3 BrSerWDM;Brother Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
S3 BrUsbScn;Brother MFC USB Scanner driver;C:\WINDOWS\system32\Drivers\BrUsbScn.sys
S3 FTDIBUS;USB Serial Converter Driver;C:\WINDOWS\system32\drivers\ftdibus.sys
S3 FTSER2K;USB Serial Port Driver;C:\WINDOWS\system32\drivers\ftser2k.sys
S3 mf;mf;C:\WINDOWS\system32\DRIVERS\mf.sys
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


Contents of the 'Scheduled Tasks' folder
2007-06-11 16:31:51 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-06 13:36:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-06 13:38:28 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-06 13:38

--- E O F ---

Lets continue

Open notepad and copy/paste the text in the quotebox into it



Save it as CFScript.txt on your desktop.



Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

====

Along with this log,

• Open HiJackThis
• Click on the configure button on the bottom right
• Click on the tab "Misc Tools"
• Click on "Open ADS Spy.."
• Click on "Scan"
• Click on "Save Log..."
• Copy and paste the list from the notebook onto your post along with the combofix one.

The second log did not produce anything. So, this is the only log for you.



ComboFix 07-08-04.3 - "Owner" 2007-08-07 13:00:19.2 [GMT -5:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\umbk.exe
C:\WINDOWS\bbbconfig.dat
C:\WINDOWS\d3dx.dat
C:\WINDOWS\system32\djrwdtya.dll
C:\WINDOWS\system32\Mf520def.dat
C:\WINDOWS\system32\pipmon.exe


((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))


2007-08-06 13:23 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-06 01:29 <DIR> d-------- C:\Program Files\Beauty Factory
2007-08-05 17:51 1,572,864 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-08-05 17:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\DivX
2007-08-05 17:26 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-05 11:36 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-05 11:27 1,886 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-05 11:23 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-08-05 11:23 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-05 11:23 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-05 10:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
2007-08-05 10:21 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\GoodSync
2007-08-04 18:06 <DIR> d-------- C:\Program Files\HTP
2007-08-04 13:56 86,082 --a------ C:\WINDOWS\system32\ftdiunin.exe
2007-08-04 13:56 77,890 --a------ C:\WINDOWS\system32\FTLang.dll
2007-08-04 13:56 60,572 --a------ C:\WINDOWS\system32\drivers\ftser2k.sys
2007-08-04 13:56 48,625 --a------ C:\WINDOWS\system32\ftserui2.dll
2007-08-04 13:56 28,449 --a------ C:\WINDOWS\system32\drivers\ftdibus.sys
2007-08-04 13:56 159,744 --a------ C:\WINDOWS\system32\Neto.dll
2007-08-04 13:56 151,552 --a------ C:\WINDOWS\system32\LoadDll.dll
2007-08-04 13:56 <DIR> d-------- C:\Program Files\Shoppers Hotline
2007-08-01 14:43 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\ArcSoft
2007-07-31 01:36 <DIR> d-------- C:\DOCUME~1\Owner\data
2007-07-30 08:49 196,608 --a------ C:\WINDOWS\system32\libssl32.dll
2007-07-30 08:49 <DIR> d-------- C:\OpenSSL
2007-07-30 07:36 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SpeedBit
2007-07-30 07:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpeedBit
2007-07-29 20:29 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\WinRAR
2007-07-28 23:01 19 --a------ C:\WINDOWS\popcinfo.dat
2007-07-28 14:47 <DIR> d-------- C:\Program Files\Tropix
2007-07-28 14:45 <DIR> d-------- C:\Program Files\Insaniquarium Deluxe
2007-07-28 14:42 <DIR> d-------- C:\Program Files\Mystery P.I. - The Lottery Ticket
2007-07-26 20:38 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Chicken Chase
2007-07-26 17:45 <DIR> d-------- C:\Program Files\Coffee Tycoon
2007-07-26 17:44 <DIR> d-------- C:\Program Files\Ice Cream Tycoon
2007-07-26 17:41 <DIR> d-------- C:\Program Files\Lemonade Tycoon 2
2007-07-26 17:41 <DIR> d-------- C:\Program Files\Lemonade Tycoon
2007-07-26 17:36 <DIR> d-------- C:\Sim City 4
2007-07-26 17:32 <DIR> d-------- C:\Program Files\Fairy Godmother Tycoon
2007-07-26 17:30 <DIR> d-------- C:\Program Files\Plantasia
2007-07-25 16:06 <DIR> d-------- C:\Program Files\Mortimer Beckett And The Secrets Of Spooky Manor
2007-07-24 16:31 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-07-24 16:31 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-07-24 16:31 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-07-24 16:31 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-07-24 16:31 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-07-24 16:31 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-07-24 16:31 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-07-24 16:31 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-07-24 16:31 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-07-24 16:31 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-07-24 16:31 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-07-24 16:31 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-07-24 16:31 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-07-24 16:31 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-07-24 16:31 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-07-24 16:31 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-07-24 16:31 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-07-24 16:31 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-07-24 16:31 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-07-24 15:51 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-07-23 02:19 <DIR> d-------- C:\Program Files\Westward
2007-07-22 16:53 673 --a------ C:\WINDOWS\wwwconfig.dat
2007-07-22 16:43 <DIR> d-------- C:\Program Files\Profitville
2007-07-22 16:37 40,960 --a------ C:\WINDOWS\system32\Fish Tycoon.scr
2007-07-22 16:37 <DIR> d-------- C:\Program Files\Fish Tycoon
2007-07-22 16:35 <DIR> d-------- C:\Program Files\Happy Hour
2007-07-22 16:35 <DIR> d-------- C:\Program Files\Birdies
2007-07-21 23:11 <DIR> d-------- C:\Program Files\Legacy Interactive
2007-07-21 11:11 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Big Fish Games
2007-07-21 11:09 <DIR> d-------- C:\DOCUME~1\Owner\Saved Games
2007-07-17 00:49 <DIR> d-------- C:\Program Files\Alice Greenfingers
2007-07-16 00:17 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\My Games
2007-07-15 23:55 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\iWin
2007-07-15 23:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\iWin
2007-07-11 03:02 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-07-09 19:41 <DIR> d-------- C:\Program Files\WildGames
2007-07-09 19:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WildTangent
2007-07-09 17:31 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Canon
2007-07-09 17:14 <DIR> d-------- C:\Program Files\Canon
2007-07-09 17:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-07-09 17:11 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-07-09 17:11 <DIR> d-------- C:\Program Files\ArcSoft
2007-07-09 17:10 57,344 --a------ C:\WINDOWS\system32\CNQU110.DLL
2007-07-09 17:10 352,256 --a------ C:\WINDOWS\system32\CNQL1213.DLL
2007-07-09 17:10 <DIR> d--h----- C:\CanoScan
2007-07-07 17:01 <DIR> d-------- C:\Program Files\BitZipper
2007-07-07 17:01 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\BitZipper
2007-07-07 16:42 <DIR> d-------- C:\Program Files\Escape From Paradise


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-05 23:31 --------- d-------- C:\Program Files\GameHouse
2007-08-05 11:02 --------- d-------- C:\Program Files\Siber Systems
2007-08-04 15:57 6934 --a------ C:\WINDOWS\mozver.dat
2007-08-04 13:56 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 13:52 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\.BitZip
2007-08-01 16:40 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Help
2007-07-31 03:10 --------- d-------- C:\Program Files\Yahoo! Games
2007-07-26 20:21 --------- d-------- C:\Program Files\PlayFirst
2007-07-17 20:59 --------- d-------- C:\Program Files\Doras Carnival 2 At the Boardwalk
2007-07-15 23:46 --------- d-------- C:\Program Files\hp deskjet 3820 series
2007-07-15 23:35 --------- d-------- C:\Program Files\Hewlett-Packard
2007-07-15 23:34 --------- d-------- C:\Program Files\Nick Jr. Arcade
2007-07-15 23:30 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\GameHouse
2007-07-09 17:12 --------- d-------- C:\Program Files\Common Files\scansoft shared
2007-07-09 17:12 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-05 00:13 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Gamelab
2007-07-02 17:59 437 --a------ C:\WINDOWS\PowerReg.dat
2007-06-30 19:09 --------- d-------- C:\Program Files\Snowy Lunch Rush
2007-06-30 19:09 --------- d-------- C:\Program Files\Burger Island(2)
2007-06-30 19:09 --------- d-------- C:\Program Files\Burger Island
2007-06-30 19:09 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Uniblue
2007-06-30 19:09 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\SpywareBot
2007-06-30 19:09 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\NewzToolz
2007-06-30 15:46 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\PlayFirst
2007-06-29 14:22 --------- d-------- C:\Program Files\Games
2007-06-29 01:38 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Sandlot Games
2007-06-28 21:03 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Google
2007-06-28 18:53 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\SpinTop
2007-06-16 02:02 --------- d-------- C:\Program Files\Zylom Games
2007-06-16 02:02 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Zylom
2007-06-15 09:11 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Gaijin Ent
2007-06-15 00:53 --------- d-------- C:\Program Files\Burger Rush
2007-06-15 00:41 --------- d-------- C:\Program Files\ReflexiveArcade
2007-06-14 13:17 774144 --a------ C:\Program Files\RngInterstitial.dll
2007-06-14 13:17 --------- d-------- C:\Program Files\Real
2007-06-14 13:17 --------- d-------- C:\Program Files\Common Files\Real
2007-06-12 19:46 --------- d-------- C:\Program Files\Google
2007-05-20 23:39 23348 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-05-16 10:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 10:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-09 17:15 38 --a------ C:\WINDOWS\system32\hnetcom2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{397D7D63-816E-4ECF-8761-775C932C5CF1}]
C:\WINDOWS\iDonate.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10]
"PaperPort PTD"="C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" []
"PaperPort 8.0 SE Registration Reminder"="C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" []
"NetMeter"="C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe" []
"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" []
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" []
"SetDefPrt"="C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe" []
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-07-29 19:34]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-02-11 09:45]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
To-do List.lnk - C:\Program Files\HTP\To-do List\todolist.exe [2005-04-18 01:59:12]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.2.lnk]
backup=C:\WINDOWS\pss\eFax 4.2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartUI.lnk]
backup=C:\WINDOWS\pss\SmartUI.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.2]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetZero_uoltray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spc_w]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]

R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys
S0 szkg;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys
S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys
S3 brparimg;Brother Multi Function Parallel Image driver;C:\WINDOWS\system32\DRIVERS\BrParImg.sys
S3 BrParWdm;Brother WDM Parallel Driver;C:\WINDOWS\system32\Drivers\BrParwdm.sys
S3 BrSerWDM;Brother Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
S3 BrUsbScn;Brother MFC USB Scanner driver;C:\WINDOWS\system32\Drivers\BrUsbScn.sys
S3 FTDIBUS;USB Serial Converter Driver;C:\WINDOWS\system32\drivers\ftdibus.sys
S3 FTSER2K;USB Serial Port Driver;C:\WINDOWS\system32\drivers\ftser2k.sys
S3 mf;mf;C:\WINDOWS\system32\DRIVERS\mf.sys
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-06-11 16:31:51 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 13:02:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-07 13:04:03
C:\ComboFix-quarantined-files.txt ... 2007-08-07 13:03
C:\ComboFix2.txt ... 2007-08-06 13:38

--- E O F ---

Please post a fresh HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 11:13:33 AM, on 8/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HTP\To-do List\todolist.exe
C:\Program Files\HTP\To-do List\todolist.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mystery P.I. - The Lottery Ticket\MysteryPI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {397D7D63-816E-4ECF-8761-775C932C5CF1} - C:\WINDOWS\iDonate.dll (file missing)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [PaperPort 8.0 SE Registration Reminder] "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: To-do List.lnk = C:\Program Files\HTP\To-do List\todolist.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200605...ex/qtplugin.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Mystery P.I. - The Lottery Ticket\Images\stg_drm.ocx
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.playfirst.com/play/game/dinerda...h2.1.0.0.67.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1156482906293
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156514192078
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Mystery P.I. - The Lottery Ticket\Images\armhelper.ocx
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {E39FEDC3-8B80-428F-A2DE-6A09D67704EF} - http://www.clixies.com/plugin/Clixies.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://yme.music.yahoo.com/qos/cabs/DiagCo...tionControl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)

Run a scan with HijackThis and check the following objects for removal:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {397D7D63-816E-4ECF-8761-775C932C5CF1} - C:\WINDOWS\iDonate.dll (file missing)

Now close ALL other open windows but HijackThis and hit FIX CHECKED. Exit HijackThis.

====

Updating Java and Clearing Cache

• Go to Start > Control Panel double-click on the Software icon > Add/Remove Programs.
• Search in the list for ALL previous installed versions of Java. (J2SE Runtime Environment.... )
  They should have next icon next to it:
  Select them and click Remove once at a time.
  1. Now please install the Java Runtime Environment (JRE) 6u2 manually..
  2. Note to reboot the computer after updating:
     http://java.sun.com/javase/downloads/index.jsp

====

Finally,

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

How's the system running? Still having any issues?

i'm about to install Java, but I can't find instructions to manually install. Can I just click the installation button? Also, just to confirm, its JRE 6???

kelly

Yes, just surf here: http://java.sun.com/javase/downloads/index.jsp

Download this: Java Runtime Environment (JRE) 6 Update 2

Then simply double-click the installer once it has downloaded and let it install.

The shield is gone and I have not gotten a warning. Thank you sooooo much for the help.

Kelly

Happy to hear!

Please read here how to clear old restore points and create a new one.

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Here's some tips for future to prevent spyware:

Detect and Remove Programs:

• How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
• How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

Prevention Programs:

• Comodo BOCLEAN <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
• Spywareblaster <= SpywareBlaster will prevent spyware from being installed. (My favourite)
• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well known adsites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.

Other necessary Programs:

• AntiVirus Program <= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kaspersky, this is a must have. (Note to only use 1 at-the-time)
• Firewall <= A firewall is definitely a must have. Two good free versions are Kerio Personal Firewall and ZoneLabs. (Note to only use 1 at-the-time)
• More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox.

And also see TonyKlein's good advice:
So how did I get infected in the first place?

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.