[DarkKnight82]

Okay here is the issue. I went to my ex's MySpace page to send her a message regarding a future court date. After I had sent the message, I decided to close out my browser(Mozilla Firefox). When I closed out, my Windows Live OneCare shut down(it gave an error message telling me it was stopped or canceled and I needed to restart), my Taskbar and Start Menu disappeared and my audio got disabled. I rebooted. Nothing. Nada. Zip.

My OneCare is giving me messages like this: "This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix the problem." I tried and failed. My audio is still not working( AND YES, all my wires are hooked up properly and everything.) My Taskbar and Start Menu button is still gone and I am at my wits end with this. Everything was working PERFECTLY when my gf turned the PC on this morning, and before I went to my ex's MySpace page. [bleep], last night everything was perfectly fine.

I ran Hijackthis and this is the log file if it helps:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:57 PM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...e...C01&lc=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-21-854245398-1202660629-1060284298-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-854245398-1202660629-1060284298-1004\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User '?')
O4 - S-1-5-21-854245398-1202660629-1060284298-1004 Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User '?')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZJfox000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2p...bs/QOLCheck.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.co...aploader_v5.cab
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 4687 bytes


So....what am I doing wrong? What CAN I do to fix this? PLEASE HELP ME!!!!

Edited by DarkKnight82, 21 March 2008 - 05:16 PM.

[Advertisements]

OK lets take a deeper look

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

[Essexboy]

OK lets take a deeper look

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

[DarkKnight82]

Ok here is the main.txt

Deckard's System Scanner v20071014.68
Run by Seph2501 on 2008-03-21 17:24:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Seph2501.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:27:34 PM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Seph2501\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Seph2501.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...e...C01&lc=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-21-854245398-1202660629-1060284298-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-854245398-1202660629-1060284298-1004\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User '?')
O4 - S-1-5-21-854245398-1202660629-1060284298-1004 Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User '?')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZJfox000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2p...bs/QOLCheck.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.co...aploader_v5.cab
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 4727 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,-153
.com - comfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,2
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,23
.ini - inifile - DefaultIcon - shell32.dll,-151
.js - JSFile - DefaultIcon - C:\WINDOWS\System32\migicons.exe,13
.reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1
.txt - txtfile - DefaultIcon - shell32.dll,-152
.vbs - VBSFile - DefaultIcon - C:\WINDOWS\System32\migicons.exe,12


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 allegro (ESS Allegro Audio Driver (WDM)) - c:\windows\system32\drivers\es198x.sys <Not Verified; ESS Technology, Inc.; ES1988/ES1998/ES199A Adapter Driver>
3 DCamUSBSQTECH (Dual-Mode DSC(2770)) - c:\windows\system32\drivers\sqcaptur.sys <Not Verified; Service & Quality Technology.; SQ913>
3 i81x - c:\windows\system32\drivers\i81xnt5.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
3 iAimFP0 - c:\windows\system32\drivers\wadv01nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
3 iAimFP1 - c:\windows\system32\drivers\wadv02nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
3 iAimFP2 - c:\windows\system32\drivers\wadv05nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
3 iAimFP3 - c:\windows\system32\drivers\wsiintxx.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
3 iAimFP4 - c:\windows\system32\drivers\wvchntxx.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
3 iAimTV0 - c:\windows\system32\drivers\watv01nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
3 iAimTV1 - c:\windows\system32\drivers\watv02nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
3 iAimTV2 - system32\drivers\watv03nt.sys (file missing)
3 iAimTV3 - c:\windows\system32\drivers\watv04nt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
3 iAimTV4 - c:\windows\system32\drivers\wch7xxnt.sys <Not Verified; Intel® Corporation; Intel® Graphics Accelerator Drivers for Windows NT®>
2 portD (ABS PortIO Service) - c:\windows\system32\drivers\portd2k.sys <Not Verified; CMS Peripherals, Inc.; ABSplus Backup>
3 Ptserlp (PCTEL Serial Device Driver for PCI) - c:\windows\system32\drivers\ptserlp.sys <Not Verified; PCTEL, INC.; HSP Modem Serial Device>
3 SMC1211 (SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver) - c:\windows\system32\drivers\smc1211.sys <Not Verified; SMC Networks Inc.; SMC EZ Card 10/100 PCI (SMC1211 Series)>
3 TPPFX (USB Storage Adapter FX (TPP)) - c:\windows\system32\drivers\tppfx.sys <Not Verified; Cypress Semiconductor; TPP Storage Adapter>
0 Vmodem (XP Vmodem) - c:\windows\system32\drivers\vmodem.sys <Not Verified; PCTEL, INC.; HSP Modem Modem Device>
0 Vpctcom (XP Vpctcom) - c:\windows\system32\drivers\vpctcom.sys <Not Verified; PCtel, Inc.; HSP Modem Virtual Control Device>
0 Vvoice (XP Vvoice) - c:\windows\system32\drivers\vvoice.sys <Not Verified; PCtel, Inc.; PCTEL HSP Modem Voice Device>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3 aspnet_state (ASP.NET State Service) - c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe (file missing)
3 clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe (file missing)
2 msfwsvc (OneCare Firewall) - c:\program files\microsoft windows onecare live\firewall\msfwsvc.exe
2 OneCareMP (OneCare AntiSpyware and AntiVirus) - c:\program files\microsoft windows onecare live\antivirus\msmpeng.exe
2 Pctspk (PCTEL Speaker Phone) - c:\windows\system32\pctspk.exe


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Scheduled Tasks -------------------------------------------------------------

2008-03-21 01:17:46 360 --a------ C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job
2008-03-05 23:00:02 502 --a------ C:\WINDOWS\Tasks\Tune-up Application Start.job


-- Files created between 2008-02-21 and 2008-03-21 -----------------------------

2008-03-21 17:14:11 0 d-------- C:\Program Files\Trend Micro
2008-03-21 16:40:13 20480 --a------ C:\WINDOWS\system32\H@tKeysH@@k.DLL
2008-03-21 16:00:42 0 dr-h----- C:\Documents and Settings\Seph2501\Recent
2008-03-21 02:23:41 480 --a------ C:\WINDOWS\system32\svchost
2008-03-20 03:26:20 0 d-------- C:\Program Files\Meido
2008-02-29 13:46:27 0 d-------- C:\Program Files\Apple Software Update


-- Find3M Report ---------------------------------------------------------------

2008-03-21 15:31:46 4285762 --ah----- C:\Documents and Settings\Seph2501\Application Data\IconCache.db
2008-03-16 12:29:30 125952 --a------ C:\Documents and Settings\Seph2501\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-02-27 10:41:24 171128 --a------ C:\Documents and Settings\Seph2501\Application Data\GDIPFONTCACHEV1.DAT
2008-02-20 02:58:02 0 d-------- C:\Program Files\CCleaner


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe" [08/23/2001 12:00 PM C:\WINDOWS\SYSTEM32\systray.exe]
"QUICKCARE"="C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe" [05/09/2007 06:15 PM]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [01/22/2008 07:43 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/31/2008 11:13 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11/30/2006 09:49 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Seph2501^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\Seph2501\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPP Auto Loader]
C:\WINDOWS\tppaldr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"=
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
"WeatherCast"="C:\Program Files\WeatherCast\Weather.exe" /q
"AIM"=C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
"msnmsgr"="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ScanRegistry"=C:\WINDOWS\scanregw.exe /autorun
"TaskMonitor"=C:\WINDOWS\taskmon.exe
"PCHealth"=C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"CPQEASYACC"=C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
"WildTangent CDA"=RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
"LoadQM"=loadqm.exe
"WhenUSave"="C:\Program Files\Save\Save.exe"
"BurnQuick Queue"=C:\Program Files\BurnQuick\BQTray.exe
"Digital Dashboard"=C:\Program Files\Compaq\Digital Dashboard\CPQMLDET.exe
"EACLEAN"=C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
"CpqBootPerfDb"=C:\Cpqs\Scom\CpqBootPerfDb.exe
"ViewMgr"=C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
"NAV DefAlert"=C:\PROGRA~1\NORTON~1\DEFALERT.EXE
"Hidserv"=Hidserv.exe run
"Norton Auto-Protect"=C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
"New.net Startup"=rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"WCOLOREAL"=C:\Program Files\COMPAQ\COLOREAL\COLOREAL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"SchedulingAgent"=mstask.exe
"ScardSvr"=C:\WINDOWS\SYSTEM32\SCARDSVR.EXE


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{11B762AF-09CC-8DB8-0706-030102020402}]
C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl



-- End of Deckard's System Scanner: finished at 2008-03-21 17:28:24 ------------

And here is the extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Unable to create WMI object.

Architecture: X86; Language: English

Percentage of Memory in Use: 43%
Physical Memory (total/avail): 510.55 MiB / 289.46 MiB
Pagefile Memory (total/avail): 1246.55 MiB / 1103.45 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1950.64 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 15.9 GiB total, 2.67 GiB free.
D: is Fixed (FAT32) - 2.73 GiB total, 2.69 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Seph2501\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.1_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FRANKENSTEIN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Seph2501
LOGONSERVER=\\FRANKENSTEIN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\COMMAND;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=080a
ProgramFiles=C:\Program Files
PROMPT=$p$g
QTJAVA=C:\Program Files\Java\j2re1.4.1_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Seph2501\LOCALS~1\Temp
TMP=C:\DOCUME~1\Seph2501\LOCALS~1\Temp
USERDOMAIN=FRANKENSTEIN
USERNAME=Seph2501
USERPROFILE=C:\Documents and Settings\Seph2501
winbootdir=C:\WINDOWS
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Seph2501 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /UNINSTALL /PROMPT
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\mrun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~2\INSTALL.LOG
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Compaq Automatic Updating for Windows --> C:\WINDOWS\SYSTEM32\WSCRIPT.EXE c:\system.sav\scom\migrate\auuninstall.js
Easy Access Button Support (Drivers) --> RunDll32 setupapi.dll,InstallHinfSection CPQUninstall 2 setupEAK.inf
GTOneCare --> MsiExec.exe /X{72690A58-4C2A-4CDE-928C-DF925B125F43}
Hero Editor V0.90 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Diablo II\ST6UNST.LOG"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IE5 Custom --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6EE62600-E578-11D4-AA80-00508B10B759}\setup.exe"
Java 2 Runtime Environment, SE v1.4.1_02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\SETUP.EXE" Anytext
Last.fm 1.4.2.58376 --> "C:\Program Files\Last.fm\unins000.exe"
Macromedia Flash Player --> MsiExec.exe /X{4ecaf021-478c-40c1-b777-3368a15f9966}
Mame32 --> MsiExec.exe /I{79C9D412-C4B3-4B55-9A20-F5A3B7B277C9}
Microsoft AppLocale --> MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Protection Service --> MsiExec.exe /I{85CFDC2D-710E-49D5-B799-F3743CA506BA}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Application Compatibility Database --> C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Microsoft Windows Live OneCare Resources v2.0.2500.22 --> MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus --> MsiExec.exe /I{E6A31482-989E-4E3C-B0C0-1ED4DBD5BC83}
Microsoft Windows OneCare Live v2.0.2500.14 Idcrl Install --> MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Microsoft Windows OneCare Live v2.0.2500.22 --> MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
Microsoft XML Parser and SDK --> MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
PX Engine --> MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
Quake III Arena --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Quake III Arena\QIII.isu"
Quake III Arena Point Release 1.32 --> C:\WINDOWS\unvise32.exe C:\Program Files\Quake III Arena\uninstal5.log
QuickConnect --> C:\Program Files\InstallShield Installation Information\{4998FF95-709A-430A-B104-92A009ABB848}\setup.exe -runfromtemp -l0x0009 -removeonly
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Qwest QuickCare 2.0 --> "C:\Program Files\Qwest\QuickCare\unins000.exe"
Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\SETUP.EXE" UNINSTALL
SoulSeek Client 156b --> "C:\Program Files\Soulseek\uninstall.exe"
USB Storage Adapter FX (TPP) --> tppun.exe TPPFX
USB Storage Driver --> DelUIDrv.exe
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WMP7 Customizations --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Compaq\WMP7 Customizations\DeIsL1.isu" -c"C:\Program Files\Compaq\WMP7 Customizations\_ISREG32.DLL"
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type5970 / Error
Event Submitted/Written: 03/21/2008 04:52:58 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application md.exe, version 1.0.0.1, faulting module md.exe, version 1.0.0.1, fault address 0x0000a101.
Processing media-specific event for [md.exe!ws!]

Event Record #/Type5969 / Error
Event Submitted/Written: 03/21/2008 04:33:37 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type5968 / Warning
Event Submitted/Written: 03/21/2008 03:56:45 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800706BA

Event Record #/Type5966 / Warning
Event Submitted/Written: 03/21/2008 03:56:13 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800706BA

Event Record #/Type5965 / Warning
Event Submitted/Written: 03/21/2008 03:55:40 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800706BA



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type29277 / Error
Event Submitted/Written: 03/21/2008 04:53:21 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll.
Reference error message: The operation completed successfully.
.

Event Record #/Type29276 / Error
Event Submitted/Written: 03/21/2008 04:53:21 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Event Record #/Type29275 / Error
Event Submitted/Written: 03/21/2008 04:53:21 PM
Event ID/Source: 32 / SideBySide
Event Description:
Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Event Record #/Type29274 / Error
Event Submitted/Written: 03/21/2008 04:39:47 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll.
Reference error message: The operation completed successfully.
.

Event Record #/Type29273 / Error
Event Submitted/Written: 03/21/2008 04:39:47 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.CRT.
Reference error message: The referenced assembly is not installed on your system.
.



-- End of Deckard's System Scanner: finished at 2008-03-21 17:28:24 ------------

[Essexboy]

One or more of the identified infections is a backdoor Trojan and a key logger.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

Lets see if I can fix it

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\WINDOWS\system32\H@tKeysH@@k.DLL

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  Purity

• Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

THEN

Make sure that DSS.exe is located on your Desktop.
Click on your START button, then choose Run. A little box will appear.
Now copy and paste all the following in bold (including the "" marks) into the run box and click OK.

"%userprofile%\desktop\dss.exe" /daft

This will start DSS in a different way. A small window will appear.
Click on the Scan button.
If it finds faulty file associations, they will appear in red beside a checkbox. If this occurs, just place a tick in the boxes in question.
Click the Fix button.
Re-scan and save a logfile. By default, it will save as daft.txt.

FINALLY FOR NOW

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

[DarkKnight82]

OTMover Results

DllUnregisterServer procedure not found in C:\WINDOWS\system32\H@tKeysH@@k.DLL
C:\WINDOWS\system32\H@tKeysH@@k.DLL NOT unregistered.
C:\WINDOWS\system32\H@tKeysH@@k.DLL moved successfully.
[Custom Input]
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03212008_174903


daft.txt Results from the DSS Test

DAFT Log saved on 2008-03-21 17:52:35
-----------------------------------------------------------------------
All associations okay!

I will post the ComboFix and HijackThis Log in the next reply. Please stand by...

[DarkKnight82]

ComboFix Result Log

ComboFix 08-03-21.1 - Seph2501 2008-03-21 17:58:03.1 - FAT32x86
Running from: C:\Documents and Settings\Seph2501\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Seph2501\Application Data\FunWebProducts
C:\Documents and Settings\Seph2501\Application Data\FunWebProducts\Data\Seph2501\avatar.dat
C:\Documents and Settings\Seph2501\Application Data\FunWebProducts\Data\Seph2501\register.dat
C:\Program Files\internet explorer\msimg32.dll
C:\WINDOWS\hosts
C:\WINDOWS\start.exe
C:\WINDOWS\Web\default.htt

.
((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))
.

2008-03-21 17:56 . 2008-03-21 17:56 3,631 --a------ C:\44.tmp
2008-03-21 17:49 . 2008-03-21 17:49 <DIR> d-------- C:\_OTMoveIt
2008-03-21 17:24 . 2008-03-21 17:24 <DIR> d-------- C:\Deckard
2008-03-21 17:14 . 2008-03-21 17:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-21 14:45 . 2008-02-20 12:19 217 --a------ C:\boot.ini.save
2008-03-21 02:23 . 2008-03-21 03:40 480 --a------ C:\WINDOWS\SYSTEM32\svchost
2008-03-20 03:26 . 2008-03-20 03:26 <DIR> d-------- C:\Program Files\Meido
2008-03-03 00:35 . 2008-03-21 03:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-03 00:35 . 2008-03-03 00:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-29 13:46 . 2008-02-29 13:46 <DIR> d-------- C:\Program Files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 16:41 171,128 ----a-w C:\Documents and Settings\Seph2501\Application Data\GDIPFONTCACHEV1.DAT
2008-02-20 08:58 --------- d-----w C:\Program Files\CCleaner
2008-01-11 04:53 44,544 ----a-w C:\WINDOWS\SYSTEM32\dllcache\pngfilt.dll
2005-01-10 06:54 284 ----a-w C:\Documents and Settings\Seph2501\Application Data\ViewerApp.dat
2000-06-20 22:37 271 --sh--w C:\Program Files\desktop.ini
2000-06-20 22:37 23,357 ---h--w C:\Program Files\folder.htt
.

------- Sigcheck -------

Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 21:49 4662776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe" [2001-08-23 12:00 3072 C:\WINDOWS\SYSTEM32\systray.exe]
"QUICKCARE"="C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe" [2007-05-09 18:15 198800]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-01-22 19:43 67112]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Seph2501^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\Seph2501\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2006-01-17 13:03 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPP Auto Loader]
--a------ 2003-07-16 05:11 118784 C:\WINDOWS\tppaldr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"=
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
"WeatherCast"="C:\Program Files\WeatherCast\Weather.exe" /q
"AIM"=C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
"msnmsgr"="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ScanRegistry"=C:\WINDOWS\scanregw.exe /autorun
"TaskMonitor"=C:\WINDOWS\taskmon.exe
"PCHealth"=C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"CPQEASYACC"=C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
"WildTangent CDA"=RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
"LoadQM"=loadqm.exe
"WhenUSave"="C:\Program Files\Save\Save.exe"
"BurnQuick Queue"=C:\Program Files\BurnQuick\BQTray.exe
"Digital Dashboard"=C:\Program Files\Compaq\Digital Dashboard\CPQMLDET.exe
"EACLEAN"=C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
"CpqBootPerfDb"=C:\Cpqs\Scom\CpqBootPerfDb.exe
"ViewMgr"=C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
"NAV DefAlert"=C:\PROGRA~1\NORTON~1\DEFALERT.EXE
"Hidserv"=Hidserv.exe run
"Norton Auto-Protect"=C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
"New.net Startup"=rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"WCOLOREAL"=C:\Program Files\COMPAQ\COLOREAL\COLOREAL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"SchedulingAgent"=mstask.exe
"ScardSvr"=C:\WINDOWS\SYSTEM32\SCARDSVR.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Last.fm\\LastFM.exe"=
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{11B762AF-09CC-8DB8-0706-030102020402}]
C:\WINDOWS\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
"2008-03-06 05:00:02 C:\WINDOWS\Tasks\Tune-up Application Start.job"
"2008-03-21 07:17:46 C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job"
- C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-21 18:03:24
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-21 18:04:00
ComboFix-quarantined-files.txt 2008-03-22 00:03:58
.
2008-03-12 22:19:17 --- E O F ---


HijackThis Result Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:06:18 PM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-21-854245398-1202660629-1060284298-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-854245398-1202660629-1060284298-1004\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User '?')
O4 - S-1-5-21-854245398-1202660629-1060284298-1004 Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User '?')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZJfox000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2p...bs/QOLCheck.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.co...aploader_v5.cab
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 4521 bytes


Um....My desktop and icons and everything are gone! I had to go into the Task Manager to get back to Firefox to come here. Is that normal!?

[DarkKnight82]

This is really frustrating me. I rebooted my system and I got my Desktop Icons back, but I have no Taskbar/Start Menu button, I still have no audio, and I can't drag my icons around. What's going on with my PC?

[Essexboy]

To get your taskbar and start button back

Download fixshell.zip and extract the file to your desktop
Double click fixshell.com it may take a while and need a reboot
Let me know if your desktop returns


1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\44.tmp

Folder::
C:\WINDOWS\SYSTEM32\svchost
C:\PROGRA~1\NEWDOT~1
C:\Program Files\Save

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

THEN

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.

[DarkKnight82]

My Taskbar and Start Menu button did NOT return. But, *sigh* I am about to follow your instructions. I will post up the log results in a few minutes. Oh, btw, for some reason I can't Copy and Paste. You know that code box you asked me to copy and paste in Notepad and drag to Combofix? Well, it wouldn't let me and I had to type everything in manually. Oh, and I can't drag any of my icons on my desktop. So, dragging that CFScript file over to Combofix....isn't going to happen. So, what do I do?

Edited by DarkKnight82, 22 March 2008 - 11:56 AM.

[Essexboy]

Run Dr web please and I will look for a fix to this unusual problem

[DarkKnight82]

Alright. Well, it's scanning my C and D drives. Once it's complete, I'll post the Dr. Web log.

[Essexboy]

Silly question do you have a 3 button mouse and if so is the middle button free ?

[DarkKnight82]

No, it's a 2-button mouse with a wheel in between.

[DarkKnight82]

This scan looks like it's gonna take awhile. So, I am going to head off to my Halo 3 tournament. It'll be done by the time I return, hopefully. I'll post up the results in my next reply.

[DarkKnight82]

DrWeb Scan Results Log

riched20.dll;C:\Program Files\MSN Messenger;Adware.Msearch;;
msimg32.dll;C:\Program Files\MSN Messenger;Adware.Funweb;;
sprtsync.dll;C:\Program Files\Qwest\QuickCare\bin;Probably DLOADER.Trojan;;
modem_common.js;C:\Program Files\Qwest\QuickCare\agentcommon\inc;Probably SCRIPT.Virus;;
sma_common.js;C:\Program Files\Qwest\QuickCare\agentui\snapins\preferences;Probably SCRIPT.Virus;;
Perfect Keylogger.exe;C:\Deckard\System Scanner\20080321175157\backup\DOCUME~1\Seph2501\LOCALS~1\Temp\RarSFX0;Trojan.Peflog.41;Deleted.;
Perfect Keylogger.exe;C:\Deckard\System Scanner\20080321175157\backup\DOCUME~1\Seph2501\LOCALS~1\Temp\RarSFX1;Trojan.Peflog.41;Deleted.;
popcaploader.dll;C:\Deckard\System Scanner\20080321175157\backup\WINDOWS\Downloaded Program Files;Program.PopcapLoader;;
H@tKeysH@@k.DLL;C:\_OTMoveIt\MovedFiles\03212008_174903\WINDOWS\system32;Tool.Hatkeys;;
msimg32.dll.vir;C:\QooBox\Quarantine\C\Program Files\Internet Explorer;Adware.Funweb;;
C.bat;C:\ComboFix;Probably BATCH.Virus;;
FIND3M.bat;C:\ComboFix;Probably SCRIPT.Virus;;
psexec.cfexe;C:\ComboFix;Program.PsExec.171;;
A0073015.exe;C:\System Volume Information\_restore{6091F950-66F7-4751-A8BE-D7F620739BFA}\RP621;Tool.GameCrack;;
A0073031.dll;C:\System Volume Information\_restore{6091F950-66F7-4751-A8BE-D7F620739BFA}\RP621;Adware.Funweb;;
A0073036.bat;C:\System Volume Information\_restore{6091F950-66F7-4751-A8BE-D7F620739BFA}\RP621;Probably BATCH.Virus;;
A0073038.bat;C:\System Volume Information\_restore{6091F950-66F7-4751-A8BE-D7F620739BFA}\RP621;Probably SCRIPT.Virus;;
A0074110.exe;C:\System Volume Information\_restore{6091F950-66F7-4751-A8BE-D7F620739BFA}\RP621;Trojan.Peflog.41;Deleted.;
A0074111.exe;C:\System Volume Information\_restore{6091F950-66F7-4751-A8BE-D7F620739BFA}\RP621;Trojan.Peflog.41;Deleted.;


Oh, and btw, the fixshell program didn't work.