Thank you, Dave. I follwed those steps you gave me and here is the text file:
SDFix: Version 1.188 Run by Dawn on Fri 06/06/2008 at 04:15 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Name :
AAVF
Path :
C:\WINDOWS\system32\svcd\svchost.exe
AAVF - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\CID - Deleted
C:\WINDOWS\system32\svcd\svchost.exe - Deleted
C:\WINDOWS\system32\SvcNm - Deleted
C:\WINDOWS\system32\TmpX.exe - Deleted
C:\WINDOWS\system32\upds.log - Deleted
C:\WINDOWS\system32\url1 - Deleted
C:\WINDOWS\system32\url2 - Deleted
C:\WINDOWS\system32\url3 - Deleted
Folder C:\WINDOWS\system32\svcd - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-06 16:26:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\9482f4b4-e343-43b6-b170-9a65bc822c77]
"FlushCacheFiles"=str(7):"d\2Xq
\xfff8\xffffq\xffc8\xffffPretzel.DocumentInfo.1\0l\0006\xfff0\xffff`\xf7\x1fc00\x32f00\xffd8\xffffv\16\n\0q\1\0\1qTraigoeq\xfff8\xffffq\xff90\xffffn \0\0\x83\0\0\0\0\xffff\xffff\xffff\xffff\1\0Ohw\xffff\xffff\0\0\0\0@\0\x80\0\0\0 \098B2\x303048E5BF63B49\xfff0\xffff/\xc780\0\xffe8\xffffv\0.\00q\1\0\0\xffd8\xffffv\v\4\1qSoIfCce\t\xffe0\xffffv\a\4\0\xffd0\xffffAxsTextCommand Class\0q\xffc8\xffffv ~\0 \xa0\1\0\1O\x3245\x3034F791BAD6\x3338B1204\xffe8\xffffv\0\x80\0\xeed8/\1\0\0\0\xfff0\xffffX-0@0\xfff0\xffffCC\xf575\xfff0\xffffq\xf020
\xffe8\xffffPq\xe850qq\xed50q\xed78q\xffd8\xffffv\v\22\0q\1\0\1\x32f6Isalae\xed12\xfff8\xffff\0(q\3\0\1\0Bo\0\0\xff88\xffffn \x2ee0\xf8b9|\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0q\0\xffff\xffff\0\0\0\0\b\0e\0\0\0(\049A92B07CD86C\x3343322431\xffe0\xffffv\4e\0 \3\0\1\0Bo\0\0\xffe0\xffffv\4\x377\0r\3\0\1\x2a1aBoVF\xfff8\xffffq\xfff0\xffffnull\0\27\xfff8\xffff(q\xffe0\xffffv\4\0 q\3\0\1\0Bo\0\0\xff88\xffffn 0\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\00q\0\xffff\xffff\0\0\0\0\b\05\0\n(\0\x3034\x3237B3F\x33435\x333488F26B5041A2\xffe0\xffffv\45\08\3\0\1\xdd9aBoK\xffe0\xffffv\4\0 \3\0\1\0Bo\0\0\xfff8\xffffqhimail CA\0\24\0\1\0\24\0r4\xf455r~ \0\1\0\x331\00\x2d030\10*H\xdf7\x504\x3000\xb310\x306UA\x3015\x613\x804Wse\x206eCp10\x306U a\x2065Tw\x1a310\x306U
hw\x2065Cnutn\x2831\x2630\x306Uetfcto evc\x2073Dvso\x2431\x2230\x306Uhw\x2065Proa rea\x206cC\x2b31\x2930*H\xdf7esn\x2d6cfemi@hw\x2e65c\x306d\x171e
\x3036\x3031\x3031\x3030\x30300\x3032\x32313\x333255\x305a\xb310\x306UA\x3015\x613\x804Wse\x206eCp10\x306U a\x2065Tw\x1a310\x306U
hw\x2065Cnutn\x2831\x2630\x306Uetfcto evc\x2073Dvso\x2431\x2230\x306Uhw\x2065Proa rea\x206cC\x2b31\x2930*H\xdf7esn\x2d6cfemi@hw\x2e65c\x306d0*H\xdf7\x501\x300\x3000\x81װd\xe971\xd847 \xeab6r^-\xdf12\x2585\x2875t\x2c42\x2763{\x1a64n\x4de8\xa638z\xa50cK\x2919\x269aջ\x824jژ\xe5dbZ\x302\1\x3013\x3011\x60f\x4ff\x3005\xff010*H\xdf7\x504\x300\x2f9c\xa6fe݄\xf8e4w\xffd8\xffffv\20l\0pq\1\0\1HdIosomn\xfff0\xffffopen\0s\xfff0\xffff\xa678\xf7PI\xfff8\xffffq\xfde0\xffffs\x2ba2\xab28\x82\xf8c8q\a\0\0\1\0\0\0\0\24\0\2\22\0\0\24?\17\0\0\x500\22\0\xb00\24\0\0\0\x500 \0\x220\0\xb00\30\0\2\0\0\x500 \0\x221\0\x1a00\30\0\0\0\x500\25\0&\x2f1e\xe8dd\x1ce4\xa78a2\0\x501\0\0\x500\25\0&\x2f1e\xe8dd\x1ce4\xa78a2\08\xffd8\xffffv\17\2\xffff\3\0am\0\0\xffffURL: AOL Instant Messenger Protocol\0er\xffffn \0\0q\1\0\0\0q\xffff\xffff\0\0\xffff\xffff \x82\xffff\xffff\b\0\0\0\0\0\0\0\xffff\xffff\5\0se\xff6c\xffff\xffffn \0\0q\1\0\0\0Xq\xffff\xffff\0\0\xffff\xffff \x82\xffff\xffff\16\0\0\0\0\0\0\0\xffff\xffff\4\0oe\xffff\xffff\xffffn \0\0q\0\0\0\0\xffff\xffff\xffff\xffff\1\0XA \x82\xffff\xffff\0\0\0\0\0\0D\0\xffff\xffff\a\0cmad\xfff0\xffff&New\0\xffe8\xffffv\0Z\0,\1\0\0\xffffC:\Program Files\AIM\aimauto.exe\0q\xfff0\xffff\xf575\xfff0\xffff\xf150`Pq
\xff88\xffffn \xa9f0w\0\0(\5\5\0\0\0-\xffff\xffff\2\0A \x82\xffff\xffff0\0\0\0\n\0N\0\20\0&\0{\x33428F\x2d461B-A\x2d41\x30411-D\x33364\x323106R\xffc8\xffffPretzel.AxsTextCommand.1\0q\xfff0\xffffH\xf575\b\0+\x501\x705\x806+\x501\x705\x303\3\0\1\0\24\0$
W\xa643\xa7f\x74b\xf649\x2ba2\24\0\1\0\24\0\x2f90|\xf1e\xa54b\x1311\xea47 \0\1\0\x244\000\xa901\xdf28<\xfa82\x10670*H\xdf7\x502\x3000a\x3011\x60f\x704\x813Itre\x17310\x306U
eii\x2c6e n\x312e\x30331\xb04\x2a13VrSg omri\x206cSfwr ulse\x2073C0900\x3030\x3030\x3030\x175a\x300d\x3034\x3031\x323739901\xf30\x306Unent\x3017\x615\xa04VrSg\x202cI\x2e63\x3331\x3130\x306U*eii\x206eCmeca ota\x2065Pbihr \x30410*H\xdf7\x501\x300\x3000\x81iR\x28abTŇJ׀\xd88d\xf10c\x29a9vŦ\xd85c8\xed90T\xef5f\x2de\xdd82\x2988\xa54fd<\xffe8\xffffv\0&\0r\1\0\0r\xfff0\xffff\xd68;\b\0Pq\xffd8\xffffv\vj\0pq\1\0\1Dslyaeɇ\xfff0\xffffrrr\xff88\xffffn \xf3e0_\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0q\0\xffff\xffff\0\0\0\0\b\0\x487\0\0\0(\0245C1173\x33382D\x3243\x3236F36D062\xff88\xffffn \xe580\\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0q\0\xffff\xffff\0\0\0\0\b\0e\0\0\0(\02137E96AA7F0\x3241DB2A\x3338\x33303\xff88\xffffn \0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0q\0\xffff\xffff\0\0\0\0\b\0\x3f7\0\0\0(\0372\x304472\x33335FA\x3343445EBDFFA\xff88\xffffn 0\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0\x9fe8q\0\xffff\xffff\0\0\0\0\b\0\0\v(\0383\x3336F52CBA\x30460CEB3606C\xfff8\xffffq\xfff8\xffff(q\xfff8\xffff qhiIDORES\0\24\0\1\0\24\0(rs\x2d0e\x1a72 \0\1\0\000\x2002\x3000\x60d\x2a09\xf786
\50\x300b\x609\x604E10\x306U ACLN10\x306U ACLN\x1931\x1730\x306U
P euia A\x3018\x616\xb04\xf13Criiains\x3017\x615\x304I\x2053SRIOE1\x1c30*H\xdf7p@a\x2e6ci\x2e73e09\x3130\x3130\x333220\x175a\x300d9\x3232\x3239\x3233\x303170\x300b\x609\x604E10\x306U ACLN10\x306U ACLN\x1931\x1730\x306U
P euia A\x3018\x616\xb04\xf13Criiains\x3017\x615\x304I\x2053SRIOE1\x1c30*H\xdf7p@a\x2e6ci\x2e73e0\x309f\x60d\x2a09\xf786
\5\x8d0\xa910\x22d8\x596T\xa7c5وw\x33e\x2dd2lF\xab22
\xdd1d\xf446\xdd01.=p\x187c\xabd0\x777F\\xdba0B\xe6c0\xffd8\xffffv\20l\0q\1\0\1SoIosomn\xfff0\xffff;&\0\xffe0\xffffv\b\4\xffffv\bR\0q\1\0\1\x2ffcHlLn\xffff\4\0\1\0\20\0\x23db=\xfa69KD^A\31\0\1\0\20\0YAWs\x2a4bu\3\0\1\0\24\0'\x24e1W \x2be8V\x32f5\t\0\1\0\26\00\x806+\x501\x705\x806+\x501\x705\v\0\1\08\0VeriSign Class 1 Primary CA\0\24\0\1\0\24\0gH\xea6e\xe5ec^ \0\1\0\x306\000L\xaaeaq\x1093:0*H\xdf7\x505\x3000\xb310\x306US\x3017\x615\xa04VrSg\x202cI\x2e6310\x306U3ls ul\x2063Pia\x2079Criiai\x206eAtoi\x2079\x202d\x324710\x306U\x2831\x2963 9\x2038VrSg\x202cI\x2e63\x2d20 o uhrz\x2064u\x2065ol1\x1d30\x306Ueii\x206eTu\x2074Nto\x306b\x171e
858\x3030\x3030020\x3130\x333255\x305a\xb310\x306US\x3017\x615\xa04VrSg\x202cI\x2e6310\x306U3ls ul\x2063Pia\x2079Criiai\x206eAtoi\x2079\x202d\x324710\x306U\x2831\x2963 9\x2038VrSg\x202cI\x2e63\x2d20 o uhrz\x2064u\x2065ol1\x1d30\x306Ueii\x206eTu\x2074Nto\x306b0*H\xdf7\x501\x300\x3000\x81\x2d16\xfd21\xd894Rn\xa56U\x2187\xde21\x326b\x1b3f\x595\xeb35\xeb92\xdd96?S\xe5ed\x2ae2Z\xa6c4\xa6eb]$\x1aaboQ\xa66e\xe2c8\xe5b7\xdc34A\x9ea@s=\x302\1\x3001\x60d\x2a09\xf786
\x501\5\x81\x2cbe\xd9cb-;-k`#\б\xe0db\xdd0dNJ\xe6c0\xa56b\xdda4\xed72N\xead3tAe\xf158<ɇm"\xe85c\xd9f2\xec25\xffd8\xffffv\f\4\2\x20e1\0_b"\xaabd\x34a[fl\xab41A\xec2a)\xa9c0\xed38j\x3042>]PKt\xe4f7a\xf07f\xeb9e\x19abd\x302\1\x304c\x304aH0\x1080\x270d\xe429\x2a05w5\x2d93\x1d30\x1b31\x1930\x306Uo\x2074S\x2043Atoiy\x200a\xed1\x3080\x60d\x2a09\xf786
\5\x24e5\xe815\xed5a_\xdbb2P-\xffffn b\0\0\xe608}\0\0\0\0\xffff\xffff\xffff\xffff\17\0 r \x82\xffff\xffff\0\0\0\0(\0j\0\xf868\3\0WA\xff88\xffffn \xdb00\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0q\0\xffff\xffff\0\0\0\0\b\0\0\0\0(\0\x3034E81\x323531D94A11\x3342B3BA5F\xff88\xffffn Є\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\08q\0\xffff\xffff\0\0\0\0\b\0\x385\0\0\0(\0\x3334DBF\x3346B9\x3337\x333810FB89\x3035\x3332\x30447\x3035\xffe0\xffffv\4\x385\0 q\3\0\1\0Bo\0\0\xff88\xffffn \0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0@q\0\xffff\xffff\0\0\0\0\b\0\x3f7\0\0\0(\0\x3334FB\x3031DBF4\x3232\x32353\x3042\x30440232E95\xffe0\xffffv\4\x3f7\0\x1970\3\0\1\0Bo\0\0\xff88\xffffn \x2080\xf8b6|\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0q\0\xffff\xffff\0\0\0\0\b\0\x31c\0\0\0(\04\x3336C3DCC\x30306962B5\x3344B\x3238586\xffe0\xffffv\4\x31c\0\xe858\3\0\1\0Bo\0\0\xfff8\xffffhq\xff88\xffffn \x2ee0\xf8b9|\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0(q\0\xffff\xffff\0\0\0\0\b\0\0\0\0(\04AB1C\x32416\x3238479F\x3234946\x323763D\xffe0\xffffv\4\0\xe020q\3\0\1\xdd9aBoK\xfff8\xffffq\xff88\xffffn \x2ee0\xf8b9|\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0q\0\xffff\xffff\0\0\0\0\b\0\x3f8\0\0\0(\04\x3234171FA86CF76\x3238A\x3030AD\x32324\xffe0\xffffv\4\x3f8\0\xf430q\3\0\1\0Bo\0\0\xfff8\xffffq\xffe0\xffffv\4 \0\xf020q\3\0\1\x2bc2Bo\x28d1"\xfff8\xffffq\xfff8\xffffqhi\x2a10\xf283,\xfe194\v\0\1\0006\0FESTE, Public Notary Certs\0\t\0\1\0\26\00\x806+\x501\x705\x806+\x501\x705\3\0\1\0\24\0\xdd43\xf607#|\24\0\1\0\24\0\xe1bd\x2f53\xfbba#_?\x2e82"\x1b1b\xe006 \0\1\0\000\x3000\x60d\x2a09\xf786
\50\x3194\x300b\x609\x604E10\x306U acln10\x306U acln10\x306U
udco ET\x23310\x306UET\x202cPbi oa\x2079Crs\x301e\x61c\x2a09\xf786
\xf16fsefs\x2e65o\x3067\x171e
953\x3239\x32318\x3032\x3130\x3130122\x305a\xb310\x306US\x3012\x610\x804Breoa\x3012\x610\x704Breoa\x3018\x616\xa04\xf13Fnai\x206eFSE#!\x304\x1a13FS\x2c45 ul\x2063Ntr et1\x1c30*H\xdf7
[email protected]\x309f\x60d\x2a09\xf786
\5\x8d0\xe100\xf383\x2e9b\xe7c9v\xe7be\x2686\x1a77U&_2A@p\xf1f0\xf8dabSbX\xf76c\x18e1\x280701OYE~\xdbc9\xdfd4\x181eM\x1ad6\x2f3\1\x3030F35B690D\x3341C7\x32394\x3242F\xfff8\xffffq\xfff8\xffff\xdac8q\xfff8\xffffq\xffd8\xffffv\16\24\0hs\1\0\1Dslyeso\xfff8\xffffv\0z\08.\1\0\0q\xfff8\xffffHq\xffd8\xffffv\f4\0p.\1\0\1/Cne\x2074Tp\x2b80/\xffffn `\0\0\0\0\0\0\xffff\xffff\xffff\xffff\1\0A \x82\xffff\xffff\0\0\0\0\0\0.\0\0\0\6\0PoI\0\xfff0\xffff\x22f0/\xefe0NPO\xffe8\xffffv\0\34\0>\1\0\0q\xfff0\xffff \x85\x85q\xfff0\xffffl\1\xeaf8q1\0\xffe8\xffffv\0002\0.\1\0\0\xffe8\xffffv\0(\0\1\0\0\xffe0\xffffv\2h\0-\3\0\1\x3331\0tn\xfff8\xffffq\xfff8\xffffq\xfff8\xffffq\xffd8\xffffv\16\26\07\1\0\1eAtUdtTs \xffe0\xffffv\5\x8e\0<\1\0\1sTkns\b\0Xq\xfff0\xffff\x31f8.\x31f8..\xfff0\xffffhJ`J\x2d90J\xfff8\xffffq\xffe0\xffffv\5<\0<\a\0\1RFlsi\xffe8\xffffCR\x3231\x2030\x31309\x303412\xffe0\xffffv\5N\0\xa6d8\xf7\1\0\1ApDT\xffd0\xffffv\21(\0\1\0\1NxDtcinie\0\0\xffd8\xffffv\v\2Lvlii\xffe0\xffffv\a\4\1(q\1\xfff8\xffff\xe700q\xffffKodak Gallery Easy Upload Manager Class\0+\x501\xffffn O\0\0\xda58q\0\0\0\0\xffff\xffff\xffff\xffff\1\0q \x82\xffff\xffff\0\0\0\0\0\0N\0si\5\0CSDC\xffe8\xffffv\0N\0q\1\0\0\xffff{6f750201-1362-4815-a476-88533de61d0c}\0Eu\xff90\xffffn O\0\0\0\2\0\0\0 q\xffff\xffff\1\0\xdae0q \x82\xffff\xffff\f\0\0\0\0\0P\0\x32363\e\0aoul.FekoUlaM\xe72Eu\xffe8\xffffv\0P\0q\1\0\0q\xffffKodak Gallery Easy Upload Manager Class\0\xd9e7\xffffn 13\0\0q\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xdae8q \x82\xffff\xffff\0\0\0\0\0\0N\07\5\0CSD\xfff8\xffff8q\xfff8\xffffq\xffe8\xffffv\0N\0pq\1\0\0\x305f\xffff{6f750203-1362-4815-a476-88533de61d0c}\0\x60b\x304\xffffn 13\0\0q\0\0\0\0\xffff\xffff\xffff\xffff\1\0Hq \x82\xffff\xffff\0\0\0\0\0\0<\0\xfdcb\x20d8\6\0Cre\xffe8\xffffl\2q[\x7b8q\xffe8\xffffv\0<\0Pq\1\0\0\x77d\xffc0\xffffaxofupld.OFDesktopUploadMgr.4\0\xffe8\xffffv\0P\0\1\0\0D\xffe8\xffffv\0<\0\1\0\0\x28de\xfff8\xffffq\xffe8\xffffv\0v\08\08\1\0\0\x1aac\xffff\24\0\1\0\24\0\xf47b\x3387\xd8509`.\3\0\1\0\24\0\xf048\xd691H\31\0\1\0\20\0ӌ \0\1\0\x2e9\00\xe5020\x11a5Ӕ\xeeed\x30c0\x60d\x2a09\xf786
\5\x1d30\x1b31\x1930\x306Uo\x2074S\x2043Atoi\x3079\x171e
9\x3238\x3030\x3130\x323680\x3230\x33320\x3030\x3030\x305aE\x300b\x609\x604U10\x306U
T oprto\x1c31\x1a30\x306UT yeTu\x2074Ro0\x309f\x60d\x2a09\xf786
\5\x8d0\x220aO\xe5bd\xdf96B$'c^\x2402U=\xdbe5q\x28ba\x21d7\xf56eW'\x172b\x248aM\x2411\xeef3\x2d18O\x2c48\xea8f\xa923\x2122\x2de3\xffe0\xffffv\b,\0q\1\0\1qFlNm\xfff8\xffff\xe550q\xffd8\xffffv\fB\0\xdaf0q\1\0\1\x29dfULnobu\xffe0\xffffv\4\x36e\0\x368r\3\0\1\xda7dBo\2\xe397\xfff8\xffffq\xffe0\xffffv\4\x33f\0 r\3\0\1\0Bo\0\0\xfff8\xffffq\xfff8\xffffq\xfff8\xffffqhiliborca_comm.dll\0\xfdff\xff90\xffffn dO\0\0\0\0\0\0\xffff\xffff\xffff\xffff\1\0qhw\xffff\xffff\0\0\0\0@\0\0 \05F35B690D\x3341C7\x32394\x3242F\xffc8\xffffv \0q\1\0\19\x3030F35B690D\x3341C7\x32394\x3242F\xff08\xffffC:\Documents and Settings\Dawn\Local Settings\Application Data\Kodak EasyShare Gallery Software\Easy Upload\ofutils.dll\0U\xff78\xffffvl\2Dt\oa ayhr alr otae\xffe0\xffffv\5\4\0\0q\0\0\0\0\xffff\xffff\xffff\xffff\5\0Hq \x82\xffff\xffff\0\0\0\0\32\0002\0*\1\0\x3030\xffd8\xffffv\t2\0q\1\0\1NBidae\x10fa\x32de\xffc8\xffffMon May 15 21:47:22 2006\0\xffff\4\0\1\0\20\0*\0\1\08\0VeriSign Class 4 Primary CA\0\t\0\1\0*\0\x2830\x806+\x501\x705\x806+\x501\x705\x806+\x501\x705\x303\x806+\x501\x705\3\0\1\0\24\0?J\xe18baF\24\0\1\0\24\0\xe698.\x20e3.\x1b99\xabc9/ \0\1\0\x306\000~\xab112\xdb41^\xe301\xfdff0*H\xdf7\x505\x3000\xb310\x306US\x3017\x615\xa04VrSg\x202cI\x2e6310\x306U3ls ul\x2063Pia\x2079Criiai\x206eAtoi\x2079\x202d\x324710\x306U\x2831\x2963 9\x2038VrSg\x202cI\x2e63\x2d20 o uhrz\x2064u\x2065ol1\x1d30\x306Ueii\x206eTu\x2074Nto\x306b\x171e
858\x3030\x30300101\x333255\x305a\xb310\x306US\x3017\x615\xa04VrSg\x202cI\x2e6310\x306U3ls ul\x2063Pia\x2079Criiai\x206eAtoi\x2079\x202d\x324710\x306U\x2831\x2963 9\x2038VrSg\x202cI\x2e63\x2d20 o uhrz\x2064u\x2065ol1\x1d30\x306Ueii\x206eTu\x2074Nto\x306b0*H\xdf7\x501\x300\x3000\x81\xf0baTh\xdc44\x30e3s**\xed1c(~\xdc6a$A<\x1cbf\x594n\x1761l0\x2a37P\xdc81[\xeb6e\xe52fW\x2bb1@M\xd81f\xe2bc\xe858)\x302\1\x3001\x60d\x2a09\xf786
\x501\5\x81b\xe772 \x28b1\x18ffc\x2b9a \xebc9\x1df5~\xa6e3\x1028u?\x17f9\x2726\x2b6f\xdbc1k\xe5dcZ\xeffb@\xef876\xf187\xeae5\xefa3\xa6fb\xe877/\xdd861V\xd99e\xe841\xffff\4\0\1\0\20\0\xda97\x1d98o3\31\0\1\0\20\0\xe192\v\0\1\0<\0Equifax Secure eBusiness CA-2\0\t\0\1\0 \00\x806+\x501\x705\x806+\x501\x705\x806+\x501\x705\x303\3\0\1\0\24\09\x60b\x18e5V\xe110\xe880\24\0\1\0\24\0P\xea0b\x20b9\xa648P\xfdcb\x20d8\xa77a \0\1\0\x324\00\x20030p\x30b5\x60d\x2a09\xf786
\x501\50\xb310\x306US\x3017\x615\xa04Euf\x2078Scr\x2631\x2430\x306Uqia eu\x2065euie\x2073C\x322d090\x3332\x323114\x175a
9\x323632450\xb310\x306US\x3017\x615\xa04Euf\x2078Scr\x2631\x2430\x306Uqia eu\x2065euie\x2073C\x322d0\x309f\x60d\x2a09\xf786
\5\x8d0\xe4009R\x281b\xf836)\xe7eb\x5ff\xd9e7\x12bf\xf20e$\xde11 , F\xa683Eb\x201b\x3270\xa6cd7\xf304$\x1a07\x2e1ea\xe50b\xdfa5\xabc5q7\xa752\x246aj\x21dfU\x17310\x306U
qia eue&$\xb04\x1d13Euf\x2078Scr Bsns \x2d412\x300d\x60b\x304CL\x1a30\x306\x1d55\x3013\x320f\x31309\x323632450\x306\x1d55\x304\x61f\x231d\x18040P\xea0b\x20b9\xa648P\xfdcb\x20d8\xa77a\x1d30\x306\x1d55^ j\xd8fd \x3076\x60c\x504\x330\x30ff\x61a\x2a09\xf686\x077dA\xd040\x51b\x3356\x302e\x363\x602\x30c0\x60d\x2a09\xf786
\x501\5\x81 \xf51a\xe2275\x293d\x7b4P\xa885\xe042\x70f\xdf39>D~\xe71f\xef9a\xdece\x320b\xd934\x28de\x33edk\xd7d4=\xab58\x97d-\xf570'Ŕɝ\xa69b\xf4d3\xdc0b\x26c5\xe157\x3091\xff10\xffffC:\Documents and Settings\Dawn\Local Settings\Application Data\Kodak EasyShare Gallery Software\Easy Upload\ofxml.dll\0\xfff8\xffffq\xffd8\xffffv\f\4q\xffd0\xffffv\24\4q\0\0\0\0\xffff\xffff\xffff\xffff\1\0q\0\xffff\xffff\0\0\0\0\b\0 \08\v(\04ABDD88E2F\x3235E\x30412\x30324\x32468AF\xffe0\xffffv\4\x36e\0q\3\0\1`Boh\xffe0\xffffv\4:\0 \3\0\1\0Bo\0\0\xffe0\xffffv\4\08r\3\0\1\0Bo\0\0\xfff8\xffffq\xfff8\xffff\xeed0qhi9`. \0\1\0\0000*H\xdf7\x504\x3000E\x300b\x609\x604U10\x306U
T oprto\x1c31\x1a30\x306UT yeTu\x2074Ro09\x3230\x3332\x3332\x3130\x3030\x175a\x300d\x3036\x3232\x32333900\xb310\x306US\x3018\x616\xa04\xf13G\x2045Croain\x301c\x61a\x304G\x2045Cbrrs o\x30740*H\xdf7\x501\x300\x3000\x81\xe6b8O||D\xfd3\xd946\xe564BI\x2d35\xe77a1/\xfb0c\xa79f? \x1b29\xe987\xc7e\xa59f\xf57f\xd882h\x615h\xf8bd\x29f0Z\xa77\x2522\xaa45\xa8d4\x24cc\x2791J\x66d9\x338\x302\1\x3001\x60d\x2a09\xf786
\5\x81u\x1d5fU\0\0\0q\xffff\xffff\0\0\xffff\xffff \x82\xffff\xffff\6\0\0\0\0\0\0\0 \xef42\3\0S0\xffd0\xffffLegitCheckControl.dll\0\xfff0\xffff929ea\0\xff98\xffffn 0\0\0\xa960f\1\0\0\0s\xffff\xffff\0\0\xffff\xffff \x82\xffff\xffff$\0\0\0\0\0\0\0eN\23\0Cd tr aaaeB\0\xffd8\xffffv\n\4\0\xffd8\xffffv\n\4l\2([\x7b8꿭\xfff0\xffff\x1948
\xffd8\xffffl\3\xa8400\0p=\xa7880=\xf2e(q
\30\0v\0\4\0"\r\0\1\xbfC\rga ie\PDgt\x206cIaigSish1b\s\xa95c\xbf\xffffv1\2\0\1\0\1C\rga ie\PDgt\x206cIaigSish1d\s\\xffffv1\2\xffff\1\0q \x82\xffff\xffff\n\0\0\0\0\0P\0a\35\0aoul.FekoUlaM\x2e722\x269c\xffe8\xffffv\0P\0q\1\0\0\xf3e7\xfff8\xffffq\xfff8\xffffXq\xffffhttp://www.microsoft.com/genuine\0~\xffe0\xffffv\b,\0\xee38q\1\0\1FlNm\xff88\xffffn \x2ee0\xf8b9|\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xdff0q\0\xffff\xffff\0\0\0\0\b\0\0\0\0(\067C70\x3230\x3345C37FD\x324585\x30411934\xffe0\xffffv\4\0\xf470r\3\0\1\0Bo\0\0\xff88\xffffn \x2ee0\xf8b9|\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0\xdff8q\0\xffff\xffff\0\0\0\0\b\0\x341\0\0\0(\0686B0EEACB7\x3334\x3339\x3044750A15\xffe0\xffffv\4\x341\0\x3020r\3\0\1\0Bo\0\0\xfff0\xffffnull\0\0\b\0\xe578q\xff88\xffffn \x2ee0\xf8b9|\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0\0\0\0(\04\x3246E60CB01\x30456\x3045E43ADB\x3233D\xff88\xffffn \x2ee0\xf8b9|\0\0\x2df8q\0\0\0\0\xffff\xffff\xffff\xffff\1\0"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Fri 11 Apr 2008 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Sat 13 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 20 Oct 2006 121,344 ...H. --- "C:\Documents and Settings\Dawn\Application Data\MSN6\msnupdate!@#@.exe"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0c114cf5b19927cfea8b29c83de1ed86\BIT67.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22c3bb229d81eea2958e2b928ed5b9f9\BIT63.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\40a830826de015286a7a5523023b1e09\BIT6D.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\582374c56f566bb2a83a59d0c2cd7d87\BIT6B.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6b1eb7074a817bb98d49a4ae9242f4d3\BIT6A.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6b5f9b6e24a379bdb34ad3589556de3e\BIT72.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\89b70ceab9c1882c80e33e4e8d6798ba\BIT66.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\BIT68.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b79f0480d592be3a8c6db381ffc0c693\BIT6C.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c3c3c6d9de8be474641d4bbceb22a36f\BIT65.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cd41db5c2bdd95605f53e6da96f2b182\BIT69.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d820fbd6e1527bc9c51d0c3b240b96fd\BIT6E.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d8816d09f86abbe0c321ddc90d5c0948\BIT6F.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\deb995e7b7d2953ec6904bd5047bd45f\BIT70.tmp"
Fri 6 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ee52836d5c671146809a1dc54498be1f\BIT71.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\131ae35a2f5be2cefedd349d083bb253\download\BIT5F.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\299966e551b4462ae94e39e251e277b6\download\BIT5C.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\29f79ad83880337acafe2a37966d9d29\download\BIT64.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\393673217fc83f2b990ca70aa98f1df8\download\BIT60.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a6fd42e27be0137ebef38efe87879ed1\download\BIT5D.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\aa19f15378aa75d2b2c7ba5771e0c521\download\BIT61.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c1b0851ac9312d2f7e1ab716c11967b5\download\BIT62.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\download\BIT5E.tmp"
Finished!And my new Hijack This log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:35:33 PM, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.94.74.68:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -
https://activatemyds...DSL/tgctlcm.cabO16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) -
http://www.kodakgall..._2/axofupld.cabO16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) -
http://www.kodakgall..._2/axofupld.cabO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 6885 bytes