First off thank you so much for your reply i really appreciate your time!
already my mouse stopped constantly showing the hourglass loading.
here is the combofix log, and below that the hijackthis log!
ComboFix 07-05.04.3.V - Running from: "C:\Program Files\Mozilla Firefox\"
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\cicpvscm.dll
C:\WINDOWS\system32\dqvnnxio.dll
C:\WINDOWS\system32\ebctffjb.dll
C:\WINDOWS\system32\frikucev.dll
C:\WINDOWS\system32\hmfcgjdk.dll
C:\WINDOWS\system32\iekxiiai.dll
C:\WINDOWS\system32\lqdpfddm.dll
C:\WINDOWS\system32\osafpjfe.dll
C:\WINDOWS\system32\piweapeb.dll
C:\WINDOWS\system32\qdimnyln.dll
C:\WINDOWS\system32\ttbahyvf.dll
C:\WINDOWS\system32\tuvnaeie.dll
C:\WINDOWS\system32\wrxqmpbe.dll
C:\WINDOWS\system32\vecukirf.ini
C:\WINDOWS\system32\fvyhabtt.ini
C:\WINDOWS\system32\stutv.bak1
C:\WINDOWS\system32\stutv.bak2
C:\WINDOWS\system32\stutv.ini
C:\WINDOWS\system32\stutv.ini2
C:\WINDOWS\system32\stutv.tmp
C:\WINDOWS\system32\dkkbdkk.dll
C:\WINDOWS\system32\vtuts.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\5_exception.nls
C:\WINDOWS\system32\RunOnce2.tm_
C:\WINDOWS\system32\RunOnce2.t__
C:\WINDOWS\system32\winupd_KB44105752.exe
C:\WINDOWS\system32\winupd_KB57455861.exe
C:\WINDOWS\system32\winupd_KB80286011.exe
C:\WINDOWS\system32\winupd_KB90188820.exe
C:\WINDOWS\system32\winupd_KB91028387.exe
C:\WINDOWS\system32\winupd_KB92380205.exe
C:\WINDOWS\system32\xziex.dll
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Program Files\install.log
C:\WINDOWS\system32\ksys.sys
C:\WINDOWS\winhp32.exe
C:\WINDOWS\system32\irzzhnt.dll
C:\WINDOWS\system32\l.dll
C:\WINDOWS\system32\qlf.dll
C:\WINDOWS\system32\xujig.dll
C:\Documents and Settings\All Users.\documents\settings
C:\WINDOWS\system32\rpcc1.dll
C:\WINDOWS\system32\drivers\gqbrirkr.sys
C:\WINDOWS\system32\dkkbdkk.dll
C:\WINDOWS\system32\dkkbdkk.dll.bak
C:\cp1041.nls
Infected copy of C:\WINDOWS\system32\drivers\ndis.sys was found & disinfected
Restored copy from - "C:\WINDOWS\system32\dllcache\ndis.sys"
Infected copy of C:\WINDOWS\system32\winlogon.exe was found & disinfected
Restored copy from - "C:\WINDOWS\system32\dllcache\winlogon.exe"
((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_EXAMPLE
-------\LEGACY_IMRJYXZE
-------\LEGACY_NDNET1
-------\LEGACY_NTLDR.SYS
-------\LEGACY_RUNTIME
-------\LEGACY_XEVYDFQC
-------\EXAMPLE
-------\imrjyxze
-------\NDnet1
-------\Runtime
-------\xevydfqc
((((((((((((((((((((((((((((((( Files Created from 2007-04-04 to 2007-05-04 ))))))))))))))))))))))))))))))))))
2007-05-03 21:31 498,960 --a------ C:\WINDOWS\system32\dxmasf.dll
2007-05-03 21:31 251,904 --a------ C:\WINDOWS\system32\strmdll.dll
2007-05-03 02:04 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-05-03 01:55 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-02 17:51 <DIR> d-------- C:\Program Files\Symantec
2007-05-02 17:27 <DIR> d-------- C:\Program Files\CCleaner
2007-05-02 17:09 <DIR> d-------- C:\Program Files\RegistryFix
2007-05-02 16:58 89,360 --a------ C:\WINDOWS\system32\VB5DB.dll
2007-05-02 16:57 49,152 --ah----- C:\WINDOWS\system32\confdrv.dll
2007-05-02 16:57 24,576 --a------ C:\WINDOWS\system32\rsrc32.dll
2007-05-02 16:57 184,328 --ah----- C:\WINDOWS\system32\drvstat.dll
2007-05-02 16:57 <DIR> d-------- C:\Program Files\Easy Desk Utilities
2007-05-02 16:56 71,680 --a------ C:\WINDOWS\ST5UNST.EXE
2007-05-02 16:56 40,960 --a------ C:\WINDOWS\system32\VB5StKit.dll
2007-05-02 16:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-05-02 16:28 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-05-01 13:43 10,000 --a------ C:\WINDOWS\system32\ldfksdioduihj.dll
2007-05-01 06:18 53,248 --ah----- C:\WINDOWS\system32\drvprf32.dll
2007-05-01 06:17 9,728 --a------ C:\WINDOWS\system32\crypt32net.dll
2007-05-01 06:17 57,344 --a------ C:\WINDOWS\system32\system32.exe
2007-05-01 06:17 5,120 --a------ C:\WINDOWS\system32\scardrv.exe
2007-05-01 06:17 12,901 --a------ C:\DOCUME~1\Mikey\ie_updater.exe
2007-05-01 06:17 10,240 --a------ C:\WINDOWS\system32\kernel.dll
2007-05-01 05:19 73,728 --a------ C:\WINDOWS\system32\svehost.exe
2007-04-05 02:44 <DIR> d-------- C:\DOCUME~1\Mikey\APPLIC~1\Gaijin Ent
2007-04-04 23:10 <DIR> d-------- C:\Program Files\Trymedia
2007-04-04 23:10 <DIR> d-------- C:\Program Files\Anarchy
2007-04-04 23:09 <DIR> d-------- C:\Downloads
2007-04-04 22:57 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-04-04 22:54 <DIR> d-------- C:\Program Files\Age of Castles
2007-04-04 22:41 46,176 --a------ C:\WINDOWS\system32\ipv6mons.dll
2007-04-04 22:33 <DIR> d-------- C:\Program Files\ReflexiveArcade
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-03 20:25:57 124,416 ----a-w C:\WINDOWS\system32\paiqvpji.dll
2007-05-03 17:33:39 75,264 ----a-w C:\WINDOWS\system32\ws2_32.dll
2007-04-30 19:25:35 99,840 ----a-w C:\WINDOWS\system32\mujyifrj.dll
2007-04-30 19:25:33 43,520 ----a-w C:\WINDOWS\system32\xgprqjcm.dll
2007-04-15 16:11:15 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-15 15:24:52 -------- d-----w C:\DOCUME~1\Mikey\APPLIC~1.\BitTorrent
2007-04-06 15:39:40 -------- d-----w C:\DOCUME~1\Mikey\APPLIC~1.\Neo-Modus.com
2007-04-05 05:44:34 -------- d-----w C:\DOCUME~1\Mikey\APPLIC~1.\Gaijin Ent
2007-03-30 05:24:05 1,168 ----a-w C:\WINDOWS\mozver.dat
2007-03-28 16:19:15 -------- d-----w C:\Program Files\Virus Chaser
2007-03-28 07:02:12 -------- d-----w C:\Program Files\RegCleaner
2007-03-22 19:50:15 3,532 ----a-w C:\drmHeader.bin
2007-03-20 03:11:34 -------- d-----w C:\Program Files\Maxis
2007-03-19 17:19:48 146,944 ----a-w C:\WINDOWS\system32\pwiykpuo.exe
2007-03-19 11:50:53 -------- d-----w C:\DOCUME~1\Mikey\APPLIC~1.\PlayFirst
2007-03-19 08:07:33 17,144 ----a-w C:\DOCUME~1\Mikey\APPLIC~1.\GDIPFONTCACHEV1.DAT
2007-03-15 02:04:21 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-03-15 00:15:42 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-03-15 00:10:30 -------- d-----w C:\Program Files\DAEMON Tools
2007-03-15 00:07:06 646,392 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-03-10 23:53:00 -------- d-----w C:\Program Files\Yahoo!
2007-03-08 17:39:53 -------- d-----w C:\Program Files\Rapid-Pi
2007-03-05 22:03:33 -------- d-----w C:\Program Files\BFG
2007-03-04 21:28:17 -------- d-----w C:\Program Files\Electronic Arts
2007-02-16 02:39:08 306 ----a-w C:\LSL7DOS.BAT
2007-02-06 02:47:17 298 ----a-w C:\WINDOWS\EReg072.dat
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_01\\bin\\jusched.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"RegistryMechanic"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32net
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\drvmgr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrssp
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"="kdtpr.exe"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NetAssistant.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\NetAssistant.lnk"
"backup"="C:\\WINDOWS\\pss\\NetAssistant.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\NETASS~1\\bin\\matcli.exe -boot"
"item"="NetAssistant"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mikey^Start Menu^Programs^Startup^MSWin--1696782548.exe]
"path"="C:\\Documents and Settings\\Mikey\\Start Menu\\Programs\\Startup\\MSWin--1696782548.exe"
"backup"="C:\\WINDOWS\\pss\\MSWin--1696782548.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Mikey\\Start Menu\\Programs\\Startup\\MSWin--1696782548.exe"
"item"="MSWin--1696782548"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\-2057253927.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="-2057253927"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\-2057253927.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvdiag]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="drvconf"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\drvconf.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InfoData]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="frikucev"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\System32\\frikucev.dll\",realset"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intel system tool]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="svehost"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\svehost.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jrwqbaaa]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jrwqbaaa"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\jrwqbaaa.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\NETASS~1\\SMARTB~1\\MotiveSB.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Restore Operation]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="svchots"
"hkey"="HKCU"
"command"="C:\\DOCUME~1\\Mikey\\LOCALS~1\\Temp\\svchots.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunOnce2Upd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSWin--1696782548"
"hkey"="HKLM"
"command"="\"C:\\Documents and Settings\\Mikey\\Start Menu\\Programs\\Startup\\MSWin--1696782548.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StandardInstall]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysvx.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sysvx"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\sysvx.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VaCtrls]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="v7"
"hkey"="HKLM"
"command"="v7"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
imrjyxze
********************************************************************
detected NTDLL code modification:
ZwQueryDirectoryFile
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-05-04 14:34:12
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\kdtpr.exe 69632 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
********************************************************************
Completion time: 2007-05-04 14:37:38 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-04 14:37
and hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 2:42:24 PM, on 5/4/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mikey\Desktop\Exec\hijackthis\HijackThis.exe
O2 - BHO: (no name) - {8D5849A2-93F3-429D-FF34-260A2068897C} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) -
http://quartz.atkinson.yorku.ca/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by103fd.bay103.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://software-dl.real.com/06d8536b...p/RdxIE601.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) -
https://accounting.quickbooks.com/c1/v15.582/qboax8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) -
http://blacks.pnimedia.com/upload/ac...pv2.0.0.9.cab?
O20 - Winlogon Notify: crypt32net - C:\WINDOWS\SYSTEM32\crypt32net.dll
O20 - Winlogon Notify: drvmgr - drvmgr32.dll (file missing)
O20 - Winlogon Notify: ssqrssp - ssqrssp.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
thank you again Sub!! you are godly!!