codsasleuth

Hi! I'm having an issue that my anti-virus programs can't seem to resolve. I have run Norton Antivirus, and Webroot Spysweeper. Both found things and removed them but I still have the problem. Someone told me to fix my XP Registry, and to use XP Repair Pro to do so, I did, and it fixed a lot of issues, but I STILL have the problem. The only issue is that when I open Firefox, it takes about 10 seconds to start up, and when it does, the home page loads slowly, and then I hear 2 click sounds like 2 popups have been blocked, and then there is 1 sound that sounds like a mouseclick. That's it. But the internet is insanely slower than it should be. I have cable internet by the way, and my computer is 2.4 ghz, half gig of ram.

Every now and then Norton says it is blocking a "worm" and it names "ayb.dns-look-up.com" as trying to be contacted by my computer, or maybe the other way around, I don't know. I did some research and found out that that name is associated with "LOP", and is very diffixult to remove. PLEASE HELP ME!

I followed the 5 steps instructions you have on the website and did everything it told me to. Unfortunately, after I did it all, I see there is an announcement to NOT USE COMBOSCAN. I already did and it ran the HijackThis. I'm just going to list all the info and do what you guys tell me to. Please help!


Online Panda Scan Issues Discovered:


Incident Status Location

Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\eu0ma0us.default\cookies.txt[.peel.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.com.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[server.iad.liveperson.net/hc/80503492]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Adwareremover Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.adwareremovergold.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.xiti.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.dist.belnk.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.overture.com/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Samantha\Cookies\samantha@com[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Samantha\Cookies\samantha@questionmarket[2].txt
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Samantha\Local Settings\Temp\bis60C.exe
Virus:Trj/Agent.DIL Disinfected C:\Program Files\BitLord\Downloads\Programs\Emulator Pack - All Consoles Ever Made [XBOX-PS2-PSX-N64-GBA-GG-NDS-SS-SEGA-MAME-etc.]\Xbox.zip[Xbox/xbox_emulator.0.34.exe]
Adware:Adware/nCase Not disinfected C:\Program Files\BitLord\Downloads\Programs\Norton AntiVirus 2006 With Full Activation Instructions ($40 per year)\crack.exe
Adware:Adware/Zango Not disinfected C:\Program Files\Mozilla Firefox\plugins\npclntax.dll
Spyware:Cookie/Atlas DMT Not disinfected F:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\default.wl2\cookies.txt[.atdmt.com/]
Spyware:Cookie/Mediaplex Not disinfected F:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\default.wl2\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Doubleclick Not disinfected F:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\default.wl2\cookies.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected F:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\default.wl2\cookies.txt[.fastclick.net/]
Spyware:Cookie/Advertising Not disinfected F:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\default.wl2\cookies.txt[.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected F:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\default.wl2\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Bluestreak Not disinfected F:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\default.wl2\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Zedo Not disinfected F:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\default.wl2\cookies.txt[.zedo.com/]
Spyware:Cookie/AdDynamix Not disinfected F:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\default.wl2\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/Go Not disinfected F:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\default.wl2\cookies.txt[.go.com/]
Spyware:Cookie/Adserver Not disinfected F:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\default.wl2\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Valueclick Not disinfected F:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\default.wl2\cookies.txt[.valueclick.com/]
Spyware:Cookie/Casalemedia Not disinfected F:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\default.wl2\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Falkag Not disinfected F:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\default.wl2\cookies.txt[a.as-us.falkag.net/]
Spyware:Cookie/QuestionMarket Not disinfected F:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\default.wl2\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Rightmedia Not disinfected F:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\default.wl2\cookies.txt[rightmedia.net/]
Spyware:Cookie/bravenetA Not disinfected F:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\default.wl2\cookies.txt[.bravenet.com/]
Spyware:Cookie/Atwola Not disinfected F:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\default.wl2\cookies.txt[.atwola.com/]
Spyware:Cookie/RealMedia Not disinfected F:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\default.wl2\cookies.txt[.realmedia.com/]
Spyware:Cookie/Maxserving Not disinfected F:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\default.wl2\cookies.txt[.maxserving.com/]
Spyware:Cookie/PointRoll Not disinfected F:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\default.wl2\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected F:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\default.wl2\cookies.txt[.targetnet.com/]
Spyware:Spyware/New.net Not disinfected F:\WINDOWS\NDNuninstall5_64.exe



After that, I ran comboscan which ran Hijackthis. Here is the .txt



ComboScan v20070212.14 run by Samantha on 2007-02-21 at 13:55:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis log (run as Samantha.com) -----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:56:34 PM, on 2/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1144338553\ee\AOLSoftware.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Documents and Settings\Samantha\Application Data\U3\0C607760F2636997\LaunchPad.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Samantha\Desktop\comboscan.exe
C:\DOCUME~1\Samantha\LOCALS~1\Temp\~kjnhzlw.tmp\Samantha.com

O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1144338553\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dvd43] "C:\Program Files\dvd43\dvd43_tray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [BashViewAdminMath] "C:\Documents and Settings\All Users\Application Data\Mix Safe Bash View\PEAK VC.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [Trans media] C:\DOCUME~1\Samantha\APPLIC~1\ABOUTS~1\batjump.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Anapod Manager.lnk = C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WUSB54Gv42SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv42.exe (file missing)


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.3.0) - System32\DRIVERS\AegisP.sys
3 ASAPIW2k - system32\drivers\ASAPIW2k.sys
3 ati2mtag - System32\DRIVERS\ati2mtag.sys
2 ATIBTCAP (ATI TV Wonder Video Capture) - system32\drivers\atibtcap.sys
2 ATIBTXBAR (ATI TV Wonder Video Crossbar) - system32\drivers\atibtxbr.sys
2 ATIVTUTW (ATI TV Wonder TV Tuner) - system32\drivers\ativtutw.sys
2 ATIVXSTW (ATI TV Wonder Audio Crossbar) - system32\drivers\ativxstw.sys
3 BCMModem (BCM V.92 56K Modem) - System32\DRIVERS\BCMSM.sys
2 BT848 (ATI TV Wonder BtCap, WDM Video Capture) - system32\drivers\BT848.sys
3 CCDECODE (Closed Caption Decoder) - System32\DRIVERS\CCDECODE.sys
3 dvd43llh - System32\DRIVERS\dvd43llh.sys
1 eeCtrl (Symantec Eraser Control driver) - \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
3 EraserUtilRebootDrv - \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
3 GEARAspiWDM - System32\Drivers\GEARAspiWDM.sys
3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - \??\C:\WINDOWS\system32\GTNDIS5.SYS
3 hidusb (Microsoft HID Class Driver) - System32\DRIVERS\hidusb.sys
3 HPZid412 (IEEE-1284.4 Driver HPZid412) - System32\DRIVERS\HPZid412.sys
3 HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - System32\DRIVERS\HPZipr12.sys
3 HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - System32\DRIVERS\HPZius12.sys
1 InCDPass - System32\DRIVERS\InCDPass.sys
1 intelppm (Intel Processor Driver) - System32\DRIVERS\intelppm.sys
3 LVcKap (Logitech AEC Driver) - system32\DRIVERS\LVcKap.sys
3 LVMVDrv (Logitech Machine Vision Engine Loader) - system32\DRIVERS\LVMVDrv.sys
3 LVPr2Mon (Logitech LVPr2Mon Driver) - system32\drivers\LVPr2Mon.sys
3 LVUSBSta (Logitech USB Monitor Filter) - system32\drivers\lvusbsta.sys
3 MarvinBus (Pinnacle Marvin Bus) - system32\DRIVERS\MarvinBus.sys
3 MODEMCSA (Unimodem Streaming Filter Device) - system32\drivers\MODEMCSA.sys
3 mouhid (Mouse HID Driver) - System32\DRIVERS\mouhid.sys
3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - system32\drivers\MSTEE.sys
3 NABTSFEC (NABTS/FEC VBI Codec) - System32\DRIVERS\NABTSFEC.sys
3 NAVENG - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070220.019\NAVENG.Sys
3 NAVEX15 - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070220.019\NavEx15.Sys
3 NdisIP (Microsoft TV/Video Connection) - System32\DRIVERS\NdisIP.sys
2 NwlnkIpx (NWLink IPX/SPX/NetBIOS Compatible Transport Protocol) - system32\DRIVERS\nwlnkipx.sys
2 NwlnkNb (NWLink NetBIOS) - system32\DRIVERS\nwlnknb.sys
2 NwlnkSpx (NWLink SPX/SPXII Protocol) - system32\DRIVERS\nwlnkspx.sys
3 NWRDR (NetWare Rdr) - system32\DRIVERS\nwrdr.sys
3 P16X (Creative SB Live! Series (WDM)) - system32\drivers\P16X.sys
2 PCDCODEC (Specialized PCD WDM VBI Codec) - system32\DRIVERS\atinpdxx.sys
3 Pcouffin (VSO Software pcouffin) - System32\Drivers\Pcouffin.sys
3 pepifilter (Volume Adapter) - system32\DRIVERS\lv302af.sys
2 PfModNT - \??\C:\WINDOWS\System32\PfModNT.sys
3 PID_08A0 (Logitech QuickCam IM(PID_08A0)) - System32\DRIVERS\LV302AV.SYS
1 SAVRT - \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS
1 SAVRTPEL - \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS
2 Sentinel - \SystemRoot\System32\Drivers\SENTINEL.SYS
3 SLIP (BDA Slip De-Framer) - System32\DRIVERS\SLIP.sys
1 SPBBCDrv - \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0 SSFS0509 (Spy Sweeper File System Filer Driver: 0509) - SYSTEM32\Drivers\SSFS0509.SYS
0 SSHRMD (Spy Sweeper Hookrack MiniDriver) - SYSTEM32\Drivers\SSHRMD.SYS
0 SSIDRV (Spy Sweeper Interdiction Driver) - SYSTEM32\Drivers\SSIDRV.SYS
3 SSKBFD (Webroot Spy Sweeper Keylogger Shield Keyboard Filter) - System32\Drivers\sskbfd.sys
3 streamip (BDA IPSink) - System32\DRIVERS\StreamIP.sys
3 SYMDNS - \SystemRoot\System32\Drivers\SYMDNS.SYS
3 SymEvent - \??\C:\Program Files\Symantec\SYMEVENT.SYS
3 SYMFW - \SystemRoot\System32\Drivers\SYMFW.SYS
3 SYMIDS - \SystemRoot\System32\Drivers\SYMIDS.SYS
3 SYMIDSCO - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20070214.003\symidsco.sys
2 symlcbrd - \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
3 SYMNDIS - \SystemRoot\System32\Drivers\SYMNDIS.SYS
3 SYMREDRV - \SystemRoot\System32\Drivers\SYMREDRV.SYS
1 SYMTDI - \SystemRoot\System32\Drivers\SYMTDI.SYS
2 TTDec (ATI WDM Teletext Decoder) - system32\DRIVERS\ATINTTXX.sys
3 usbaudio (USB Audio Driver (WDM)) - system32\drivers\usbaudio.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - System32\DRIVERS\usbccgp.sys
3 usbprint (Microsoft USB PRINTER Class) - System32\DRIVERS\usbprint.sys
3 usbscan (USB Scanner Driver) - system32\DRIVERS\usbscan.sys
3 USBSTOR (USB Mass Storage Driver) - System32\DRIVERS\USBSTOR.SYS
3 WSTCODEC (World Standard Teletext Codec) - System32\DRIVERS\WSTCODEC.SYS
3 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - system32\DRIVERS\WudfPf.sys
3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - system32\DRIVERS\wudfrd.sys
3 WUSB54GPV4SRV (Linksys Home Wireless-G USB Adaptor Driver) - System32\DRIVERS\rt2500usb.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2 Ati HotKey Poller - %SystemRoot%\system32\Ati2evxx.exe
2 ATI Smart - C:\WINDOWS\system32\ati2sgag.exe
4 ATMsrvc (ATM Service) - %SystemRoot%\System32\ATMsrvc.exe
2 Automatic LiveUpdate Scheduler - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
2 AvidSDMService (Avid SDM Service) - system32\AvidSDMService.exe
2 AvidStartup (Avid Startup) - system32\AvidStartup.exe
2 ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
2 ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
3 clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2 Creative Service for CDROM Access - C:\WINDOWS\System32\CTsvcCDA.exe
3 gusvc (Google Updater Service) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
3 IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
2 InCDsrv (InCD Helper) - C:\Program Files\Ahead\InCD\InCDsrv.exe
2 InCDsrvR (InCD Helper (read only)) - C:\Program Files\Ahead\InCD\InCDsrv.exe -r
3 iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
3 LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
2 LVPrcSrv (Logitech Process Monitor) - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
2 LVSrvLauncher - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
2 MDM (Machine Debug Manager) - "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
3 MSSQL$SONY_MEDIAMGR - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR
3 MSSQLServerADHelper - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
2 navapsvc (Norton AntiVirus Auto-Protect Service) - "C:\Program Files\Norton AntiVirus\navapsvc.exe"
2 NPFMntor (Norton AntiVirus Firewall Monitor Service) - "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"
3 NSCService (Norton Protection Center Service) - "C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE"
2 NWCWorkstation (Client Service for NetWare) - %SystemRoot%\system32\svchost.exe -k netsvcs
2 Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
3 SAVScan (Symantec AVScan) - "C:\Program Files\Norton AntiVirus\SAVScan.exe"
2 SNDSrvc (Symantec Network Drivers Service) - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
2 SPBBCSvc - "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
3 SQLAgent$SONY_MEDIAMGR - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR
2 Symantec Core LC - "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
3 usnsvc (Messenger Sharing USN Journal Reader service) - C:\WINDOWS\system32\svchost.exe -k usnsvc
2 WebrootSpySweeperService (Webroot Spy Sweeper Engine) - "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"
3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
3 WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
2 WUSB54Gv42SVC - "C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv42.exe"


-- Scheduled Tasks --------------------------------------------------------------

2007-02-21 13:00:01 274 --ah----- C:\WINDOWS\Tasks\B0AE01259185B655.job<B0AE01~1.JOB>
2007-02-20 17:43:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
2007-02-18 11:21:05 536 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Samantha.job<NORTON~1.JOB>


-- Files created between 2007-01-21 and 2007-02-21 ------------------------------

2007-02-21 13:56:20 0 d-------- C:\Program Files\HijackThis<HIJACK~1>
2007-02-19 11:30:24 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-19 11:30:20 0 d-------- C:\WINDOWS\LastGood
2007-02-18 17:56:41 0 d-------- C:\Program Files\XPRepairPro2006<XPREPA~1>
2007-02-18 15:26:59 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-02-18 15:26:52 21056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys<Signed: Webroot Software Inc (www.webroot.com)>
2007-02-18 15:26:52 144448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys<Signed: Webroot Software Inc (www.webroot.com)>
2007-02-18 15:26:52 22080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys<Signed: Webroot Software Inc (www.webroot.com)>
2007-02-18 15:26:52 20544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys<Signed: Webroot Software Inc (www.webroot.com)>
2007-02-18 15:26:41 0 d-------- C:\Program Files\Webroot
2007-02-18 15:26:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-02-18 15:25:22 0 d-------- C:\Documents and Settings\Samantha\Application Data\Webroot
2007-02-12 18:18:11 0 d-------- C:\Documents and Settings\Samantha\Application Data\U3
2007-02-11 22:22:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Mix Safe Bash View<MIXSAF~1>
2007-02-11 22:22:30 0 d-------- C:\Program Files\AboutSurfBind<ABOUTS~1>
2007-02-11 21:37:33 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-02-11 21:32:25 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-02-09 20:23:08 0 d-------- C:\Documents and Settings\Samantha\Application Data\ATI
2007-02-09 20:14:25 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe<Unsigned: n/a>
2007-02-09 20:12:29 0 d-------- C:\Program Files\ATI Technologies<ATITEC~1>
2007-02-09 20:10:04 0 d-------- C:\ATI
2007-02-09 19:45:04 0 d-------- C:\Alien Arena 2007<ALIENA~1>
2007-02-06 23:26:21 0 d-------- C:\Program Files\WinWay Resume<WINWAY~1>
2007-02-06 16:02:35 0 d-------- C:\Program Files\TVUPlayer<TVUPLA~1>
2007-02-06 15:59:24 0 d-------- C:\Documents and Settings\Samantha\tvunetworks<TVUNET~1>
2007-02-06 15:56:13 0 d-------- C:\Documents and Settings\Samantha\Application Data\vlc
2007-02-06 13:19:56 0 d-------- C:\Program Files\TVAnts
2007-02-06 13:19:17 0 d-------- C:\Program Files\SatelliteTVforPC<SATELL~1>
2007-02-06 13:17:46 0 d-------- C:\WINDOWS\uninstall<UNINST~1>
2007-02-05 18:17:16 0 d--h----- C:\Documents and Settings\Samantha\Application Data\Move Networks<MOVENE~1>
2007-02-04 12:10:14 0 d-------- C:\Documents and Settings\Samantha\Application Data\AboutSurfBind<ABOUTS~1>
2007-02-04 11:43:02 0 d-------- C:\Program Files\Smart Projects<SMARTP~1>
2007-02-03 23:26:20 0 d-------- C:\Program Files\High-Logic<HIGH-L~1>
2007-02-03 13:52:31 15360 --a------ C:\WINDOWS\system32\ATMsrvc.exe<Unsigned: Adobe Systems Incorporated>
2007-02-03 13:52:30 0 d-------- C:\Program Files\Adobe Type Manager<ADOBET~1>
2007-02-03 13:35:05 299520 --a------ C:\WINDOWS\uninst.exe<Unsigned: InstallShield Corporation, Inc.>
2007-02-01 21:21:04 0 d-------- C:\Program Files\SmartSound Software<SMARTS~1>
2007-02-01 21:21:04 0 d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc<SMARTS~1>
2007-02-01 21:18:15 0 d-------- C:\Program Files\DivX
2007-01-28 20:11:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-01-28 20:11:17 0 d-------- C:\Psfonts
2007-01-28 20:09:17 0 d-------- C:\Program Files\Finale 2006<FINALE~1>
2007-01-24 14:38:00 0 d-------- C:\Documents and Settings\Samantha\Application Data\MyFamily.com
2007-01-24 14:37:23 0 d-------- C:\Program Files\Family Tree Maker 2006<FAMILY~1>
2007-01-24 13:50:23 0 d-------- C:\Legacy
2007-01-22 13:39:53 0 d-------- C:\WINDOWS\Performance<PERFOR~1>
2007-01-22 13:39:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation<MICROS~2>
2007-01-22 13:38:49 0 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor<MI3B3C~1>


-- Find3M Report ----------------------------------------------------------------

2007-02-21 13:55:07 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-19 15:17:45 0 d-------- C:\Program Files\Symantec
2007-02-19 15:15:04 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-19 15:13:52 0 d-------- C:\Program Files\PowerISO
2007-02-19 15:09:53 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-19 14:57:21 0 d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor<LINKSY~1>
2007-02-19 14:56:16 0 d-------- C:\Program Files\iTunes
2007-02-19 14:54:58 0 d-------- C:\Program Files\Google
2007-02-19 14:53:47 0 d-------- C:\Program Files\dvd43
2007-02-19 14:51:37 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-19 11:49:57 0 d-------- C:\Documents and Settings\Samantha\Application Data\Symantec
2007-02-09 20:13:48 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-03 14:02:02 0 d-------- C:\Documents and Settings\Samantha\Application Data\Help
2007-02-01 21:15:51 0 d-------- C:\Program Files\Avid
2007-01-19 20:15:24 0 d-------- C:\Program Files\vso
2007-01-19 20:07:52 0 d-------- C:\Documents and Settings\Samantha\Application Data\Individual Software<INDIVI~1>
2007-01-19 2035 0 d-------- C:\Program Files\Total 3D<TOTAL3~1>
2007-01-19 19:41:22 0 d-------- C:\Program Files\Common Files\Individual Software<INDIVI~1>
2007-01-19 16:46:54 0 d-------- C:\Documents and Settings\Samantha\Application Data\1clickPro<1CLICK~1>
2007-01-19 15:07:13 18816 --a------ C:\WINDOWS\system32\drivers\dvd43llh.sys<Unsigned: RIF>
2007-01-19 05:08:29 0 d-------- C:\Program Files\LG Software Innovations<LGSOFT~1>
2007-01-19 03:25:06 0 d-------- C:\Documents and Settings\Samantha\Application Data\Vso
2007-01-19 03:25:06 34 --a------ C:\Documents and Settings\Samantha\Application Data\pcouffin.log
2007-01-19 03:24:17 47360 --a------ C:\Documents and Settings\Samantha\Application Data\pcouffin.sys
2007-01-19 03:24:17 1144 --a------ C:\Documents and Settings\Samantha\Application Data\pcouffin.inf
2007-01-19 03:24:17 7824 --a------ C:\Documents and Settings\Samantha\Application Data\pcouffin.cat
2007-01-19 03:24:17 87608 --a------ C:\Documents and Settings\Samantha\Application Data\ezpinst.exe
2007-01-19 02:57:34 0 d-------- C:\Program Files\1ClickDvdCopy<1CLICK~1>
2007-01-19 02:29:11 0 d-------- C:\Program Files\The Rosetta Stone<THEROS~1>
2007-01-17 05:32:56 0 d-------- C:\Documents and Settings\Samantha\Application Data\Apple Computer<APPLEC~1>
2007-01-17 04:26:28 0 d-------- C:\Documents and Settings\Samantha\Application Data\Google
2007-01-12 12:51:38 0 d-------- C:\Program Files\iPod
2007-01-11 20:34:37 0 d-------- C:\Program Files\Microsoft Money 2007<MI28C4~1>
2007-01-11 15:28:04 0 d-------- C:\Program Files\Red Chair Software<REDCHA~1>
2007-01-11 15:28:04 0 d-------- C:\Documents and Settings\Samantha\Application Data\Red Chair Software<REDCHA~1>
2007-01-10 14:16:51 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-01-03 20:41:56 0 d-------- C:\Documents and Settings\Samantha\Application Data\Adobe
2006-12-29 19:43:11 0 d-------- C:\Program Files\Liquid.6
2006-12-29 18:41:42 0 d-------- C:\Program Files\Pinnacle
2006-12-28 11:36:30 0 d-------- C:\Program Files\ATI Multimedia<ATIMUL~1>
2006-12-27 21:46:58 0 d-------- C:\Program Files\Common Files\Digidesign<DIGIDE~1>
2006-12-27 21:45:15 0 d-------- C:\Program Files\SafeNet Sentinel<SAFENE~1>
2006-12-27 21:45:15 0 d-------- C:\Program Files\Common Files\SafeNet Sentinel<SAFENE~1>
2006-12-27 21:44:35 0 d-------- C:\Program Files\Common Files\Avid
2006-12-16 21:50:46 263168 --a------ C:\WINDOWS\system32\ati2dvag.dll<Signed: ATI Technologies Inc.>
2006-12-16 21:44:38 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll<Signed: ATI Technologies, Inc.>
2006-12-16 21:44:27 102400 --a------ C:\WINDOWS\system32\Oemdspif.dll<Signed: ATI Technologies, Inc.>
2006-12-16 21:44:20 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe<Signed: ATI Technologies, Inc.>
2006-12-16 21:44:13 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll<Signed: ATI Technologies, Inc.>
2006-12-16 21:44:03 110592 --a------ C:\WINDOWS\system32\ati2evxx.dll<Signed: ATI Technologies Inc.>
2006-12-16 21:42:46 434176 --a------ C:\WINDOWS\system32\ati2evxx.exe<Signed: ATI Technologies Inc.>
2006-12-16 21:42:03 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL<Signed: ATI Technologies Inc.>
2006-12-16 21:41:46 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll<Signed: ATI Technologies Inc.>
2006-12-16 21:35:43 2676672 --a------ C:\WINDOWS\system32\ati3duag.dll<Signed: ATI Technologies Inc. >
2006-12-16 21:30:42 1289472 --a------ C:\WINDOWS\system32\ativvaxx.dll<Signed: ATI Technologies Inc. >
2006-12-16 21:30:22 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2006-12-16 21:23:32 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll<Signed: ATI Technologies Inc.>
2006-12-16 21:21:02 5304320 --a------ C:\WINDOWS\system32\atioglxx.dll<Signed: ATI Technologies Inc.>
2006-12-16 21:17:16 241664 --a------ C:\WINDOWS\system32\atikvmag.dll<Signed: ATI Technologies Inc.>
2006-12-16 21:16:06 303104 --a------ C:\WINDOWS\system32\ATIDEMGR.dll<Signed: ATI Technologies Inc.>
2006-12-16 21:16:00 17408 --a------ C:\WINDOWS\system32\atitvo32.dll<Signed: ATI Technologies Inc.>
2006-12-16 21:10:56 315392 --a------ C:\WINDOWS\system32\ati2cqag.dll<Signed: ATI Technologies Inc.>
2006-11-28 14:55:40 142347 --a------ C:\WINDOWS\system32\atiicdxx.dat


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Aim6"=""
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ATI Launchpad"="\"C:\\Program Files\\ATI Multimedia\\main\\LaunchPd.exe\""
"Trans media"="C:\\DOCUME~1\\Samantha\\APPLIC~1\\ABOUTS~1\\batjump.exe"
"swg"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"diagent"="\"C:\\Program Files\\Creative\\SBLive\\Diagnostics\\diagent.exe\" startup"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\""
"HostManager"="\"C:\\Program Files\\Common Files\\AOL\\1144338553\\ee\\AOLSoftware.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="\"C:\\Program Files\\Ahead\\InCD\\InCD.exe\""
"BCMSMMSG"="BCMSMMSG.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"IPHSend"="\"C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe\""
"LogitechCommunicationsManager"="\"C:\\Program Files\\Common Files\\Logitech\\LComMgr\\Communications_Helper.exe\""
"LogitechQuickCamRibbon"="\"C:\\Program Files\\Logitech\\QuickCam10\\QuickCam10.exe\" /hide"
"LVCOMSX"="\"C:\\Program Files\\Common Files\\Logitech\\LComMgr\\LVComSX.exe\""
"PinnacleDriverCheck"="\"C:\\WINDOWS\\system32\\PSDrvCheck.exe\" -CheckReg"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"dvd43"="\"C:\\Program Files\\dvd43\\dvd43_tray.exe\""
"PWRISOVM.EXE"="\"C:\\Program Files\\PowerISO\\PWRISOVM.EXE\""
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"BashViewAdminMath"="\"C:\\Documents and Settings\\All Users\\Application Data\\Mix Safe Bash View\\PEAK VC.exe\""
"SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{073c7749-3a97-11db-990f-0014bf7a076c}]
Shell\AutoRun\command H:\LaunchU3.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_CLR_OPTIMIZATION_V2.0.50727_32
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_GTNDIS5


-- End of ComboScan: finished at 2007-02-21 at 13:58:12 -------------------------


Here is the Supplementary.txt



ComboScan v20070212.14 run by Samantha on 2007-02-21 at 13:55:33
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of Memory in Use: 77%
Physical Memory (total/avail): 510.98 MiB / 113.45 MiB
Pagefile Memory (total/avail): 1247.77 MiB / 484 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1997.86 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.75 GiB total, 5.25 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 42.93 GiB total, 5.33 GiB free.
G: is CDROM (No Media)
H: is CDROM (CDFS)
J: is Removable (FAT)


-- Security Center --------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: Norton Internet Worm Protection v2006 (Symantec)
AV: Norton AntiVirus 2006 v2005 (Symantec Corporation)


-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Samantha\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SAMSONG
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Samantha
LOGONSERVER=\\SAMSONG
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\PROGRAM FILES\COMMON FILES\ADOBE\AGL;C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\;C:\Program Files\Common Files\Avid;C:\Program Files\Liquid.6\QTPlugIns;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Java\jre1.5.0_06\bin\client\;;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter;C:\Program Files\Avid\Avid Liquid 7\QTPlugIns;C:\Program Files\ATI Technologies\ATI.ACE\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Samantha\LOCALS~1\Temp
TMP=C:\DOCUME~1\Samantha\LOCALS~1\Temp
USERDOMAIN=SAMSONG
USERNAME=Samantha
USERPROFILE=C:\Documents and Settings\Samantha
windir=C:\WINDOWS


-- User Profiles ----------------------------------------------------------------

Samantha (admin)


-- Add/Remove Programs ----------------------------------------------------------

--> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /R
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\NuNInst.exe /UNINSTALL
--> C:\WINDOWS\unmrw.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> C:\WINDOWS\UNNVEContent.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92F202B0-B02D-4B9D-9FF7-9761BE0E0AF0}\Setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1Click DVD Copy Pro 2.2.2.4 --> "C:\Program Files\LG Software Innovations\1Click DVD Copy Pro\unins000.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Type Manager Deluxe 4.1 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
Alien Arena 2007 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AEACC89-E128-41D8-8109-1745C8911D32}\setup.exe" -l0x9
Anapod Explorer (remove only) --> "C:\Program Files\Red Chair Software\Anapod Explorer\uninst.exe"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{B7777E08-1344-42E8-975B-6F541F9ADBD8}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Multimedia Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75B307FF-E529-4D62-B184-3DF41665B1AF}\setup.exe"
Avid DIO Runtime --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{476E9A2B-7A33-4634-9B39-815B7C376F8E}\Setup.exe" -l0x9 -removeonly
Avid Liquid 7.00 --> C:\PROGRA~1\Avid\AVIDLI~1\UNWISE.EXE C:\PROGRA~1\Avid\AVIDLI~1\INSTALL.LOG
Avid Xpress Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{135072C8-3304-41FC-9EBB-ED4F746E632E}\SETUP.exe" -l0x9 -removeonly
BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe
Caesar 3 --> C:\WINDOWS\IsUninst.exe -fC:\SIERRA\Caesar3\Uninst.isu
ccCommon --> MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
CiD Help --> C:\DOCUME~1\Samantha\APPLIC~1\ABOUTS~1\batjump.exe -uninstall
Cucusoft iPod Video Converter 3.09 --> "C:\Program Files\Cucusoft\ipod-converter\unins000.exe"
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Dolet Light for Finale 2006 --> MsiExec.exe /X{1C3C0464-5944-4520-96B5-705541C3BB3E}
DStream Drivers --> C:\conexant\dstream\UNWISE.EXE C:\conexant\dstream\INSTALL.LOG
DVD43 v3.9.0 --> "C:\Program Files\dvd43\unins000.exe"
Family Tree Maker 2006 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}\setup.exe" -l0x9
Finale 2006 --> C:\WINDOWS\unvise32.exe C:\Program Files\Finale 2006\uninstal.log
Font Creator 5.0 --> "C:\Program Files\High-Logic\Font Creator\unins000.exe"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Earth Pro version 3.0.XXXX (beta) Patch Files --> "C:\Program Files\Google\Google Earth Pro\unins000.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
HP Deskjet 5900 series --> C:\Program Files\HP\Digital Imaging\{79546A5F-AE7C-4693-8670-A3401B43ABD2}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
IsoBuster 1.9.1 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Lavasoft VX2 Cleaner --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\INSTALL.LOG
LimeWire 4.10.9 --> "C:\Program Files\LimeWire\uninstall.exe"
Linksys Wireless-G USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam --> MsiExec.exe /X{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2007 Home & Business --> "C:\Program Files\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries --> MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Standard --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Move Networks Player for Firefox --> "C:\Program Files\Mozilla Firefox\plugins\unins000.exe"
Mozilla Firefox (2.0.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
NAVShortcut --> MsiExec.exe /I{F325CF11-27CE-4872-8022-6E9EB27DF24F}
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall ExtraUninstallID=""
Norton AntiVirus 2006 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2006 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Protection Center --> MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Pinnacle Hollywood FX for Edition --> C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Edition\5.5\uninstal.log
Pinnacle Liquid --> C:\PROGRA~1\Liquid.6\UNWISE.EXE C:\PROGRA~1\Liquid.6\INSTALL.LOG
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Quake III Arena --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Quake III Arena\QIII.isu"
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Satellite TV for PC Elite 4.8.8.0 --> C:\WINDOWS\uninstall\Satellite TV for PC Elite\setup.exe
Sentinel Protection Installer 7.2.2 --> MsiExec.exe /I{6DC0632A-A838-4B34-AC19-0FA18E1C533C}
Sierra Utilities --> C:\Program Files\Sierra On-Line\sutil32.exe uninstall
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sony ACID Pro 6.0 --> MsiExec.exe /X{AB7E8EC4-D04C-4A2B-A33B-4A3725C72285}
Sony Media Manager 2.1 --> MsiExec.exe /X{C86A8B40-0702-45FA-BFEC-82B0C5932038}
Sony Sound Forge 8.0b --> MsiExec.exe /X{48EB9208-593D-4DC7-B613-9C5A210D87BA}
Sound Blaster Live! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}\SETUP.EXE" -l0x9
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
The Rosetta Stone --> C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
TitleDeko --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3938850F-423F-4C13-AC64-655387539156}\Setup.exe" -l0x9 UNINSTALL
Total 3D Landscape Deluxe --> C:\PROGRA~1\TOTAL3~1\UNWISE.EXE C:\PROGRA~1\TOTAL3~1\INSTALL.LOG
TVAnts 1.0 --> C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
TVUPlayer 2.3.0.0 --> C:\Program Files\TVUPlayer\uninst.exe
UMVPLStandalone --> MsiExec.exe /X{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Live Messenger --> MsiExec.exe /I{7A837109-E671-470D-B489-F1EBE471D220}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Vista Upgrade Advisor --> MsiExec.exe /I{B79FBFDD-8B0C-4B8E-B70E-499E39978281}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinWay Resume Deluxe --> MsiExec.exe /x{536E1504-E2E0-4B25-9D61-5418DE8319A4}
Xingtone Ringtone Maker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{625304B0-2976-473B-AD81-5CA376093F03}\setup.exe" -l0x9 -removeonly
XP Repair Pro 2006 --> MsiExec.exe /I{80682344-770B-46CB-B0FF-6A7620B37CBA}


-- End of ComboScan: finished at 2007-02-21 at 13:58:12 -------------------------


Hope that's all the info you need. I hope to speak to someone soon that can help me with this problem.

Thanks again in advance.

tetonbob

Hello and Welcome.

First off, the announcement you read is about ComboFix, not ComboScan, two entirely different tools. There's nothing to worry about with ComboScan.

Secondly, it appears you've installed a cracked version of Norton? Not only is this illegal and unethical, and a possible source of malware in itself, but there are equal or better programs, which will use less system resources, and are available for free. I'd be glad to recommend one for you during the course of this fix.

Next.....P2P - I see you have P2P software ( Limewire, BitLord ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

---------------------------------------------------------------------------------------------

Let's get rid of LOP first....then we'll do some deep scanning.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------


Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3 We'll use this shortly.

---------------------------------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

CID Help

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O4 - HKLM\..\Run: [BashViewAdminMath] "C:\Documents and Settings\All Users\Application Data\Mix Safe Bash View\PEAK VC.exe"
O4 - HKCU\..\Run: [Trans media] C:\DOCUME~1\Samantha\APPLIC~1\ABOUTS~1\batjump.exe


Close HijackThis now.

---------------------------------------------------------------------------------------------

Run NoLOP

• First close any other programs you have running as this will require a reboot
• Double click NoLop.exe to run it.
• Now click the button labelled "Search and Destroy"
  <<your computer will now be scanned for infected files>>
• When scanning is finished you will be prompted to reboot only if infected, Click OK
• Now click the "REBOOT" Button.
• A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log in your next reply.

--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --

---------------------------------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.


Delete the following if they exist:

C:\Program Files\BitLord\Downloads\Programs\Norton AntiVirus 2006 With Full Activation Instructions ($40 per year)\crack.exe
C:\Program Files\Mozilla Firefox\plugins\npclntax.dll
C:\Program Files\AboutSurfBind
F:\WINDOWS\NDNuninstall5_64.exe
C:\Documents and Settings\All Users\Application Data\Mix Safe Bash View
C:\Documents and Settings\Samantha\Application Data\AboutSurfBind

---------------------------------------------------------------------------------------------

Download fl.zip
Extract the contents to a new folder on your Desktop.
Within the folder, locate & double-click fl.bat.
It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply.

---------------------------------------------------------------------------------------------

Open Hijack This and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Please return with results from:

C:\NoLOP.log
C:\findlop.txt
New HJT log.

__________________

** PC Safety and Security--What Do I Need? **

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

codsasleuth

Thank you for the quick response. I'm beginning the 1st steps of your instructions and will continue until done. I'll make sure I do everything in order like you said.

I'll post the logs and info. when I complete everything.

codsasleuth