Infected Computer

[dark_shard]

Recently this computer has started acting like it has been pretty infected by viruses or spyware. The first symptom was Iexplorer opening multiple windows rapidly non-stop. Now the computer gets a LOT of pop-ups through iternet exlorer even when the program isn't open. I've followed the five steps posted prior to posting this log and I haven't been alble to remedy the problems. I've deleted a lot of spyware/adware but whatever has infected the computer keeps re-downloading more. Log is as follows:

Deckard's System Scanner v20070411.38
Run by Mom and Dad on 2007-04-22 at 22:09:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
20: 2007-04-23 02:09:56 UTC - RP1318 - Deckard's System Scanner Restore Point
19: 2007-04-22 23:02:40 UTC - RP1317 - System Checkpoint
18: 2007-04-21 22:08:11 UTC - RP1316 - System Checkpoint
17: 2007-04-20 21:23:33 UTC - RP1315 - System Checkpoint
16: 2007-04-19 21:19:24 UTC - RP1314 - Software Distribution Service 2.0


-- First Restore Point --
1: 2007-04-14 21:48:27 UTC - RP1299 - Spybot-S&D Spyware removal


Performed disk cleanup.


-- HijackThis (run as Mom and Dad.exe) -----------------------------------------

HijackThis failed to provide a log after three minutes; running clone instead.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-04-22 22:13:32
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.0.5730.11)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Mom and Dad\Desktop\dss.exe
C:\Program Files\HijackThis\Mom and Dad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\tmpCD.tmp.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {983d75b1-b947-4c4b-a49f-24438a422052} - C:\WINDOWS\system32\jav253.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZS
O8 - Extra context menu item: Backward &Links - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra 'Tools' menuitem: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1105162440937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125198812084
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553572000} () - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game...nematycoon.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bej...loader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: jav253 - C:\WINDOWS\system32\jav253.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - "C:\Program Files\Norton\isPwdSvc.exe"
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - "C:\Program Files\Raxco\PerfectDisk\PDEngine.exe"
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - "C:\Program Files\Raxco\PerfectDisk\PDSched.exe"
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"


-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - unable to read value
.vbs - VBSFile - shell\open\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Defrag32b (Defrag32Boot) - c:\windows\system32\drivers\defrag32b.sys
R1 AFS2K - c:\windows\system32\drivers\afs2k.sys
R1 DcCam (Kodak Camera Proxy) - c:\windows\system32\drivers\dccam.sys
R1 DMICall (Sony DMI Call service) - c:\windows\system32\drivers\dmicall.sys
R1 SonyFanC (FAN Control Device Service) - c:\windows\system32\drivers\sonyfanc.sys
R1 SRTSP - c:\windows\system32\drivers\srtsp.sys
R1 SRTSPX - c:\windows\system32\drivers\srtspx.sys
R2 DCFS2K (Kodak DCFS2K Driver) - c:\windows\system32\drivers\dcfs2k.sys
R2 Defrag32 - c:\windows\system32\drivers\defrag32.sys
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys
R3 ROOTMODEM (Microsoft Legacy Modem Driver) - c:\windows\system32\drivers\rootmdm.sys
R3 smwdm - c:\windows\system32\drivers\smwdm.sys

S1 Exportit - c:\windows\system32\drivers\exportit.sys
S2 windev-1e41-5c5b - c:\windows\system32\windev-1e41-5c5b.sys (file missing)
S3 BCM42XX (Broadcom iLine10(tm) Network Adapter Driver) - c:\windows\system32\drivers\bcm42xx5.sys
S3 BCMModem (BCM V.90 56K Modem) - c:\windows\system32\drivers\bcmdm.sys
S3 DcFpoint - c:\windows\system32\drivers\dcfpoint.sys
S3 DcLps (Legacy Polling Service) - c:\windows\system32\drivers\dclps.sys
S3 DcPTP - c:\windows\system32\drivers\dcptp.sys
S3 EraserUtilDrv10720 - c:\program files\common files\symantec shared\eengine\eraserutildrv10720.sys (file missing)
S3 ltmodem5 (Lucent Modem Driver) - c:\windows\system32\drivers\ltmdmnt.sys
S3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys
S3 SRTSPL - c:\windows\system32\drivers\srtspl.sys
S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon
R2 MSSQL$SQLEXPRESS (SQL Server (SQLEXPRESS)) - "c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe" -ssqlexpress
R2 PDSched (PDScheduler) - "c:\program files\raxco\perfectdisk\pdsched.exe"
R2 SQLBrowser (SQL Server Browser) - "c:\program files\microsoft sql server\90\shared\sqlbrowser.exe"
R2 SQLWriter (SQL Server VSS Writer) - "c:\program files\microsoft sql server\90\shared\sqlwriter.exe"

S2 LiveUpdate Notice Service - "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifeng.dll"
S3 SPTISRV (Sony SPTI Service) - c:\program files\common files\sony shared\avlib\sptisrv.exe
S4 msvsmon80 (Visual Studio 2005 Remote Debugger) - "d:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe" /service msvsmon80


-- Scheduled Tasks -------------------------------------------------------------

2007-04-22 17:39:02 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
2007-04-22 16:54:18 434 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{699F02C7-3898-42D3-8232-C75F5FE94137}.job<USER_F~1.JOB>
2007-04-17 16:25:26 548 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Mom and Dad.job<NORTON~1.JOB>


-- Files created between 2007-03-22 and 2007-04-22 -----------------------------

2007-04-22 21:39:12 21312 --a------ C:\WINDOWS\choice.exe
2007-04-22 21:34:23 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-04-22 21:29:30 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-04-21 11:02:00 0 d--hs---- C:\FOUND.001
2007-04-20 12:54:57 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-04-20 11:33:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-04-20 11:32:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder<SHARE-~1>
2007-04-17 16:13:09 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-04-17 16:13:09 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-04-17 16:11:53 0 d-------- C:\Program Files\Symantec
2007-04-17 16:11:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-04-17 16:10:39 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-04-17 16:10:31 0 d-------- C:\Program Files\Norton
2007-04-16 16:15:27 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-04-14 18:34:34 0 d--hs---- C:\FOUND.000
2007-04-14 11:59:57 0 d-------- C:\Documents and Settings\Mom and Dad\Application Data\Azureus
2007-04-13 18:27:51 0 d-------- C:\Documents and Settings\John\Application Data\Lavasoft
2007-04-11 15:44:02 18943 --a------ C:\WINDOWS\system32\jav253.dll
2007-04-07 19:52:12 0 d-------- C:\Program Files\Hide And Secret<HIDEAN~1>
2007-04-06 14:54:38 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll<CMDLIN~1.DLL>
2007-04-06 14:44:46 35430 --a------ C:\WINDOWS\DIIUnin.dat
2007-04-06 14:44:40 2829 --a------ C:\WINDOWS\DIIUnin.pif
2007-04-06 14:44:40 94208 --a------ C:\WINDOWS\DIIUnin.exe
2007-03-30 16:25:55 0 d-------- C:\Program Files\iWin.com
2007-03-29 22:07:11 0 d-------- C:\Program Files\MSXML 6.0<MSXML6~1.0>
2007-03-29 18:29:31 0 d-------- C:\Documents and Settings\Leigh\Application Data\Magic Academy<MAGICA~1>
2007-03-27 19:04:54 0 d--h----- C:\Documents and Settings\Leigh\Application Data\Move Networks<MOVENE~1>
2007-03-26 18:11:55 66560 --a------ C:\WINDOWS\MOTA113.exe
2007-03-26 18:11:55 217073 --a------ C:\WINDOWS\meta4.exe
2007-03-26 18:11:54 70656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-03-26 18:11:54 70656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-03-26 18:11:54 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll<AVSRED~1.DLL>
2007-03-26 18:11:53 471552 --a------ C:\WINDOWS\system32\Smab.dll
2007-03-26 18:11:53 719872 --a------ C:\WINDOWS\system32\devil.dll
2007-03-26 18:11:53 306688 --a------ C:\WINDOWS\system32\avisynth.dll
2007-03-26 18:11:51 0 d-------- C:\Program Files\AviSynth 2.5<AVISYN~1.5>
2007-03-26 18:11:33 31232 -r-hs---- C:\WINDOWS\system32\msfDX.dll
2007-03-26 18:11:33 163328 -r-hs---- C:\WINDOWS\system32\flvDX.dll
2007-03-24 20:51:03 0 d-------- C:\Documents and Settings\John\Application Data\Apple Computer<APPLEC~1>
2007-03-23 17:54:51 0 d-------- C:\Program Files\Microsoft SQL Server<MI6841~1>
2007-03-23 17:53:43 0 d-------- C:\Program Files\Microsoft Device Emulator<MI9C2B~1>
2007-03-23 17:53:26 0 d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition<MI40D9~1>
2007-03-23 17:42:22 0 d-------- C:\Program Files\MSBuild
2007-03-23 17:30:23 0 d-------- C:\WINDOWS\Symbols
2007-03-23 17:30:23 0 d-------- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions<PREEMP~1>
2007-03-23 17:30:22 0 d-------- C:\Program Files\HTML Help Workshop<HTMLHE~1>
2007-03-23 17:30:22 0 d-------- C:\Program Files\Common Files\Merge Modules<MERGEM~1>
2007-03-23 17:30:22 0 d-------- C:\Program Files\Common Files\Business Objects<BUSINE~1>
2007-03-23 17:30:22 0 d-------- C:\Program Files\CE Remote Tools<CEREMO~1>
2007-03-23 17:25:26 0 d-------- C:\Program Files\Microsoft Visual Studio 8<MID05A~1>
2007-03-23 17:25:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help<MICROS~2>
2007-03-22 16:47:35 46344 --a------ C:\WINDOWS\NSSetDefaultBrowser.EXE<NSSETD~1.EXE>


-- Find3M Report ---------------------------------------------------------------

2007-04-22 20:48:12 19368 --a------ C:\WINDOWS\mozver.dat
2007-04-06 14:52:48 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2007-04-06 14:52:48 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
2007-04-06 14:52:46 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
2007-03-31 17:09:46 33296 --a------ C:\Documents and Settings\Mom and Dad\Application Data\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT>
2007-03-17 09:43:02 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-06 22:37:18 0 d-------- C:\Program Files\MSN Games<MSNGAM~2>
2007-03-05 14:57:48 4 --a------ C:\WINDOWS\system32\6A54FE
2007-02-23 19:10:20 335 --a------ C:\WINDOWS\mozregistry.dat<MOZREG~1.DAT>
2007-02-10 05:29:52 2234224 --a------ C:\WINDOWS\system32\sqlncli.dll
2007-02-10 05:29:52 67952 --a------ C:\WINDOWS\system32\sqlctr90.dll
2007-02-05 16:17:02 185344 --a------ C:\WINDOWS\system32\upnphost.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Weather"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton\\osCheck.exe\""
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -hx"
"item"="Kodak EasyShare software"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkVwMon.exe.lnk]
"backup"="C:\\WINDOWS\\pss\\NkVwMon.exe.lnkCommon Startup"
"location"="Common Startup"
"item"="NkVwMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
"backup"="C:\\WINDOWS\\pss\\Verizon Online Support Center.lnkCommon Startup"
"location"="Common Startup"
"command"="c:\\program files\\hewlett-packard\\hpis\\bin\\matcli.exe -boot"
"item"="Verizon Online Support Center"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FotomatDeviceConnect"
"hkey"="HKLM"
"command"="c:\\program files\\common files\\viewpoint\\toolbar runtime\\3.7.0\\fotomatdeviceconnect.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jav253

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1c3449f-613a-11d9-a932-806d6172696f}]
Shell\AutoRun\command F:\Aly_Aj.exe


-- Hosts -----------------------------------------------------------------------

127.0.0.1 ns8-stats.netscape.com


-- End of Deckard's System Scanner: finished at 2007-04-22 at 22:16:14 ---------

[dark_shard]

Bumping

[suebaby41]

Welcome to the Tech Support Forums. Sorry for the delay in responding. If you still need help, please post a new HijackThis log. Thanks.

[suebaby41]

1. Please download VundoFix.exe to your desktop.
   1. Double-click VundoFix.exe to run it.
   2. Click the Scan for Vundo button.
   3. After it's done scanning, click the Remove Vundo button.
   4. You will receive a prompt asking if you want to remove the files, click YES;
   5. After you click YES, your desktop will go blank as it starts removing Vundo.
   6. When completed, it will prompt that it will reboot your computer, click OK.
2. Note: It is possible that VundoFix.exe may encounter a file it could not remove. In this case, VundoFix.exe will run on reboot, simply follow the above instructions starting from (1b) Click the Scan for Vundo button when VundoFix.exe appears at reboot.
3. Please post the contents of C:\vundofix.txt and a new HijackThis log.

[suebaby41]

The entries below indicate that you may have two antivirus programs, Norton AntiVirus and AVG Freeon your computer.

Norton AntiVirus

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton\osCheck.exe"

AVG Free

C:\Program Files\Grisoft\AVG Free\avgcc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

When you have more than one antivirus running at the same time, they conflict with each other rendering the computer vulnerable or unusable. It may even cause crashes. Please review this information:
Should you run more than one antivirus program at the same time?
Microsoft recommends that you have only one anti-virus program installed on your computer.

There are basically two types of antivirus programs: On-Access and On-Demand

On-Access Scanners, as the name implies, run in the background all the time the PC is turned on and running. The main function of an on-access scanner is to monitor activity on your machine.

On-Demand Scanners, such as Online Scans and scanners that run on your machine but are not actively scanning your machine, as the name implies, are scanners that only run when you ask them to run.

Antivirus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two antivirus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. I notice that you are using more than one antivirus program. This is very dangerous, as multiple antivirus programs can interfere with one another and actually allow MORE viruses to get through. Running two antivirus programs at the same time could lead to both of them trying to scan the same file at the same time, scan the same email at the same time and so on which could lead to conflicts.
I strongly suggest you do one of the following:

1. Configure only one antivirus program to enable automatic realtime scanning and leave the rest disabled most of the time.
2. Go to "Start -> Control Panel -> Add/Remove Programs" and uninstall all but one antivirus program.

[dark_shard]

Sorry about taking so long to reply, I was out of town for a while and had practically given up on this post hahah. Thanks for replying! I had actually run VundoFix when the problems first started to occur. It didn't find anything at that time, but this time it found two .dlls. Here's the new scan report:


Deckard's System Scanner v20070411.38
Run by Mom and Dad on 2007-05-08 at 10:42:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Mom and Dad.exe) -----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:43:55 AM, on 5/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mom and Dad\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\MOMAND~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.cnn.com"); (C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Mom and Dad\Application Data\Mozilla\Profiles\default\kdnew42q.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {983d75b1-b947-4c4b-a49f-24438a422052} - C:\WINDOWS\system32\jav253.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\byyayv.dll",realset
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZS
O8 - Extra context menu item: Backward &Links - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\common files\real\gtoolbar\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mp3: C:\Program Files\Netscape\PLUGINS\npTrident.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1105162440937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125198812084
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553572000} - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game...nematycoon.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bej...loader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: jav253 - jav253.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe


-- Files created between 2007-04-08 and 2007-05-08 -----------------------------

2007-05-08 10:27:15 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-05-03 12:28:06 0 d-------- C:\WINDOWS\system32\VirtualExpander<VIRTUA~1>
2007-05-03 11:54:38 0 d-------- C:\Documents and Settings\Mom and Dad\Incomplete<INCOMP~1>
2007-05-03 11:54:27 0 d-------- C:\Documents and Settings\Mom and Dad\Application Data\LimeWire
2007-05-02 13:42:57 0 d-------- C:\Documents and Settings\Leigh\Application Data\Lavasoft
2007-04-29 21:05:58 0 d--hs---- C:\FOUND.002
2007-04-22 21:39:12 21312 --a------ C:\WINDOWS\choice.exe
2007-04-22 21:34:23 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-04-22 21:29:30 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-04-21 11:02:00 0 d--hs---- C:\FOUND.001
2007-04-20 12:54:57 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-04-20 11:33:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-04-20 11:32:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder<SHARE-~1>
2007-04-17 16:11:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-04-17 16:10:39 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-04-16 16:15:27 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-04-14 18:34:34 0 d--hs---- C:\FOUND.000
2007-04-14 11:59:57 0 d-------- C:\Documents and Settings\Mom and Dad\Application Data\Azureus
2007-04-13 18:27:51 0 d-------- C:\Documents and Settings\John\Application Data\Lavasoft


-- Find3M Report ---------------------------------------------------------------

2007-05-06 12:13:42 19368 --a------ C:\WINDOWS\mozver.dat
2007-04-10 15:30:02 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll<CMDLIN~1.DLL>
2007-04-06 14:54:30 35430 --a------ C:\WINDOWS\DIIUnin.dat
2007-04-06 14:52:48 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2007-04-06 14:52:48 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
2007-04-06 14:52:46 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
2007-04-06 14:44:42 2829 --a------ C:\WINDOWS\DIIUnin.pif
2007-04-06 14:44:42 94208 --a------ C:\WINDOWS\DIIUnin.exe
2007-03-31 17:09:46 33296 --a------ C:\Documents and Settings\Mom and Dad\Application Data\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT>
2007-03-30 16:25:56 0 d-------- C:\Program Files\iWin.com
2007-03-29 22:07:12 0 d-------- C:\Program Files\MSXML 6.0<MSXML6~1.0>
2007-03-23 17:54:52 0 d-------- C:\Program Files\Microsoft SQL Server<MI6841~1>
2007-03-23 17:53:44 0 d-------- C:\Program Files\Microsoft Device Emulator<MI9C2B~1>
2007-03-23 17:53:28 0 d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition<MI40D9~1>
2007-03-23 17:42:24 0 d-------- C:\Program Files\MSBuild
2007-03-23 17:30:24 0 d-------- C:\Program Files\HTML Help Workshop<HTMLHE~1>
2007-03-23 17:30:24 0 d-------- C:\Program Files\Common Files\Merge Modules<MERGEM~1>
2007-03-23 17:30:24 0 d-------- C:\Program Files\Common Files\Business Objects<BUSINE~1>
2007-03-23 17:30:24 0 d-------- C:\Program Files\CE Remote Tools<CEREMO~1>
2007-03-23 17:25:28 0 d-------- C:\Program Files\Microsoft Visual Studio 8<MID05A~1>
2007-03-22 16:47:36 46344 --a------ C:\WINDOWS\NSSetDefaultBrowser.EXE<NSSETD~1.EXE>
2007-03-17 09:43:02 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-05 14:57:48 4 --a------ C:\WINDOWS\system32\6A54FE
2007-02-23 19:10:20 335 --a------ C:\WINDOWS\mozregistry.dat<MOZREG~1.DAT>
2007-02-10 05:29:52 2234224 --a------ C:\WINDOWS\system32\sqlncli.dll
2007-02-10 05:29:52 67952 --a------ C:\WINDOWS\system32\sqlctr90.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Weather"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"InfoData"="rundll32.exe \"C:\\WINDOWS\\byyayv.dll\",realset"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -hx"
"item"="Kodak EasyShare software"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkVwMon.exe.lnk]
"backup"="C:\\WINDOWS\\pss\\NkVwMon.exe.lnkCommon Startup"
"location"="Common Startup"
"item"="NkVwMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
"backup"="C:\\WINDOWS\\pss\\Verizon Online Support Center.lnkCommon Startup"
"location"="Common Startup"
"command"="c:\\program files\\hewlett-packard\\hpis\\bin\\matcli.exe -boot"
"item"="Verizon Online Support Center"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewpointPhotosDeviceConnect]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="FotomatDeviceConnect"
"hkey"="HKLM"
"command"="c:\\program files\\common files\\viewpoint\\toolbar runtime\\3.7.0\\fotomatdeviceconnect.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jav253

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##Johnscomputer#F]
Shell\AutoRun\command Z:\Monkey.exe


-- End of Deckard's System Scanner: finished at 2007-05-08 at 10:44:33 ---------

[suebaby41]

1. Please download ComboFix.
2. Double click combofix.exe & follow the prompts.
3. A window will open with a warning. Type Y (and Enter) to start the fix.
4. The scan will temporarily disable your desktop, and if interrupted, may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
5. Caution - do not touch your mouse/keyboard until the scan has completed. That may cause it to stall.
6. When finished, ComboFix will produce a log for you and will automatically save the log file to C:\combofix.txt.
7. ComboFix will create a folder called QooBox in C: (C:\QooBox). It will contain any folders that were quarantined. When you are done, you can delete this folder - QooBox.
8. Please post the log from ComboFix and a new HijackThis log. Thanks.