Warning Virus Background Appears

[teenzbutler]

Anytime I rebooted my computer, my background graphic changed with "Warning, your computer may be infected with a virus...." Then little bugs would crawl all over my desktop and start eating the icons. I followed all the instructions for removal. This is what I done so far:

1. I have Norton 360. I did a full system scan and removed anything it found
2. Downloaded and ran Super Antispyware (please see log below)
3. Downloaded and ran SS&D and removed anything it found
4. Downloaded and ran Adware 2007 and removed anything it found
5. Downloaded and ran Hijackthis (please see log below)

It appeared these tools resolved the issue. However, I would feel more confident if someone can review the Hijackthis log and let me know if there is anything hidden.
=================================
SUPERAntiSpyware Scan Log
Generated 05/08/2008 at 05:16 PM

Application Version : 4.0.1154

Core Rules Database Version : 3455
Trace Rules Database Version: 1447

Scan type : Complete Scan
Total Scan Time : 00:24:18

Memory items scanned : 657
Memory threats detected : 1
Registry items scanned : 6480
Registry threats detected : 33
File items scanned : 22707
File threats detected : 233

Trojan.Unclassified/CTFMONA
C:\WINDOWS\SYSTEM32\CTFMONA.EXE
C:\WINDOWS\SYSTEM32\CTFMONA.EXE
C:\WINDOWS\Prefetch\CTFMONA.EXE-0F567013.pf

Adware.Tracking Cookie
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@webpower[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@usatoday1.112.2o7[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@ads.m4internet[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@eyewonder[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@mediaonenetwork[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@apmebf[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@superstats[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@shopping.112.2o7[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@uclick[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@www.googleadservices[7].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@adultadworld[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@pro-market[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@media6degrees[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@ads.pointroll[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@hitbox[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@ehg-shoes.hitbox[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@stats.chooseyouritem[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@ads.revsci[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@stat.dealtime[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@doubleclick[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@traffic[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@cbs.112.2o7[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@ads.bridgetrack[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@anad.tacoda[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@adecn[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@casalemedia[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@qnsr[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@bravenet[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@statcounter[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@kelleybluebook.112.2o7[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@clickbank[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@mediamax[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@phg.hitbox[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@ads.techguy[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@www.burstnet[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@adrevolver[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@mediaplex[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@linksynergy[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@indexstats[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@e-2dj6whkicjdjkdq.stats.esomniture[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@atwola[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@adinterax[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@imrworldwide[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@e-2dj6wjnyqmdjafp.stats.esomniture[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@azjmp[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@counter16.sextracker[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@kontera[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@webstat[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@atdmt[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@serving-sys[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@247realmedia[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@media.cardomain[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@specificclick[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@ad1.clickhype[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@fastclick[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@www.burstbeacon[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@adbrite[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@questionmarket[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@overture[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@ehg-j2.hitbox[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@counter7.sextracker[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@trafficregenerator[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@luggagepointcom.112.2o7[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@advertising[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@ehg-traderpublishing.hitbox[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@www.traffic[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@e-2dj6wjkoqicjaco.stats.esomniture[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@www.googleadservices[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@ads.addesktop[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@bizrate[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@4.adbrite[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@pornotube[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@equs.liveperson[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@ehg-traderelectronicmedia.hitbox[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@ehg-equifax.hitbox[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@revsci[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@bs.serving-sys[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@bfast[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@burstnet[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@www.googleadservices[4].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@collective-media[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@classifiedventures1.112.2o7[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@wolverineworldwide.112.2o7[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@e-2dj6wjkykicpkfq.stats.esomniture[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@ehg-cardomain.hitbox[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@adserver.adtechus[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@zedo[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@nextag[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@dealtime[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@perf.overture[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@adlegend[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@e-2dj6wjlialcjilo.stats.esomniture[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@partner2profit[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@adtech[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@2o7[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@imageads2.googleadservices[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@bluestreak[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@insightexpressai[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@e-2dj6wfkiolc5ohq.stats.esomniture[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@tribalfusion[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@sextracker[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@tacoda[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@e-2dj6wjnyqodjcgp.stats.esomniture[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@marketlive.122.2o7[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@jewelrytelevision.112.2o7[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@e-2dj6wjnyekc5ogo.stats.esomniture[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@web4.realtracker[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@yadro[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@anat.tacoda[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@yieldmanager[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@www.googleadservices[6].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@e-2dj6wjkoahdzklq.stats.esomniture[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@tremor.adbureau[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@feed.validclick[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@ad.us-ec.adtechus[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@realmedia[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@ads.cnn[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@ehg-bmwna.hitbox[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@www.addfreestats[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@precisionclick[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@interclick[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@www.mediamax[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@www.googleadservices[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@homesteadtechnologies.122.2o7[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@trafficmp[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@e-2dj6wjl4spajsao.stats.esomniture[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@click.cybertvpartner[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@equifax.adbureau[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@www.googleadservices[5].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@ar.atwola[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@e-2dj6wjkoohcjkeo.stats.esomniture[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@data.coremetrics[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@e-2dj6wfk4qgdpmkp.stats.esomniture[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@adserver.mediarun[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@rotator.adjuggler[1].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@e-2dj6wjnywnc5ico.stats.esomniture[2].txt
C:\Documents and Settings\Curt Pindler\Cookies\curt_pindler@www.googleadservices[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@advertising[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@adopt.euroclick[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry pindler@doubleclick[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry pindler@e-2dj6wjkyqocpsao.stats.esomniture[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@bs.serving-sys[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@richmedia.yahoo[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@imrworldwide[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry pindler@indextools[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@ehg-traderpublishing.hitbox[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry pindler@e-2dj6wjnyaicjieq.stats.esomniture[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@media.adrevolver[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@pro-market[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry pindler@vhost.oddcast[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@collective-media[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@counter.hitslink[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@insightfirst[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@zedo[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry pindler@perf.overture[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@trafficmp[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@4.adbrite[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@serving-sys[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@dominionenterprises.112.2o7[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@questionmarket[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@anad.tacoda[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@cvs.pnimedia[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@ad.yieldmanager[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@tacoda[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@adbrite[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry pindler@bravenet[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@fastclick[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@edge.ru4[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@overture[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@ads.traderonline[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@ehg-wastemanagement.hitbox[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@revsci[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@sales.liveperson[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@sales.liveperson[3].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@www.googleadservices[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@www.googleadservices[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry pindler@ads.x10[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry pindler@e-2dj6wflockajmcp.stats.esomniture[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry pindler@toseeka[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry pindler@mediaplex[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry pindler@ehg-lowermybills.hitbox[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@www.googleadservices[4].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@www.googleadservices[3].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@sportskids.112.2o7[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@server.iad.liveperson[3].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@atwola[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@apmebf[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry pindler@data.coremetrics[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@bizrate[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@tribalfusion[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@mattressusa.122.2o7[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@server.iad.liveperson[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@ehg-warnerbrothers.hitbox[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@statcounter[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry pindler@ehg-melbourneit.hitbox[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@warnerbros.112.2o7[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry pindler@partner2profit[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry pindler@msnportal.112.2o7[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@adrevolver[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry pindler@cratebarrel.112.2o7[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@test.coremetrics[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry pindler@e-2dj6wgkoujc5mgq.stats.esomniture[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@ehg-lifetimeentertainment.hitbox[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@adecn[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry pindler@atdmt[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@2o7[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry pindler@easy-hit-counters[1].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@insightexpressai[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry_pindler@hitbox[2].txt
C:\Documents and Settings\Gerry Pindler\Cookies\gerry pindler@insightexpress[2].txt

Adware.IST/ISTBar (Slotch Bar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll#.Owner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll#{EF86873F-04C2-4A95-A373-5703C08EFC7B}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\ISTactivex.dll [
]
HKU\S-1-5-21-453202408-401739415-653543666-1008\Software\Microsoft\Internet Explorer\Main#BandRest [ Never ]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ Never ]

Adware.Avenue Media/Internet Optimizer
C:\Program Files\Internet Optimizer
HKU\S-1-5-21-453202408-401739415-653543666-1008\Software\Microsoft\Internet Explorer\URLSearchHooks#_{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

Adware.ClearSearch
C:\Program Files\ClearSearch

Rogue.WinIFixer
C:\Documents and Settings\All Users\Start Menu\Programs\WinIFixer\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WinIFixer\Register.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WinIFixer\Uninstall.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WinIFixer\WinIFixer.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WinIFixer
C:\Program Files\WinIFixer\database.dat
C:\Program Files\WinIFixer\license.txt
C:\Program Files\WinIFixer\MFC71.dll
C:\Program Files\WinIFixer\MFC71ENU.DLL
C:\Program Files\WinIFixer\msvcp71.dll
C:\Program Files\WinIFixer\msvcr71.dll
C:\Program Files\WinIFixer\Uninstall.exe
C:\Program Files\WinIFixer\WinIFixer.exe.local
C:\Program Files\WinIFixer\WinIFixerSkin.dll
C:\Program Files\WinIFixer
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#WinIFixer [ C:\Program Files\WinIFixer\WinIFixer.exe ]
HKLM\Software\winifixer.com
HKLM\Software\winifixer.com\WinIFixer
HKLM\Software\winifixer.com\WinIFixer#RegistrationUrl
HKLM\Software\winifixer.com\WinIFixer#RegistrationDiscUrl
HKLM\Software\winifixer.com\WinIFixer#ADVid
HKLM\Software\winifixer.com\WinIFixer#InstallDir
HKLM\Software\winifixer.com\WinIFixer#domain
HKLM\Software\winifixer.com\WinIFixer#SoftID
HKLM\Software\winifixer.com\WinIFixer#DatabaseVersion
HKLM\Software\winifixer.com\WinIFixer#ProgramVersion
HKLM\Software\winifixer.com\WinIFixer#EngineVersion
HKLM\Software\winifixer.com\WinIFixer#GuiVersion
HKLM\Software\winifixer.com\WinIFixer#ProxyName
HKLM\Software\winifixer.com\WinIFixer#ProxyPort
HKLM\Software\winifixer.com\WinIFixer#ScanPriority
HKLM\Software\winifixer.com\WinIFixer#DaysInterval
HKLM\Software\winifixer.com\WinIFixer#ScanDepth
HKLM\Software\winifixer.com\WinIFixer#ScanSystemOnStartup
HKLM\Software\winifixer.com\WinIFixer#AutomaticallyUpdates
HKLM\Software\winifixer.com\WinIFixer#MinimizeOnStart
HKLM\Software\winifixer.com\WinIFixer#BackgroundScan
HKLM\Software\winifixer.com\WinIFixer#BackgroundScanTimeout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winifixer
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winifixer#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winifixer#UninstallString
C:\Documents and Settings\All Users\Desktop\WinIFixer.lnk

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\CTFMONB.BMP
=================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:55 AM, on 5/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08\hpqtra08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\Crusty.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://my.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [CMSRegOW.exe] "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - S-1-5-18 Startup: MP3 Rocket (Minimized).lnk = C:\Program Files\MP3 Rocket\MP3Rocket.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: MP3Rocket (silent).lnk = C:\Program Files\MP3Rocket\MP3Rocket_on_startup.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: palmOne Registration.lnk = C:\Program Files\Palm\register.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: PowerReg Scheduler V3.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MP3 Rocket (Minimized).lnk = C:\Program Files\MP3 Rocket\MP3Rocket.exe (User 'Default user')
O4 - .DEFAULT Startup: MP3Rocket (silent).lnk = C:\Program Files\MP3Rocket\MP3Rocket_on_startup.exe (User 'Default user')
O4 - .DEFAULT Startup: palmOne Registration.lnk = C:\Program Files\Palm\register.exe (User 'Default user')
O4 - .DEFAULT Startup: PowerReg Scheduler V3.exe (User 'Default user')
O4 - Startup: MP3 Rocket (Minimized).lnk = C:\Program Files\MP3 Rocket\MP3Rocket.exe
O4 - Startup: MP3Rocket (silent).lnk = C:\Program Files\MP3Rocket\MP3Rocket_on_startup.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/5...l/gtdownls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://meetings.webex.com/client/v_...ex/ieatgpc.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: TxyyfdD - {BC87E186-162D-4B2C-11BE-0BECA7D9F395} - C:\WINDOWS\system32\bg.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe

--
End of file - 14327 bytes

[amateur]

Hello and welcome to TSF.

Apologies for the long delay in response. We have a large number of HijackThis logs to handle and it’s taking us longer to catch up. If you haven’t received help elsewhere already and still require assistance please follow the instructions below:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

[teenzbutler]

Thanks for getting back to me. I realize you guys are very busy. We just appreciate all your help. This computer has two users. While logged on as one user, I went through the cleanup and everything appears to be OK. Then, when I log on as the second user, the issue reappeared. So I believe I need to go through the same process on both logons. Would you mind if I post the Hijackthis log for the other account after we are done with this one? In any case, here is the MBAM log:

Malwarebytes' Anti-Malware 1.12
Database version: 746

Scan type: Quick Scan
Objects scanned: 41168
Time elapsed: 5 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\69.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\didduid.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

I also found "ctfmona.exe" which was in the MSCONFIG Startup. I unchecked that from the startup as well. Let me know your thoughts.

[amateur]

Quote:

Would you mind if I post the Hijackthis log for the other account after we are done with this one?

Not at all. Just give it a different name like "computer #2" so that it will not get confusing. I would like to have the HijackThis log from both computers as well.

[teenzbutler]

Sorry. I forgot to post the newest HijackThis log. Here you go:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:34 AM, on 5/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08\hpqtra08.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Trend Micro\HijackThis\Crusty.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://my.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-453202408-401739415-653543666-1009\..\Run: [RecordNow!] (User 'Gerry Pindler')
O4 - HKUS\S-1-5-21-453202408-401739415-653543666-1009\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook (User 'Gerry Pindler')
O4 - HKUS\S-1-5-21-453202408-401739415-653543666-1009\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Gerry Pindler')
O4 - HKUS\S-1-5-21-453202408-401739415-653543666-1009\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" (User 'Gerry Pindler')
O4 - HKUS\S-1-5-21-453202408-401739415-653543666-1009\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'Gerry Pindler')
O4 - HKUS\S-1-5-21-453202408-401739415-653543666-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Gerry Pindler')
O4 - HKUS\S-1-5-21-453202408-401739415-653543666-1009\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Gerry Pindler')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Startup: MP3 Rocket (Minimized).lnk = C:\Program Files\MP3 Rocket\MP3Rocket.exe
O4 - Startup: MP3Rocket (silent).lnk = C:\Program Files\MP3Rocket\MP3Rocket_on_startup.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/5...l/gtdownls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://meetings.webex.com/client/v_...ex/ieatgpc.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: TxyyfdD - {BC87E186-162D-4B2C-11BE-0BECA7D9F395} - C:\WINDOWS\system32\bg.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe

--
End of file - 14321 bytes

[teenzbutler]

Here is the HijackThis Log for computer #2:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:08 AM, on 5/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08\hpqtra08.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Trend Micro\HijackThis\Crusty.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/?page=1&refresh=4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-453202408-401739415-653543666-1008\..\Run: [RecordNow!] (User 'Curt Pindler')
O4 - HKUS\S-1-5-21-453202408-401739415-653543666-1008\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook (User 'Curt Pindler')
O4 - HKUS\S-1-5-21-453202408-401739415-653543666-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Curt Pindler')
O4 - HKUS\S-1-5-21-453202408-401739415-653543666-1008\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'Curt Pindler')
O4 - HKUS\S-1-5-21-453202408-401739415-653543666-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Curt Pindler')
O4 - HKUS\S-1-5-21-453202408-401739415-653543666-1008\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User 'Curt Pindler')
O4 - HKUS\S-1-5-21-453202408-401739415-653543666-1008\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Curt Pindler')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - S-1-5-21-453202408-401739415-653543666-1008 Startup: MP3 Rocket (Minimized).lnk = C:\Program Files\MP3 Rocket\MP3Rocket.exe (User 'Curt Pindler')
O4 - S-1-5-21-453202408-401739415-653543666-1008 Startup: MP3Rocket (silent).lnk = C:\Program Files\MP3Rocket\MP3Rocket_on_startup.exe (User 'Curt Pindler')
O4 - S-1-5-21-453202408-401739415-653543666-1008 Startup: palmOne Registration.lnk = C:\Program Files\Palm\register.exe (User 'Curt Pindler')
O4 - S-1-5-21-453202408-401739415-653543666-1008 Startup: PowerReg Scheduler V3.exe (User 'Curt Pindler')
O4 - S-1-5-21-453202408-401739415-653543666-1008 User Startup: MP3 Rocket (Minimized).lnk = C:\Program Files\MP3 Rocket\MP3Rocket.exe (User 'Curt Pindler')
O4 - S-1-5-21-453202408-401739415-653543666-1008 User Startup: MP3Rocket (silent).lnk = C:\Program Files\MP3Rocket\MP3Rocket_on_startup.exe (User 'Curt Pindler')
O4 - S-1-5-21-453202408-401739415-653543666-1008 User Startup: palmOne Registration.lnk = C:\Program Files\Palm\register.exe (User 'Curt Pindler')
O4 - S-1-5-21-453202408-401739415-653543666-1008 User Startup: PowerReg Scheduler V3.exe (User 'Curt Pindler')
O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/5...l/gtdownls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://meetings.webex.com/client/v_...ex/ieatgpc.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: TxyyfdD - {BC87E186-162D-4B2C-11BE-0BECA7D9F395} - C:\WINDOWS\system32\bg.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe

--
End of file - 14693 bytes