Can't remove spyware

[snorvell]

I am not sure how I got the spyware, I ran a spybot and norton's virus scan and they didn't remove. Also it show up in the add remove program but when I told it to remove it came up and said it was removed but it is still listed in the add remove programs file.
I have done the scan and here is what it said:

Deckard's System Scanner v20071014.68
Run by Betty on 2008-07-12 21:56:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-07-13 01:57:08 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-07-12 08:27:30 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-12 21:58:49
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Norton AntiVirus\Navapw32.exe
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\Documents and Settings\Betty\My Documents\My Received Files\dss.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.com/ig/dell?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NAVShExt.dll
O2 - BHO: ShopAtHomeIEHelper - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ShopAtHome Toolbar - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVShExt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photags AutoDetect.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://online.musicmatch.com (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_05) - http://javadl.sun.com/webapps/downlo...BundleId=19588
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/b...ploader_v6.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O21 - SSODL: rNAmlTFx - {D0CC91D3-7A66-3B79-7D95-4516B1FC4BBB} - C:\WINDOWS\system32\hlx.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE


--
End of file - 9401 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 sysrest.sys - c:\windows\system32\sysrest.sys

S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 MREMP50 (MREMP50 NDIS Protocol Driver) - c:\program files\common files\motive\mremp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 MREMP50a64 (MREMP50a64 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mremp50a64.sys (file missing)
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRESP50 (MRESP50 NDIS Protocol Driver) - c:\program files\common files\motive\mresp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 MRESP50a64 (MRESP50a64 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mresp50a64.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McciCMService - "c:\program files\common files\motive\mccicmservice.exe" <Not Verified; Motive Communications, Inc.; >

S4 AOL ACS (AOL Connectivity Service) - c:\progra~1\common~1\aol\acs\aolacsd.exe (file missing)
S4 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01C91028&REV_02\4&2FA23535&0&00F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01C91028&REV_02\4&2FA23535&0&00F0
Service: bcm4sbxp


-- Scheduled Tasks -------------------------------------------------------------

2008-07-12 21:45:17 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-06-12 and 2008-07-12 -----------------------------

2008-07-12 20:37:09 0 d-------- C:\WINDOWS\system32\LogFiles
2008-07-12 19:38:51 0 dr-h----- C:\Documents and Settings\Betty\Recent
2008-07-11 19:13:20 94208 --a------ C:\WINDOWS\system32\pphc7u9j0epc9.exe
2008-07-11 19:13:20 0 d-------- C:\Documents and Settings\Betty\Application Data\rhc3u9j0epc9
2008-07-11 19:13:05 0 d-------- C:\Program Files\rhc3u9j0epc9
2008-07-11 19:12:39 60928 --a------ C:\WINDOWS\system32\blphc7u9j0epc9.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-07-11 19:12:24 109056 --a------ C:\WINDOWS\system32\lphc7u9j0epc9.exe
2008-07-11 13:50:43 0 d-------- C:\Program Files\PhoTags Express
2008-07-07 13:53:35 0 d-------- C:\Program Files\windstream_act
2008-07-03 09:09:06 0 d-------- C:\Documents and Settings\Betty\Application Data\Help
2008-07-02 20:58:20 589824 --a------ C:\WINDOWS\system32\MCCDNSHLP_1-0-0_DSR.dll <Not Verified; Motive Communications, Inc.; >
2008-07-02 20:58:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-07-02 20:58:06 0 d-------- C:\Program Files\Common Files\Motive
2008-07-02 20:54:57 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-02 20:54:57 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-02 20:54:57 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-02 20:54:57 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-07-02 20:54:56 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-07-02 20:54:47 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-07-02 20:54:47 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-07-02 20:54:47 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-02 20:54:47 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-02 20:54:47 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-02 20:54:46 945424 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-02 20:54:46 154896 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-02 20:54:46 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-02 20:54:45 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-02 20:54:45 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-02 20:54:45 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-02 20:54:44 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-07-02 20:54:43 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-06-29 13:00:32 0 d-------- C:\Program Files\FreshGames
2008-06-19 14:02:22 0 d-------- C:\Program Files\Activision
2008-06-19 13:09:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Auslogics
2008-06-19 12:40:05 0 d-------- C:\Documents and Settings\Betty\Application Data\Auslogics
2008-06-19 12:39:59 0 d-------- C:\Program Files\Auslogics
2008-06-17 19:16:36 0 d-------- C:\Documents and Settings\Betty\Application Data\AdobeUM
2008-06-14 16:55:35 12800 --a------ C:\WINDOWS\system32\WING32.DLL <Not Verified; Microsoft Corporation; WinG>
2008-06-14 16:55:31 0 d-------- C:\Scrabble
2008-06-14 16:55:26 283648 --a------ C:\WINDOWS\uninst.exe <Not Verified; Stirling Technologies, Inc.; InstallShield Deinstaller>
2008-06-14 16:55:21 0 d-------- C:\Documents and Settings\Betty\WINDOWS
2008-06-13 13:55:55 0 d-------- C:\Documents and Settings\Betty\Application Data\Corel Photo Album
2008-06-13 13:55:20 3766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-13 13:55:20 56 -r-hs---- C:\WINDOWS\system32\3B68910790.sys


-- Find3M Report ---------------------------------------------------------------

2008-07-03 09:09:06 0 d-------- C:\Program Files\Norton AntiVirus
2008-07-02 20:58:06 0 d-------- C:\Program Files\Common Files
2008-06-25 08:30:16 0 d-------- C:\Documents and Settings\Betty\Application Data\Adobe
2008-06-25 08:22:48 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-24 13:25:22 0 d-------- C:\Documents and Settings\Betty\Application Data\Identities
2008-06-18 15:16:44 0 d-------- C:\Program Files\Common Files\Corel
2008-06-10 14:22:42 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-10 12:42:21 0 d-------- C:\Program Files\Symantec
2008-06-10 12:42:18 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-10 12:42:00 0 d-------- C:\Documents and Settings\Betty\Application Data\Symantec
2008-06-08 12:57:26 0 d-------- C:\Documents and Settings\Betty\Application Data\Macromedia
2008-06-08 12:57:00 0 dr-h----- C:\Documents and Settings\Betty\Application Data\SecuROM
2008-06-08 12:54:08 0 d-------- C:\Program Files\Hasbro
2008-06-07 21:47:38 0 d-------- C:\Program Files\SelectRebates
2008-06-06 22:19:55 0 d-------- C:\Program Files\Oberon Media
2008-06-06 14:37:01 0 d-------- C:\Documents and Settings\Betty\Application Data\Yahoo!
2008-06-06 14:29:44 0 d-------- C:\Documents and Settings\Betty\Application Data\MSNInstaller
2008-06-06 14:17:05 0 d-------- C:\Program Files\Yahoo!
2008-06-06 1422 0 d-------- C:\Program Files\CCleaner
2008-06-06 13:59:12 0 d-------- C:\Program Files\Windows Live
2008-06-06 13:53:16 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-06 13:34:25 0 d-------- C:\Program Files\Google
2008-06-06 13:32:15 0 d-------- C:\Program Files\LimeWire
2008-06-06 13:31:02 0 d-------- C:\Program Files\My Kazaa Gold
2008-06-06 13:30:38 0 d-------- C:\Program Files\NetWaiting
2008-06-06 13:30:33 0 d-------- C:\Program Files\Cute Knight
2008-06-06 13:30:27 0 d-------- C:\Program Files\AskSBar
2008-06-06 13:30:15 0 d-------- C:\Program Files\Spybot - Search & Destroy(2)
2008-06-06 13:30:13 0 d-------- C:\Program Files\Adobe Media Player
2008-06-06 13:30:07 0 d-------- C:\Program Files\MSN Messenger
2008-06-04 23:10:16 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-05-15 16:54:48 0 d-------- C:\Program Files\Azureus
2008-05-14 11:44:09 0 d-------- C:\Program Files\AWS
2008-05-13 15:51:42 0 d-------- C:\Program Files\Sun
2008-05-13 15:51:00 0 d-------- C:\Program Files\Java
2008-05-13 00:17:41 0 d-------- C:\Program Files\MSXML 4.0


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8DAAA30-6CAA-4b58-9603-8E54238219E2}]
05/15/2008 09:51 AM 712793 --a------ C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}"= C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll [05/15/2008 09:51 AM 712793]

[-HKEY_CLASSES_ROOT\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
[HKEY_CLASSES_ROOT\ShopAtHome.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{462E4AEC-DB3B-4e69-AF61-4F300D76255C}]
[HKEY_CLASSES_ROOT\ShopAtHome.IEToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [07/19/2005 12:09 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [07/19/2005 12:06 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [07/19/2005 12:10 PM]
"SigmatelSysTrayApp"="stsystra.exe" [09/10/2005 01:19 AM C:\WINDOWS\stsystra.exe]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 03:05 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"NAV Agent"="C:\PROGRA~1\NORTON~1\navapw32.exe" [08/16/2001 05:52 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"rNAmlTFx"= {D0CC91D3-7A66-3B79-7D95-4516B1FC4BBB} - C:\WINDOWS\system32\hlx.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphc7u9j0epc9]
C:\WINDOWS\system32\lphc7u9j0epc9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SelectRebates]
C:\Program Files\SelectRebates\SelectRebates.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhc3u9j0epc9]
C:\Program Files\rhc3u9j0epc9\rhc3u9j0epc9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysrest32.exe]
C:\WINDOWS\system32\sysrest32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"NICCONFIGSVC"=2 (0x2)
"navapsvc"=2 (0x2)
"ISSVC"=3 (0x3)
"gusvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"AOL ACS"=2 (0x2)




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8713 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-12 22:00:10 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) M processor 1.40GHz
Percentage of Memory in Use: 67%
Physical Memory (total/avail): 247.37 MiB / 79.71 MiB
Pagefile Memory (total/avail): 604.46 MiB / 419.06 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.1 MiB

C: is Fixed (NTFS) - 34.21 GiB total, 28.49 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD400VE-75HDT1 - 37.26 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 34.21 GiB - C:
\PARTITION2 - Unknown - 3 GiB



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
UpdatesDisableNotify is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:TaskPanl"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Disabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Disabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Disabled:AOL"
"D:\\kmd.exe"="D:\\kmd.exe:*:Enabled:kmd"
"C:\\Documents and Settings\\Betty\\Local Settings\\Temp\\.tt14E.tmp"="C:\\Documents and Settings\\Betty\\Local Settings\\Temp\\.tt14E.tmp:*:Enabled:enable"
"C:\\WINDOWS\\system32\\sysrest32.exe"="C:\\WINDOWS\\system32\\sysrest32.exe:*:Enabled:enable"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Betty\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DEAN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Betty
LOGONSERVER=\\DEAN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Betty\LOCALS~1\Temp
TMP=C:\DOCUME~1\Betty\LOCALS~1\Temp
USERDOMAIN=DEAN
USERNAME=Betty
USERPROFILE=C:\Documents and Settings\Betty
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Betty (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
AntivirXP08 --> "C:\Program Files\rhc3u9j0epc9\uninstall.exe"
AusLogics Disk Defrag --> "C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Broadcom Management Programs --> MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Cubis Gold 2 --> C:\PROGRA~1\FRESHG~1\CUBISG~1\UNWISE.EXE C:\PROGRA~1\FRESHG~1\CUBISG~1\INSTALL.LOG
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Wireless WLAN Card --> C:\WINDOWS\system32\BCMWLU00.exe verbose
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal --> MsiExec.exe /I{B702CCCE-3176-4DBF-B932-D1B8F402F330}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
Intel(R) Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Internal Network Card Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Norton AntiVirus 2002 --> MsiExec.exe /I{3075C5C3-0807-4924-AF8F-FF27052C12AE}
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PhoTags Express --> C:\PROGRA~1\PHOTAG~1\Setup.exe /remove /q0
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4 SET_LIM_RADIO - ALL
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Scrabble --> C:\WINDOWS\uninst.exe -fc:\Scrabble\DeIsL1.isu -cc:\Scrabble\_ISREG32.DLL
SCRABBLE Journey --> C:\PROGRA~1\Hasbro\SCRABB~1\UNWISE.EXE /U C:\PROGRA~1\Hasbro\SCRABB~1\INSTALL.LOG
ShopAtHome SelectRebates --> C:\Program Files\SelectRebates\SelectRebatesUninstall.exe
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Weakest Link --> C:\PROGRA~1\ACTIVI~1\THEWEA~1\UNINST~1\UNINST~1.EXE C:\Program Files\Activision\The Weakest Link\uninstall\The Weakest Link.log
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! ¤u¨ã¦C --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE


-- Application Event Log -------------------------------------------------------

Event Record #/Type1781 / Error
Event Submitted/Written: 07/12/2008 09:03:06 PM
Event ID/Source: 4097 / Norton AntiVirus
Event Description:
The file
C:\WINDOWS\system32\phc7u9j0epc9.bmp
is infected with the Trojan.Blusod virus.Access to the file was denied.

Event Record #/Type1780 / Error
Event Submitted/Written: 07/12/2008 09:03:06 PM
Event ID/Source: 4097 / Norton AntiVirus
Event Description:
The file
C:\WINDOWS\system32\phc7u9j0epc9.bmp
is infected with the Trojan.Blusod virus.Unable to repair this file.

Event Record #/Type1779 / Error
Event Submitted/Written: 07/12/2008 08:48:41 PM
Event ID/Source: 4097 / Norton AntiVirus
Event Description:
The file
C:\DOCUME~1\Betty\LOCALS~1\Temp\rsyncini.exe
is infected with the Trojan Horse virus.Access to the file was denied.

Event Record #/Type1778 / Error
Event Submitted/Written: 07/12/2008 08:48:41 PM
Event ID/Source: 4097 / Norton AntiVirus
Event Description:
The file
C:\DOCUME~1\Betty\LOCALS~1\Temp\rsyncini.exe
is infected with the Trojan Horse virus.Unable to repair this file.

Event Record #/Type1777 / Error
Event Submitted/Written: 07/12/2008 08:48:38 PM
Event ID/Source: 4097 / Norton AntiVirus
Event Description:
The file
C:\WINDOWS\explorer.exe
was infected with the Trojan.Patchep!inf virus.The file was repaired.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type9400 / Error
Event Submitted/Written: 07/12/2008 09:49:08 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service navapsvc with arguments "-Service"
in order to run the server:
{142FB276-7C38-4BB4-B475-3F9233B3EFF8}

Event Record #/Type9399 / Error
Event Submitted/Written: 07/12/2008 09:48:14 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service navapsvc with arguments "-Service"
in order to run the server:
{142FB276-7C38-4BB4-B475-3F9233B3EFF8}

Event Record #/Type9398 / Error
Event Submitted/Written: 07/12/2008 09:48:07 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service navapsvc with arguments "-Service"
in order to run the server:
{142FB276-7C38-4BB4-B475-3F9233B3EFF8}

Event Record #/Type9397 / Error
Event Submitted/Written: 07/12/2008 09:47:45 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service navapsvc with arguments "-Service"
in order to run the server:
{142FB276-7C38-4BB4-B475-3F9233B3EFF8}

Event Record #/Type9396 / Error
Event Submitted/Written: 07/12/2008 09:47:38 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service navapsvc with arguments "-Service"
in order to run the server:
{142FB276-7C38-4BB4-B475-3F9233B3EFF8}



-- End of Deckard's System Scanner: finished at 2008-07-12 22:00:10 ------------

[snorvell]

Since I made this post my computer has now started to shutdown by itself and it also disabled my wireless connection.

[snorvell]

bump please

[Ried]

Hello snorvell,

Do you have access to another computer? Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

This will require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Download ComboFix.exe from any of the links below:

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System




Download the file & save it as it's originally named, next to ComboFix.exe.






--------------------------------------------------------------------

If you used another computer to download the above, transfer them to the desktop of the infected computer.

--------------------------------------------------------------------

• Drag the setup package onto ComboFix.exe and drop it.
  
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  
  
  
  
  
• At the next prompt, click 'NO'. We want to exit ComboFix for now.

--------------------------------------------------------------------

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

When the tool is finished, it will produce a report for you at C:\ComboFix.txt which I will need in your next reply.


--------------------------------------------------------------------

Run a new scan with HijackThis.exe (not dss.exe) and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
New HijackThis log

[snorvell]

Ok here are my log files. The first is from combofix.exe and the 2nd is from hijackthis.

ComboFix 08-07-15.4 - Betty 2008-07-16 10:19:48.3 - NTFSx86
Running from: C:\Documents and Settings\Betty\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Betty\Application Data\rhc3u9j0epc9
C:\Program Files\rhc3u9j0epc9
C:\Program Files\SelectRebates
C:\Program Files\SelectRebates\FFToolbar\chrome.manifest
C:\Program Files\SelectRebates\FFToolbar\chrome\content\options.js
C:\Program Files\SelectRebates\FFToolbar\chrome\content\options.xul
C:\Program Files\SelectRebates\FFToolbar\chrome\content\sahtoolbar.js
C:\Program Files\SelectRebates\FFToolbar\chrome\content\sahtoolbar.xul
C:\Program Files\SelectRebates\FFToolbar\chrome\locale\en-US\contents.rdf
C:\Program Files\SelectRebates\FFToolbar\chrome\locale\en-US\sahtoolbar.dtd
C:\Program Files\SelectRebates\FFToolbar\chrome\locale\en-US\sahtoolbar.dtd.skin
C:\Program Files\SelectRebates\FFToolbar\chrome\locale\en-US\sahtoolbar.properties
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\3rdParty.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\add-folderplus.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\add-plussign.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\alert-blue.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\alert-red.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\bluebar.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\dollarsign.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\FindWords.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\gripper.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\icon-magnifying.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\invite.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\invite2.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\my-blue.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\my-gray.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\my-green.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\my-red.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\Options.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\S.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\SAH-LogoHotSpots.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\SAH-logotext.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\SAH-mainlogo-v1.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\SAH-mainlogo-v2.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\sahtoolbar.css
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\Scissors.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\Search.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\shoppingcart.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\singleperson.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\star.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\thumb2.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\Thumbs.db
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\toolbar-images-ALL.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\Toolbar_HelpAndFeedback.png
C:\Program Files\SelectRebates\FFToolbar\chrome\skin\Wrench.png
C:\Program Files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
C:\Program Files\SelectRebates\FFToolbar\install.rdf
C:\Program Files\SelectRebates\SahImages\bg-gradient.gif
C:\Program Files\SelectRebates\SahImages\button-close.gif
C:\Program Files\SelectRebates\SahImages\button-finish.gif
C:\Program Files\SelectRebates\SahImages\icon-desktop.gif
C:\Program Files\SelectRebates\SahImages\sah-logopoplg.gif
C:\Program Files\SelectRebates\SelectAlerts.dat
C:\Program Files\SelectRebates\SelectRebates.dll
C:\Program Files\SelectRebates\SelectRebates.exe
C:\Program Files\SelectRebates\SelectRebates.ini
C:\Program Files\SelectRebates\SelectRebatesA.dat
C:\Program Files\SelectRebates\SelectRebatesApi.exe
C:\Program Files\SelectRebates\SelectRebatesB.dat
C:\Program Files\SelectRebates\SelectRebatesBT.dat
C:\Program Files\SelectRebates\SelectRebatesDownload.exe
C:\Program Files\SelectRebates\SelectRebatesUninstall.exe
C:\Program Files\SelectRebates\Toolbar\Add.bmp
C:\Program Files\SelectRebates\Toolbar\AdvancedOptions.html
C:\Program Files\SelectRebates\Toolbar\basis.xml
C:\Program Files\SelectRebates\Toolbar\Basis.xml.dym
C:\Program Files\SelectRebates\Toolbar\Blank.bmp
C:\Program Files\SelectRebates\Toolbar\button-CloseWindow.gif
C:\Program Files\SelectRebates\Toolbar\i_clipboard.bmp
C:\Program Files\SelectRebates\Toolbar\i_help.bmp
C:\Program Files\SelectRebates\Toolbar\i_magnifying.bmp
C:\Program Files\SelectRebates\Toolbar\icons.bmp
C:\Program Files\SelectRebates\Toolbar\Invite.bmp
C:\Program Files\SelectRebates\Toolbar\logo.bmp
C:\Program Files\SelectRebates\Toolbar\logo_24.bmp
C:\Program Files\SelectRebates\Toolbar\logo_HotSpots.bmp
C:\Program Files\SelectRebates\Toolbar\MyNew.bmp
C:\Program Files\SelectRebates\Toolbar\MyNone.bmp
C:\Program Files\SelectRebates\Toolbar\MyPage.bmp
C:\Program Files\SelectRebates\Toolbar\Rate.bmp
C:\Program Files\SelectRebates\Toolbar\RightControls.dym
C:\Program Files\SelectRebates\Toolbar\sah_logo_bars.gif
C:\Program Files\SelectRebates\Toolbar\Scissors.bmp
C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
C:\Program Files\SelectRebates\Toolbar\Tools.bmp
C:\Program Files\SelectRebates\Toolbar\Tools2.bmp
C:\WINDOWS\system32\blphc7u9j0epc9.scr
C:\WINDOWS\system32\lphc7u9j0epc9.exe
C:\WINDOWS\system32\pphc7u9j0epc9.exe
C:\WINDOWS\system32\sysrest32.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSREST.SYS
-------\Service_sysrest.sys


((((((((((((((((((((((((( Files Created from 2008-06-16 to 2008-07-16 )))))))))))))))))))))))))))))))
.

2008-07-15 16:50 . 2008-07-15 16:51 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-14 11:57 . 2008-07-14 12:06 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\HP
2008-07-14 11:56 . 2008-07-14 11:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-07-14 11:54 . 2008-07-14 11:54 <DIR> d-------- C:\Program Files\Common Files\HP
2008-07-14 11:52 . 2008-07-14 11:52 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-07-14 11:51 . 2006-06-03 21:29 48,640 --a------ C:\WINDOWS\system32\hpzll4pi.dll
2008-07-14 11:50 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-07-14 11:50 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-07-14 11:50 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-07-14 11:50 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-07-14 11:50 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-07-14 11:50 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-07-14 11:49 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-14 11:49 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-07-14 11:48 . 2008-07-14 11:56 <DIR> d-------- C:\Program Files\HP
2008-07-14 11:46 . 2008-07-14 11:57 123,996 --a------ C:\WINDOWS\HPHins12.dat
2008-07-14 11:46 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-14 11:46 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-07-14 11:46 . 2006-06-12 18:21 14,916 --------- C:\WINDOWS\hphmdl12.dat
2008-07-13 16:42 . 2008-07-13 16:42 <DIR> d-------- C:\Program Files\Onlinebandit
2008-07-13 10:34 . 2008-07-13 10:34 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\CyberLink
2008-07-12 22:40 . 2001-08-15 15:20 120,379 --a------ C:\WINDOWS\system32\SYMEVNT.386
2008-07-12 22:40 . 2001-08-15 15:20 57,696 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-07-12 22:40 . 2001-08-15 15:20 36,864 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-07-12 22:40 . 2001-08-15 15:20 4,032 --a------ C:\WINDOWS\system32\SYMEVNT1.DLL
2008-07-12 22:39 . 2008-07-12 22:43 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-07-12 22:34 . 2008-07-12 22:34 244 --ah----- C:\sqmnoopt02.sqm
2008-07-12 22:34 . 2008-07-12 22:34 232 --ah----- C:\sqmdata02.sqm
2008-07-12 22:12 . 2008-07-12 22:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-12 21:56 . 2008-07-12 21:56 <DIR> d-------- C:\Deckard
2008-07-12 20:37 . 2008-07-12 20:37 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-11 13:50 . 2008-07-11 13:52 <DIR> d-------- C:\Program Files\PhoTags Express
2008-07-10 22:19 . 2008-07-10 22:19 244 --ah----- C:\sqmnoopt01.sqm
2008-07-10 22:19 . 2008-07-10 22:19 232 --ah----- C:\sqmdata01.sqm
2008-07-07 13:53 . 2008-07-07 13:53 <DIR> d-------- C:\Program Files\windstream_act
2008-07-05 08:25 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-02 20:59 . 2006-06-23 19:44 6,345 -ra------ C:\WINDOWS\system32\DevMngr.vxd
2008-07-02 20:58 . 2008-07-07 20:05 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-07-02 20:58 . 2008-07-07 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-07-02 20:58 . 2004-08-11 02:50 589,824 --a------ C:\WINDOWS\system32\MCCDNSHLP_1-0-0_DSR.dll
2008-06-29 13:00 . 2008-06-29 13:00 <DIR> d-------- C:\Program Files\FreshGames
2008-06-19 19:55 . 2004-08-04 00:56 116,224 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-06-19 19:55 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\system32\dllcache\xlog.exe
2008-06-19 19:55 . 2004-08-04 07:00 28,288 --a------ C:\WINDOWS\system32\dllcache\xjis.nls
2008-06-19 19:55 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-06-19 19:55 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-06-19 19:55 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-06-19 19:55 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-06-19 19:53 . 2001-08-17 13:28 701,386 --a------ C:\WINDOWS\system32\dllcache\wdhaalba.sys
2008-06-19 19:52 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-06-19 19:51 . 2001-08-17 22:36 211,968 --a------ C:\WINDOWS\system32\dllcache\um54scan.dll
2008-06-19 19:50 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll
2008-06-19 19:49 . 2004-08-04 07:00 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-06-19 19:48 . 2001-08-17 12:18 285,760 --a------ C:\WINDOWS\system32\dllcache\stlnata.sys
2008-06-19 19:47 . 2004-08-04 07:00 456,704 --a------ C:\WINDOWS\system32\dllcache\smtpsvc.dll
2008-06-19 19:46 . 2004-08-03 22:41 404,990 --a------ C:\WINDOWS\system32\dllcache\slntamr.sys
2008-06-19 19:45 . 2001-08-17 14:56 252,032 --a------ C:\WINDOWS\system32\dllcache\sis300iv.dll
2008-06-19 19:44 . 2001-08-17 22:36 386,560 --a------ C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-06-19 19:43 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2008-06-19 19:42 . 2004-08-04 00:56 397,056 --a------ C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-06-19 19:41 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-06-19 19:40 . 2004-08-04 00:56 363,520 --a------ C:\WINDOWS\system32\dllcache\psisdecd.dll
2008-06-19 19:38 . 2004-08-04 07:00 482,304 --a------ C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-06-19 19:38 . 2004-08-04 07:00 175,104 --a------ C:\WINDOWS\system32\dllcache\pintlcsa.dll
2008-06-19 19:38 . 2004-08-04 07:00 70,144 --a------ C:\WINDOWS\system32\dllcache\pintlphr.exe
2008-06-19 19:38 . 2004-08-04 07:00 53,760 --a------ C:\WINDOWS\system32\dllcache\pintlcsd.dll
2008-06-19 19:36 . 2001-08-17 12:50 198,144 --a------ C:\WINDOWS\system32\dllcache\nv3.sys
2008-06-19 19:35 . 2004-08-03 22:31 132,695 --a------ C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-06-19 19:34 . 2004-08-04 00:56 1,737,856 --a------ C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-06-19 19:33 . 2004-08-04 07:00 1,875,968 --a------ C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-06-19 19:32 . 2001-08-17 13:28 802,683 --a------ C:\WINDOWS\system32\dllcache\ltsm.sys
2008-06-19 19:31 . 2004-08-04 07:00 1,158,818 --a------ C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-06-19 19:30 . 2004-08-04 00:56 152,576 --a------ C:\WINDOWS\system32\dllcache\irftp.exe
2008-06-19 19:29 . 2004-08-04 07:00 811,064 --a------ C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-06-19 19:28 . 2004-08-04 07:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-19 19:27 . 2001-08-17 13:28 542,879 --a------ C:\WINDOWS\system32\dllcache\hsf_msft.sys
2008-06-19 19:26 . 2001-08-17 13:28 907,456 --a------ C:\WINDOWS\system32\dllcache\hcf_msft.sys
2008-06-19 19:25 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll
2008-06-19 19:24 . 2001-08-17 12:17 629,952 --a------ C:\WINDOWS\system32\dllcache\eqn.sys
2008-06-19 19:23 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-06-19 19:22 . 2001-08-17 12:14 952,007 --a------ C:\WINDOWS\system32\dllcache\diwan.sys
2008-06-19 19:21 . 2004-08-04 00:56 249,856 --a------ C:\WINDOWS\system32\dllcache\ctmasetp.dll
2008-06-19 19:20 . 2004-08-04 07:00 1,677,824 --a------ C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-06-19 19:19 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-06-19 19:18 . 2004-08-04 00:56 1,888,992 --a------ C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-06-19 19:17 . 2004-05-13 00:39 876,653 --a------ C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-06-19 14:02 . 2008-06-19 14:02 <DIR> d-------- C:\Program Files\Activision
2008-06-19 13:09 . 2008-06-19 13:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Auslogics
2008-06-19 12:40 . 2008-06-19 12:40 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\Auslogics
2008-06-19 12:39 . 2008-06-19 12:39 <DIR> d-------- C:\Program Files\Auslogics
2008-06-17 19:16 . 2008-06-17 19:16 <DIR> d-------- C:\Documents and Settings\Betty\Application Data\AdobeUM
2008-06-17 17:26 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\system32\drivers\OVCodek2.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 01:16 --------- d-----w C:\Program Files\Google
2008-07-13 03:07 --------- d--ha-w C:\Documents and Settings\All Users\Application Data\GTek
2008-07-13 03:07 --------- d--h--w C:\Documents and Settings\Betty\Application Data\Gtek
2008-07-13 02:40 --------- d-----w C:\Program Files\Symantec
2008-07-13 02:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-13 02:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-13 02:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-12 23:50 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-03 00:55 155,995 ----a-w C:\WINDOWS\java\Packages\ZD3X3BP3.ZIP
2008-06-25 12:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-18 19:16 --------- d-----w C:\Program Files\Common Files\Corel
2008-06-18 19:13 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-13 17:55 --------- d-----w C:\Documents and Settings\Betty\Application Data\Corel Photo Album
2008-06-10 18:22 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-10 16:42 --------- d-----w C:\Documents and Settings\Betty\Application Data\Symantec
2008-06-08 16:57 --------- d--h--r C:\Documents and Settings\Betty\Application Data\SecuROM
2008-06-08 16:56 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-08 16:54 --------- d-----w C:\Program Files\Hasbro
2008-06-07 02:19 --------- d-----w C:\Program Files\Oberon Media
2008-06-07 02:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-06 18:37 --------- d-----w C:\Documents and Settings\Betty\Application Data\Yahoo!
2008-06-06 18:29 --------- d-----w C:\Documents and Settings\Betty\Application Data\MSNInstaller
2008-06-06 18:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-06 18:17 --------- d-----w C:\Program Files\Yahoo!
2008-06-06 18:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-06 18:06 --------- d-----w C:\Program Files\CCleaner
2008-06-06 17:59 --------- d-----w C:\Program Files\Windows Live
2008-06-06 17:53 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-06 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-06 17:32 --------- d-----w C:\Program Files\LimeWire
2008-06-06 17:31 --------- d-----w C:\Program Files\My Kazaa Gold
2008-06-06 17:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy(2)
2008-06-06 17:30 --------- d-----w C:\Program Files\NetWaiting
2008-06-06 17:30 --------- d-----w C:\Program Files\MSN Messenger
2008-06-06 17:30 --------- d-----w C:\Program Files\Cute Knight
2008-06-06 17:30 --------- d-----w C:\Program Files\AskSBar
2008-06-06 17:30 --------- d-----w C:\Program Files\Adobe Media Player
2008-06-06 17:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-06 17:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-06-06 15:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCap
2008-06-05 03:10 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-05-19 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
.

------- Sigcheck -------

2004-08-04 07:00 16896 4e06f50f95357b8cfbc81f5699e754b7 C:\WINDOWS\system32\svchost.exe

2004-08-04 07:00 505856 e853481fef64a5be3fc3732d9d3d926a C:\WINDOWS\system32\winlogon.exe

2007-06-13 06:23 1035264 90bdefa8740e66dee42c12eb1c30c789 C:\WINDOWS\explorer.exe

2004-08-04 07:00 110080 5812a3513734517f8c2c5eab6b269864 C:\WINDOWS\system32\services.exe

2004-08-04 07:00 14336 c3e6b717e7b284e1fa89ba9f7a1be1ed C:\WINDOWS\system32\lsass.exe

2005-06-10 19:53 58368 44fce06d98349f92a39a9a242b88650f C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [X]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 12:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 12:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 12:10 114688]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 03:05 127035]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe" [BU]
"NAV Agent"="C:\PROGRA~1\NORTON~1\navapw32.exe" [2001-08-16 17:52 74832]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 01:19 393216 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photags AutoDetect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photags AutoDetect.lnk
backup=C:\WINDOWS\pss\Photags AutoDetect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
--a------ 2006-01-11 02:26 61440 c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2005-09-01 19:24 684032 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
-----c--- 2005-02-23 18:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 12:44 249856 c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 12:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--------- 2003-09-10 04:24 20480 C:\Program Files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-01-11 02:51 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-01-11 02:50 26112 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2003-11-19 19:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a--c--- 2005-06-24 08:36 729178 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"NICCONFIGSVC"=2 (0x2)
"navapsvc"=2 (0x2)
"ISSVC"=3 (0x3)
"gusvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
Contents of the 'Scheduled Tasks' folder
"2008-07-16 14:17:13 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
- - - - ORPHANS REMOVED - - - -

SSODL-rNAmlTFx-{D0CC91D3-7A66-3B79-7D95-4516B1FC4BBB} - (no file)
MSConfigStartUp-ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-Corel Photo Downloader - C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
MSConfigStartUp-Google Desktop Search - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-IS CfgWiz - C:\Program Files\Norton Internet Security\cfgwiz.exe
MSConfigStartUp-lphc7u9j0epc9 - C:\WINDOWS\system32\lphc7u9j0epc9.exe
MSConfigStartUp-MimBoot - C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
MSConfigStartUp-MMTray - C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
MSConfigStartUp-SelectRebates - C:\Program Files\SelectRebates\SelectRebates.exe
MSConfigStartUp-SMrhc3u9j0epc9 - C:\Program Files\rhc3u9j0epc9\rhc3u9j0epc9.exe
MSConfigStartUp-SSC_UserPrompt - C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
MSConfigStartUp-sysrest32 - C:\WINDOWS\system32\sysrest32.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 10:23:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-16 10:25:13
ComboFix-quarantined-files.txt 2008-07-16 14:24:53

Pre-Run: 29,886,210,048 bytes free
Post-Run: 29,875,388,416 bytes free

367 --- E O F --- 2008-06-11 14:03:28



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:38 AM, on 7/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\CF10647.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HP Software U