[garcia.silva]

My computer began to allow pop-up after pop up, became extremly slow, and avast! alrms began going off 2 days ago warning of trojan horses and malware on my computer. It asked me to delete or move to chest. I went and also deleted the ones in the chest, but after restarting and scanning again, the problems still returned. When I ran the scan 7 names of viruses showed up:
Name: 17pHolmes572.exe
Location: C:/WINNT
Virus: Win32:Agent:NMX[TRJ]

Name:bafmyaak.exe
Location:C:/WINNT/system32
Virus:Win32:Tiny-JC[TRJ]

Name:dswtmhmj.exe
Loc:C:/Documen~1\ADMINI~1\LOCALS~1\TEMP
Virus: Win32:Adware-gen[Adw]

Name: qrjatydi.exe
Loc:C:/Documen~1\ADMINI~1\LOCALS~1\TEMP
Virus: Win32:Adware-gen[Adw]

Name:vntmrykt.exe
Loc:C:/Documen~1\ADMINI~1\LOCALS~1\TEMP
Virus: Win32:Adware-gen[Adw]

Name:xiotqjqw.dll
Location:C:/WINNT/system32
Virus: Win32:Sec-Bar-B[Adw]

Name:xqedqkpr.exe
Loc:C:/Documen~1\ADMINI~1\LOCALS~1\TEMP
Virus: Win32:Adware-gen[Adw]

Here is everything that was requested. My desktop has not been functioning properly and the only way I could even do as much as I have is working in safe mode with networking. This problem is also preventing me from updating my OS. Any help would greatly be appreciated.

Deckard's System Scanner v20071014.68
Run by Administrator on 2007-12-04 18:35:22
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 191 MiB (256 MiB recommended).
System Drive C: has 0.55 GiB (less than 15%) free.


-- HijackThis (run as Administrator.exe) ---------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-04 18:39:34
Platform: Windows 2000 Service Pack 4 (5.00.2195)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Safe mode with network support

Running processes:
C:\WINNT\system32\SMSS.EXE
C:\WINNT\system32\WINLOGON.EXE
C:\WINNT\system32\SERVICES.EXE
C:\WINNT\system32\LSASS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\wbem\WinMgmt.exe
C:\WINNT\explorer.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: {0a040c38-b6b0-e379-7ed4-b949bd487652} - {256784db-949b-4de7-973e-0b6b83c040a0} - C:\WINNT\system32\ofssplcs.dll
O2 - BHO: (no name) - {2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B} - C:\WINNT\system32\mljifgf.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {753B5D60-79EC-400A-826E-F254FF937695} - C:\Program Files\Accessories\hosebujuvC:\WINNT\system32\hv2\swdrv83122.exe.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {87DEB5FE-7CC9-46D3-B128-67A1BAD2A886} - C:\WINNT\system32\hgdab.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINNT\system32\rmtcrzis.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINNT\system32\rmtcrzis.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,[email protected]
O4 - HKLM\..\Run: [ccfbda96] rundll32.exe "C:\WINNT\system32\fmqyvwdk.dll",b
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm265YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\SCRABBLE\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {2E8CEF20-8E14-4B1B-CF62-95847DA10978} () - http://performanceoptimizer.com/files/PerformanceOptimizerPre_Installer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1191997010367
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\SCRABBLE\Images\armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O20 - Winlogon Notify: mljifgf - C:\WINNT\system32\mljifgf.dll
O20 - Winlogon Notify: rmtcrzis - C:\WINNT\system32\rmtcrzis.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\system32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: lxcy_device - Unknown owner - C:\WINNT\system32\lxcycoms.exe
O23 - Service: SBHookSvc - Motive Communications, Inc. - C:\Program Files\SBC Self Support Tool\SmartBridge\SBHookSvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\winvnc4.exe
O24 - Desktop Component 0: - http://a959.ac-images.myspacecdn.com/images01/104/m_082a9cbc0787e56f512d096e02f9a44e.jpgO24 - Desktop Component 1: - http://a943.ac-images.myspacecdn.com/images01/20/m_ecde8a32523c8b7b2d6ea0b157c6d41e.jpgO24 - Desktop Component 10: - http://b0.ac-images.myspacecdn.com/01188/07/82/1188622870_m.jpgO24 - Desktop Component 11: - http://s28.photobucket.com/albums/c210/Rosa623/th_100_0171.jpgO24 - Desktop Component 12: - http://s28.photobucket.com/albums/c210/Rosa623/th_100_0224.jpgO24 - Desktop Component 13: - http://b9.ac-images.myspacecdn.com/01430/90/27/1430757209_m.jpgO24 - Desktop Component 14: - http://b8.ac-images.myspacecdn.com/01510/83/02/1510002038_m.jpgO24 - Desktop Component 15: - http://a955.ac-images.myspacecdn.com/images01/96/m_e9da54b9262e509afbcc03b29930e3aa.jpgO24 - Desktop Component 2: - http://a471.ac-images.myspacecdn.com/images01/111/a_37f920bdd840554135cc2065576a23b6.jpgO24 - Desktop Component 3: - http://a1000.ac-images.myspacecdn.com/images01/43/m_e92786f45594b1d88bc4be7a33b5a55f.jpgO24 - Desktop Component 4: - http://b4.ac-images.myspacecdn.com/01407/45/79/1407749754_m.jpgO24 - Desktop Component 5: - http://b4.ac-images.myspacecdn.com/01188/43/59/1188419534_m.jpgO24 - Desktop Component 6: - http://b1.ac-images.myspacecdn.com/01510/19/69/1510029691_m.jpgO24 - Desktop Component 7: - http://a603.ac-images.myspacecdn.com/images01/63/m_900e9d4fcacdc02b8cd29aa441692b62.jpgO24 - Desktop Component 8: - http://a343.ac-images.myspacecdn.com/images01/113/m_73470f0b3b444cda2b3b1c206d75af16.jpgO24 - Desktop Component 9: - http://b1.ac-images.myspacecdn.com/01430/10/96/1430766901_m.jpg

--
End of file - 11606 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 TnIDriver - c:\docume~1\admini~1\locals~1\temp\tni10a.tmp (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 KodakCCS (Kodak Camera Connection Software) - c:\winnt\system32\drivers\kodakccs.exe (file missing)
S3 SBHookSvc - c:\progra~1\sbcsel~1\smartb~1\sbhooksvc.exe <Not Verified; Motive Communications, Inc.; Motive System>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-11-04 and 2007-12-04 -----------------------------

2007-12-04 17:52:42 0 d-------- C:\ie-spyad_zo
2007-12-04 17:19:36 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_788.dat
2007-12-04 17:17:51 0 d-------- C:\WINNT\CD95F661A5C444F5A6AAECDD91C240B5.TMP
2007-12-04 16:48:17 118784 --a------ C:\WINNT\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2007-12-04 16:48:16 0 d-------- C:\Program Files\SpywareBlaster
2007-12-04 15:24:57 0 d-------- C:\WINNT\system32\ActiveScan
2007-12-04 15:16:08 0 d-------- C:\Program Files\Trend Micro
2007-12-04 11:38:41 79424 --a------ C:\WINNT\system32\ofssplcs.dll
2007-12-04 11:38:23 85568 --a------ C:\WINNT\system32\fmqyvwdk.dll
2007-12-03 21:07:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
2007-12-03 21:04:20 0 d-------- C:\Program Files\Atari
2007-12-03 21:04:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-03 11:50:06 77376 --a------ C:\WINNT\system32\fejvgfuj.dll
2007-12-03 11:29:41 71232 --a------ C:\WINNT\system32\eqvexjut.exe <Not Verified; ; DDC>
2007-12-02 15:31:32 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_33c.dat
2007-12-02 14:41:34 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_224.dat
2007-12-02 14:37:09 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_36c.dat
2007-12-02 14:27:11 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_364.dat
2007-12-02 11:46:43 76864 --a------ C:\WINNT\system32\ummqlxxa.dll
2007-12-02 11:31:41 71232 --a------ C:\WINNT\system32\lthbjdnk.exe <Not Verified; ; DDC>
2007-12-02 11:28:31 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_35c.dat
2007-12-02 01:04:49 0 d-------- C:\Program Files\MSXML 4.0
2007-12-01 16:08:01 85056 --a------ C:\WINNT\system32\lccbprqh.dll
2007-12-01 16:03:29 78400 --a------ C:\WINNT\system32\vjtjecih.dll
2007-12-01 16:03:23 71232 --a------ C:\WINNT\system32\jghsxhob.exe <Not Verified; ; DDC>
2007-11-30 14:58:31 439707 --ahs---- C:\WINNT\system32\badgh.ini2
2007-11-30 14:57:27 324192 --a------ C:\WINNT\system32\hgdab.dll
2007-11-30 14:52:35 0 d-------- C:\WINNT\system32\mm6
2007-11-30 14:52:34 0 d-------- C:\WINNT\system32\hv2
2007-11-30 14:52:33 0 d-------- C:\WINNT\system32\ft21
2007-11-30 14:51:34 38912 --a------ C:\WINNT\system32\vtutqpq.dll
2007-11-30 14:51:30 38912 --a------ C:\WINNT\system32\mljifgf.dll
2007-11-30 14:49:46 0 d-------- C:\WINNT\system32\dr1
2007-11-30 14:49:06 0 d-------- C:\WINNT\system32\daSgo01
2007-11-30 14:49:05 0 d-------- C:\Temp
2007-11-30 12:28:11 0 d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2007-11-29 17:48:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\FaxCtr
2007-11-29 17:25:34 0 d-------- C:\WINNT\system32\The Christmas Tree Free Version dir
2007-11-28 22:18:22 0 d-------- C:\Program Files\Lexmark Toolbar
2007-11-28 22:13:05 0 d-------- C:\Program Files\lx_cats
2007-11-28 22:09:04 45056 --a------ C:\WINNT\system32\LXPRMON.DLL <Not Verified; ; Lexmark Fax Solutions Software>
2007-11-28 22:09:04 32768 --a------ C:\WINNT\system32\LXPMONUI.DLL <Not Verified; ; Lexmark Fax Solutions Software>
2007-11-28 22:08:44 12288 --a------ C:\WINNT\system32\LXPMONRC.DLL <Not Verified; Lexmark International, Inc.; Lexmark Fax Solutions Software Print Monitor>
2007-11-28 22:08:44 98345 --a------ C:\WINNT\system32\IMHOST32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2007-11-28 22:08:43 339968 --a------ C:\WINNT\system32\IMGMAN32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2007-11-28 22:08:32 0 d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2007-11-28 22:06:19 0 d-------- C:\Program Files\Lexmark Fax Solutions
2007-11-28 22:05:38 0 d-------- C:\Program Files\Lexmark 3400 Series
2007-11-28 22:04:03 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-11-28 22:02:58 274432 --a------ C:\WINNT\system32\lxcyinst.dll
2007-11-28 22:02:57 323584 --a------ C:\WINNT\system32\lxcyhcp.dll <Not Verified; ; Printer Communication System>
2007-11-28 16:23:28 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_210.dat
2007-11-28 10:26:58 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_5d4.dat
2007-11-27 15:08:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Move Networks
2007-11-27 10:45:25 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_58c.dat
2007-11-27 00:48:07 0 d-------- C:\Program Files\Imikimi
2007-11-26 18:54:45 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2f4.dat
2007-11-26 18:52:48 0 d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2007-11-25 19:36:12 0 d-------- C:\Program Files\MSN Games
2007-11-25 07:35:13 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_5e0.dat
2007-11-22 03:43:59 0 d-------- C:\Program Files\Incomplete <INCOMP~1>
2007-11-21 14:48:31 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_7b0.dat
2007-11-21 14:26:06 28672 --a------ C:\WINNT\system32\f3PSSavr.scr <Not Verified; FunWebProducts.com; Popular Screensavers>
2007-11-21 14:25:50 0 d-------- C:\Program Files\MyWebSearch
2007-11-21 14:24:12 0 d-------- C:\Program Files\FunWebProducts
2007-11-21 12:25:15 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_574.dat
2007-11-21 09:27:26 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_5ec.dat
2007-11-21 00:29:24 0 d-------- C:\Documents and Settings\Administrator\Shared
2007-11-21 00:29:21 0 d-------- C:\Documents and Settings\Administrator\Incomplete <INCOMP~1>
2007-11-21 00:28:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2007-11-21 00:25:24 0 d-------- C:\Program Files\LimeWire
2007-11-20 17:54:02 0 --a------ C:\WINNT\nsreg.dat
2007-11-20 17:48:14 0 d-------- C:\My Music
2007-11-20 17:43:25 3424 --a------ C:\WINNT\mozver.dat
2007-11-20 17:43:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-11-20 17:43:09 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-20 17:40:45 0 d-------- C:\Program Files\Common Files\Real
2007-11-20 17:40:37 0 d-------- C:\Program Files\Real
2007-11-20 17:40:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-11-20 11:42:32 0 d-------- C:\WINNT\Downloaded Installations
2007-11-20 11:40:34 64512 --a------ C:\WINNT\system32\PTPITCP.dll <Not Verified; FotoNation Inc.; PTPIP Transport, Initiator>
2007-11-20 11:40:34 229376 --a------ C:\WINNT\system32\KPDPMUI.dll <Not Verified; Eastman Kodak Company; Kodak EasyShare printer>
2007-11-20 11:40:34 307200 --a------ C:\WINNT\system32\KPDPM.dll <Not Verified; Eastman Kodak Company; Kodak EasyShare printer>
2007-11-20 11:34:07 0 d-------- C:\WINNT\system32\BWKDLogs
2007-11-20 11:17:26 0 d-------- C:\Program Files\Common Files\Kodak
2007-11-20 11:15:19 0 d-------- C:\KPCMS
2007-11-20 11:14:58 0 d-------- C:\WINNT\system32\color
2007-11-20 11:06:10 0 d-------- C:\Program Files\Common Files\MSSoap
2007-11-20 10:50:36 0 d-------- C:\Program Files\Kodak
2007-11-20 10:49:01 0 d-------- C:\WINNT\Sun
2007-11-20 00:29:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\SpinTop
2007-11-18 16:20:33 0 d-------- C:\Program Files\Common Files\InstallShield
2007-11-18 16:20:15 0 d-a------ C:\Documents and Settings\All Users\Application Data\Napster
2007-11-18 10:19:55 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_208.dat
2007-11-18 05:22:13 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_1f8.dat
2007-11-17 22:12:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\MySpace
2007-11-17 22:11:51 0 d-------- C:\Program Files\MySpace
2007-11-17 22:07:05 57344 --a------ C:\WINNT\uneng.exe <Not Verified; Roxio; Roxio Update Wizard>
2007-11-17 22:07:01 0 d-------- C:\Program Files\Common Files\Adaptec Shared
2007-11-17 22:06:13 208896 --a------ C:\WINNT\system32\wmpns.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows Media Player>
2007-11-17 22:05:26 106496 --a------ C:\WINNT\system32\wmpasf.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows Media Player>
2007-11-17 22:05:25 225280 --a------ C:\WINNT\system32\wmpdxm.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows Media Player>
2007-11-17 22:04:26 52224 --a------ C:\WINNT\system32\mspmsnsv.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager>
2007-11-17 14:03:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Motive
2007-11-17 12:40:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-17 11:49:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2007-11-17 11:48:37 43387 --a------ C:\WINNT\browser.exe <Not Verified; ; Compiled AutoIt Script>
2007-11-17 11:48:02 16848 -----n--- C:\WINNT\system32\Pcandis4.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-11-17 11:48:01 81920 -----n--- C:\WINNT\system32\W32n50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-11-17 11:48:01 17162 -----n--- C:\WINNT\system32\Pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-11-17 11:47:58 0 d-a------ C:\Documents and Settings\All Users\Application Data\Motive
2007-11-17 11:47:40 0 d-------- C:\WINNT\Motive
2007-11-17 11:47:34 0 d-a------ C:\Program Files\Common Files\Motive
2007-11-17 11:46:42 0 d-a------ C:\Program Files\SBC Self Support Tool
2007-11-17 11:38:55 0 d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
2007-11-17 11:38:18 65536 --a------ C:\WINNT\system32\YCRWin32.dll <Not Verified; ; YCRWin32 Module>
2007-11-17 11:15:00 0 d-------- C:\Program Files\Yahoo!
2007-11-17 11:02:30 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_204.dat
2007-11-16 13:49:44 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_440.dat
2007-11-16 13:49:21 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_200.dat
2007-11-15 16:36:28 306688 --a------ C:\WINNT\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-11-15 16:36:28 0 d-------- C:\Program Files\BroadJump
2007-11-15 16:30:40 266240 -----n--- C:\WINNT\SBCDSL.exe <Not Verified; TODO: <Company name>; TODO: <Product name>>
2007-11-12 20:22:36 1092 --a------ C:\WINNT\system32\d3d8caps.dat
2007-11-12 19:12:44 0 d-------- C:\Program Files\SpongeBob SquarePants Krabby Quest
2007-11-12 19:00:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help
2007-11-12 16:43:04 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_1ec.dat


-- Find3M Report ---------------------------------------------------------------

2007-12-04 17:14:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2007-12-03 10:28:48 1204 --a------ C:\WINNT\system32\d3d9caps.dat
2007-11-28 16:10:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2007-11-28 16:08:04 0 d-------- C:\Program Files\Google
2007-11-20 17:43:09 0 d-a------ C:\Program Files\Common Files
2007-11-01 23:28:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mind Control Software
2007-10-11 11:05:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\PlayFirst
2007-10-11 11:05:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-10-10 21:25:16 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_20c.dat
2007-10-10 21:20:14 0 d-------- C:\Program Files\Java
2007-10-10 21:15:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Publish Providers
2007-10-10 21:15:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\NetMedia Providers
2007-10-10 21:15:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic Foundry
2007-10-10 21:10:22 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-10 21:06:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sony
2007-10-10 21:00:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-10-10 20:59:24 0 d-------- C:\Program Files\RealVNC
2007-10-10 20:34:05 0 d-------- C:\Program Files\OpenOffice.org 2.3
2007-10-10 20:30:20 0 d-------- C:\Program Files\Common Files\Java
2007-10-10 20:30:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-10-10 06:23:00 0 d-ah----- C:\Program Files\WindowsUpdate
2007-10-10 00:30:14 0 d-------- C:\Program Files\Windows NT
2007-10-10 00:09:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-10-10 00:02:54 0 d-------- C:\Program Files\microsoft frontpage
2007-10-09 23:59:21 0 -rahs---- C:\MSDOS.SYS
2007-10-09 23:59:21 0 -rahs---- C:\IO.SYS
2007-10-09 23:59:21 0 ---h----- C:\CONFIG.SYS
2007-10-09 23:59:21 0 ---h----- C:\AUTOEXEC.BAT
2007-10-09 23:56:11 15012 --a------ C:\WINNT\system32\emptyregdb.dat
2007-10-09 19:15:33 0 d-------- C:\Program Files\Accessories
2007-10-09 19:05:42 0 d-a------ C:\Program Files\Common Files\ODBC


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{256784db-949b-4de7-973e-0b6b83c040a0}]
12/04/07 11:38a 79424 --a------ C:\WINNT\system32\ofssplcs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}]
11/30/07 02:51p 38912 --a------ C:\WINNT\system32\mljifgf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{753B5D60-79EC-400A-826E-F254FF937695}]
C:\Program Files\Accessories\hosebujuvC:\WINNT\system32\hv2\swdrv83122.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87DEB5FE-7CC9-46D3-B128-67A1BAD2A886}]
11/30/07 02:57p 324192 --a------ C:\WINNT\system32\hgdab.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
C:\WINNT\system32\rmtcrzis.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINNT\system32\rmtcrzis.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 01:05p C:\WINNT\system32\mobsync.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/07 12:11a]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/07 02:06a]
"avast!"="d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/07 04:06a]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/02 09:26p]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/06 04:19p]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [08/24/05 07:51a]
"NapsterShell"="C:\Program Files\Napster\napster.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/20/07 05:40p]
"My Web Search Bar"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL" [11/21/07 02:25p]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [11/21/07 02:25p]
"lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [06/25/07 08:34a]
"EzPrint"="C:\Program Files\Lexmark 3400 Series\ezprint.exe" [06/25/07 08:34a]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [06/25/07 08:35a]
"LXCYCATS"="C:\WINNT\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [11/21/06 11:27a]
"ccfbda96"="C:\WINNT\system32\fmqyvwdk.dll" [12/04/07 11:38a]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/07 05:43p]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [08/13/07 06:04p]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [11/21/07 02:25p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [9/17/2007 8:19:14 AM]
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [8/17/2007 9:57:56 PM]
PowerReg Scheduler V3.exe [12/3/2007 9:08:41 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [11/17/2007 11:46:47 AM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [6/14/2006 11:11:40 PM]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2/13/2004 2:12:08 PM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [12/4/2007 5:35:35 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}"= C:\WINNT\system32\mljifgf.dll [11/30/07 02:51p 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljifgf]
mljifgf.dll 11/30/07 02:51p 38912 C:\WINNT\system32\mljifgf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rmtcrzis]
rmtcrzis.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINNT\system32\hgdab.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"




-- End of Deckard's System Scanner: finished at 2007-12-04 18:43:19 ------------

Also here is the Activescan information.
Incident Status Location

Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][4].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Administrator\Cookies\ad[email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Findwhat

 

[garcia.silva]

I wanted to add that i was unable to attatch the extra.txt becuase I am in safe mode, but here is the info it contained.
-- System Information ----------------------------------------------------------

Microsoft Windows 2000 Professional (build 2195) SP 4.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 190.23 MiB / 99.92 MiB
Pagefile Memory (total/avail): 2168.79 MiB / 2078.29 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1949.77 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 6 GiB total, 0.55 GiB free.
D: is Fixed (NTFS) - 6 GiB total, 3.47 GiB free.
E: is CDROM (CDFS)
F: is Removable (No Media)

\\.\PHYSICALDRIVE0 - - 6.01 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 6 GiB - C: