Hey guys. My computer recently started acting really weird. The internet is running slow and I keep getting popups. I also seem to have a keylogger. Also, I randomly get the BSOD and restart while i am using the internet. I am running the latest version of firefox but the popups are in ie windows. This started about a week ago and I have since gotten Kaspersky internet protection, adaware, and spybot and run full system scans. I have also turned off my system restore. The scans detected and fixed thousands of files. The problems have gotten better since but the slow speed, popups, and the kelogging persist. I would appreciate it if you guys would read and analyze my hijackthis logfile.


Pleas help!

Thanks in advance,

Yeri.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:46 PM, on 3/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINNT\system32\dlcccoms.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\Explorer.EXE
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINNT\system32\PnkBstrA.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\ScsiAccess.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
F:\Program Files\heytisdont\Getemgood.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\5q7jpcyr.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\5q7jpcyr.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {22342B44-5B98-4B30-9D53-C182AD8DF217} - C:\WINNT\system32\iifcbay.dll (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {3B659DC7-0C0D-71FD-0066-5D00CCC68BBF} - C:\WINNT\system32\mhwmmri.dll (file missing)
O2 - BHO: (no name) - {434942D5-73A4-4416-A867-2C75B860DED5} - C:\WINNT\system32\mljgg.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {63D41E8A-AEEC-4C76-BFDF-56894EFC9FEC} - C:\Program Files\Common Files\larav89104.dll (file missing)
O2 - BHO: (no name) - {69B43BE9-3BFB-4169-889E-152B8E553FCF} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: 0 - {88CDC589-7446-4A8F-0FB7-B3C8F357C18F} - C:\Program Files\Online Services\vikiv506.dll (file missing)
O2 - BHO: (no name) - {9714A10A-FBC6-4427-BA95-8409A403D1EF} - C:\WINNT\system32\urqomnl.dll (file missing)
O2 - BHO: PnIEBrowserHelperObj Class - {D2F719F3-106A-402B-9996-3A5B12ACA564} - C:\Program Files\GuardIE\PnIE.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Updated.Toolbar - {9F6A22E6-1682-4F82-9B72-6314794CB253} - C:\Program Files\Pop Blocker\Updated.dll (file missing)
O3 - Toolbar: @C:\Program Files\GuardIE\PnIE.dll,-100 - {37C8204D-97C3-4127-BB28-1BFF3FA2F7DA} - C:\Program Files\GuardIE\PnIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [Host Process] C:\WINNT\Fonts\svchost.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [runner1] C:\WINNT\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe
O4 - HKCU\..\Run: [Ltho] "C:\PROGRA~1\CURITY~1\csrss.exe" -vt yazb
O4 - HKCU\..\Run: [Wepsg] C:\WINNT\system32\A?pPatch\dllhost.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Owner\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\gbsfgap.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINNT\system32\msiexec.exe" /L*v C:\WINNT\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINNT\system32\msiexec.exe" /L*v C:\WINNT\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\Program Files\GuardIE\PnIE.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\GuardIE\PnIE.dll,-100 - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\Program Files\GuardIE\PnIE.dll
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-12.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/1579b67930ebac003003/...ip/RdxIE601.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - file://D:\video@home\setup.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: iifcbay - iifcbay.dll (file missing)
O20 - Winlogon Notify: urqomnl - urqomnl.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: dlcc_device - - C:\WINNT\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

--
End of file - 10825 bytes

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

OK, after I ran the combofix scan, a notepad file came out on my desktop called "catch me" and I'm assuming that's the log file for combofix. So here it is....


catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-28 13:52:31
Windows 5.1.2600 Service Pack 2

scanning processes ...

IPC error: 2 The system cannot find the file specified.
System [4]
C:\WINNT\system32\smss.exe [928] 0x8712AAD8
C:\WINNT\system32\csrss.exe [984] 0x86808DA0
C:\WINNT\system32\winlogon.exe [1008] 0x86825DA0
C:\WINNT\system32\services.exe [1052] 0x8737DC78
C:\WINNT\system32\lsass.exe [1072] 0x866FD020
C:\WINNT\system32\svchost.exe [1232] 0x867F5DA0
C:\WINNT\system32\svchost.exe [1280] 0x87155CA0
C:\WINNT\system32\svchost.exe [1408] 0x866AC020
C:\WINNT\system32\svchost.exe [1484] 0x86FCCDA0
C:\WINNT\system32\svchost.exe [1672] 0x86FBE6B0
C:\WINNT\system32\spoolsv.exe [1888] 0x86E77DA0
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [840] 0x86730880
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [852] 0x86822DA0
C:\WINNT\system32\dlcccoms.exe [880] 0x867008D0
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [960] 0x8672F5F0
C:\WINNT\system32\NMSSvc.Exe [1028] 0x87010DA0
C:\WINNT\system32\nvsvc32.exe [1700] 0x86FB2520
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe [1120] 0x8700C900
C:\WINNT\system32\PnkBstrA.exe [1808] 0x86627880
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS [1956] 0x866A3520
C:\WINNT\system32\ScsiAccess.EXE [160] 0x8663C880
C:\WINNT\system32\svchost.exe [224] 0x865F1DA0
C:\WINNT\wanmpsvc.exe [292] 0x8668E880
C:\WINNT\system32\alg.exe [2620] 0x864B4960
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [220] 0x8639E970
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2176] 0x86244960
C:\WINNT\system32\wscntfy.exe [2224] 0x85DE1DA0
C:\WINNT\system32\CF16107.exe [3588] 0x863FF020
C:\WINNT\system32\CF16107.exe [3168] 0x86694890
C:\WINNT\system32\CF16107.exe [1176] 0x85EDC120
C:\ComboFix\nircmd.cfexe [1568] 0x853CE530
C:\ComboFix\catchme.cfexe [3412] 0x858C6560
C:\ComboFix\sed.cfexe [2388] 0x85DD2AA0








And here's the new hijack this file...



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:30, on 2008-03-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\savedump.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINNT\system32\dlcccoms.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\nvsvc32.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINNT\system32\PnkBstrA.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\ScsiAccess.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\WINNT\system32\wuauclt.exe
F:\Program Files\heytisdont\Getemgood.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\5q7jpcyr.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\5q7jpcyr.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {22342B44-5B98-4B30-9D53-C182AD8DF217} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {3B659DC7-0C0D-71FD-0066-5D00CCC68BBF} - C:\WINNT\system32\mhwmmri.dll (file missing)
O2 - BHO: (no name) - {434942D5-73A4-4416-A867-2C75B860DED5} - C:\WINNT\system32\mljgg.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {63D41E8A-AEEC-4C76-BFDF-56894EFC9FEC} - C:\Program Files\Common Files\larav89104.dll (file missing)
O2 - BHO: (no name) - {69B43BE9-3BFB-4169-889E-152B8E553FCF} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: 0 - {88CDC589-7446-4A8F-0FB7-B3C8F357C18F} - C:\Program Files\Online Services\vikiv506.dll (file missing)
O2 - BHO: (no name) - {9714A10A-FBC6-4427-BA95-8409A403D1EF} - (no file)
O2 - BHO: PnIEBrowserHelperObj Class - {D2F719F3-106A-402B-9996-3A5B12ACA564} - C:\Program Files\GuardIE\PnIE.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Updated.Toolbar - {9F6A22E6-1682-4F82-9B72-6314794CB253} - C:\Program Files\Pop Blocker\Updated.dll (file missing)
O3 - Toolbar: @C:\Program Files\GuardIE\PnIE.dll,-100 - {37C8204D-97C3-4127-BB28-1BFF3FA2F7DA} - C:\Program Files\GuardIE\PnIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [runner1] C:\WINNT\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
O4 - HKCU\..\Run: [Ltho] "C:\PROGRA~1\CURITY~1\csrss.exe" -vt yazb
O4 - HKCU\..\Run: [Wepsg] C:\WINNT\system32\A?pPatch\dllhost.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINNT\system32\msiexec.exe" /L*v C:\WINNT\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINNT\system32\msiexec.exe" /L*v C:\WINNT\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\Program Files\GuardIE\PnIE.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\GuardIE\PnIE.dll,-100 - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\Program Files\GuardIE\PnIE.dll
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-12.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/1579b67930ebac003003/...ip/RdxIE601.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - file://D:\video@home\setup.exe
O20 - Winlogon Notify: iifcbay - iifcbay.dll (file missing)
O20 - Winlogon Notify: urqomnl - urqomnl.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: dlcc_device - - C:\WINNT\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

--
End of file - 10292 bytes

Nope, that was not the ComboFix log I wanted. Post the contents of the file C:\Combofix.txt, as I listed in my previous post.

OK, sorry it took so long but my computer kept restarting before combofix could finish. It finally worked this morning and the logfile was created. I also want to mention that now kaspersky is giving me a message that says "keylogger detecteed, possible driver name is system32\Drivers\sk99202k.sys". I don't know where to find that file or how to appropriately get rid of it. Would you be able to help me with that?

Here's the combofix log...




ComboFix 08-03-27.3 - Owner 2008-03-28 22:48:15.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.571 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.
-- Script messages for sUBs --
Nircmd abortshutdown

((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))))
.

2008-03-27 18:08 . 2008-03-27 18:08 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Individual Software
2008-03-27 18:06 . 2008-03-27 18:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Individual Software
2008-03-27 18:06 . 1996-10-23 23:00 803,680 --a------ C:\WINNT\system32\AXDist.exe
2008-03-27 18:06 . 1999-05-05 09:32 286,480 --a------ C:\WINNT\system32\Olemsg32.dll
2008-03-27 18:06 . 2000-04-27 17:07 262,144 --a------ C:\WINNT\system32\Msrd2x35.dll
2008-03-27 18:06 . 1997-07-22 01:11 238,080 --a------ C:\WINNT\system32\Tx4ole.ocx
2008-03-27 18:06 . 1998-04-01 09:58 234,332 --a------ C:\WINNT\system32\Vssp_ae.dct
2008-03-27 18:06 . 1997-01-24 00:00 78,608 --a------ C:\WINNT\system32\Vb5db.dll
2008-03-27 18:06 . 1998-05-31 00:00 72,704 --a------ C:\WINNT\system32\Odbctl32.dll
2008-03-27 18:06 . 1996-12-11 00:00 46,080 --a------ C:\WINNT\system32\MCIWNDX.OCX
2008-03-27 18:06 . 1997-11-17 18:31 27,648 --a------ C:\WINNT\system32\Hh.exe
2008-03-27 18:06 . 1998-02-26 00:58 15,360 --a------ C:\WINNT\system32\BankTemplate.dll
2008-03-18 20:45 . 2008-03-18 20:45 <DIR> d-------- C:\Program Files\Google
2008-03-16 22:38 . 2008-03-16 22:38 1,367,144 ---hs---- C:\WINNT\system32\qibccpog.ini
2008-03-13 21:01 . 2007-12-06 19:21 6,066,176 --------- C:\WINNT\system32\dllcache\ieframe.dll
2008-03-13 21:01 . 2007-06-30 20:31 2,455,488 --------- C:\WINNT\system32\dllcache\ieapfltr.dat
2008-03-13 21:01 . 2007-06-30 20:36 991,232 --------- C:\WINNT\system32\dllcache\ieframe.dll.mui
2008-03-13 21:01 . 2007-12-06 19:21 459,264 --------- C:\WINNT\system32\dllcache\msfeeds.dll
2008-03-13 21:01 . 2007-12-06 19:21 383,488 --------- C:\WINNT\system32\dllcache\ieapfltr.dll
2008-03-13 21:01 . 2007-12-06 19:21 267,776 --------- C:\WINNT\system32\dllcache\iertutil.dll
2008-03-13 21:01 . 2007-12-06 19:21 63,488 --------- C:\WINNT\system32\dllcache\icardie.dll
2008-03-13 21:01 . 2007-12-06 19:21 52,224 --------- C:\WINNT\system32\dllcache\msfeedsbs.dll
2008-03-13 21:01 . 2007-12-06 04:00 13,824 --------- C:\WINNT\system32\dllcache\ieudinit.exe
2008-03-13 16:52 . 2008-03-13 16:52 91,700 --a------ C:\WINNT\system32\drivers\klin.dat
2008-03-13 16:52 . 2008-03-13 16:52 85,860 --a------ C:\WINNT\system32\drivers\klick.dat
2008-03-13 16:48 . 2008-03-13 16:48 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-03-13 16:37 . 2008-03-29 09:07 8,286,240 --ahs---- C:\WINNT\system32\drivers\fidbox.dat
2008-03-13 16:37 . 2008-03-29 09:07 129,056 --ahs---- C:\WINNT\system32\drivers\fidbox2.dat
2008-03-13 16:37 . 2008-03-28 23:29 113,048 --ahs---- C:\WINNT\system32\drivers\fidbox.idx
2008-03-13 16:37 . 2008-03-28 23:29 14,192 --ahs---- C:\WINNT\system32\drivers\fidbox2.idx
2008-03-13 16:26 . 2008-03-13 16:26 <DIR> d-------- C:\kav
2008-03-13 16:17 . 2008-03-13 16:17 2,238 --a------ C:\WINNT\system32\GClogo_32x32.ico
2008-03-12 21:07 . 2008-03-12 21:07 9,662 --a------ C:\WINNT\system32\ZoneAlarmIconUS.ico
2008-03-12 12:21 . 2008-03-12 12:21 287 --a------ C:\WINNT\system32\MRT.INI
2008-03-12 12:17 . 2008-03-12 12:17 237 --a------ C:\440.bat
2008-03-09 17:50 . 2008-03-09 17:50 1,308,461 --ahs---- C:\WINNT\system32\cmcspaef.ini
2008-03-09 17:29 . 2008-03-09 17:29 490,496 --a------ C:\Documents and Settings\Owner\installer.exe
2008-03-09 16:47 . 2008-03-09 16:47 <DIR> d-------- C:\Program Files\nvcoi
2008-03-09 00:26 . 2003-01-13 16:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-03-09 00:26 . 2003-01-13 16:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-03-08 23:55 . 2008-03-29 09:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-08 23:53 . 2008-03-08 23:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-08 23:51 . 2008-03-09 17:50 1,308,401 --ahs---- C:\WINNT\system32\btpnlrka.ini
2008-03-08 16:41 . 2008-03-17 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-08 16:40 . 2008-03-08 16:40 40,960 --a------ C:\Documents and Settings\ANREW\f.exe
2008-03-08 16:39 . 2008-03-14 23:36 <DIR> d-------- C:\WINNT\system32\typ2
2008-03-08 16:39 . 2008-03-08 16:39 <DIR> d-------- C:\WINNT\system32\lows8
2008-03-08 16:39 . 2008-03-13 17:31 <DIR> d-------- C:\WINNT\system32\ech5
2008-03-08 16:39 . 2008-03-19 00:01 <DIR> d-------- C:\WINNT\system32\dr6
2008-03-08 13:55 . 2008-03-08 23:44 1,307,801 --ahs---- C:\WINNT\system32\dadrlocf.ini
2008-03-08 13:22 . 2008-03-08 13:50 1,307,621 --ahs---- C:\WINNT\system32\dobaeesj.ini
2008-03-08 01:35 . 2008-03-08 01:34 102,664 --a------ C:\WINNT\system32\drivers\tmcomm.sys
2008-03-07 21:45 . 2008-03-07 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-03-07 21:41 . 2008-03-07 21:44 24 ---hs---- C:\WINNT\SAAA8821A.tmp
2008-03-07 13:34 . 2008-03-07 13:34 40,960 --a------ C:\Documents and Settings\Owner\f.exe
2008-03-07 13:34 . 2008-03-08 16:40 134 --a------ C:\n.bat
2008-03-07 13:33 . 2008-03-13 17:31 <DIR> d-------- C:\WINNT\system32\iDlo18
2008-03-07 13:10 . 2008-03-07 13:10 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-03-07 13:07 . 2008-03-12 12:17 <DIR> d--hs---- C:\Documents and Settings\Owner\Complete
2008-03-07 13:06 . 2008-03-07 13:06 147,456 --a------ C:\WINNT\system32\vbzip10.dll
2008-03-07 12:13 . 2008-03-07 12:13 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-03-07 12:12 . 2008-03-07 12:13 <DIR> d-------- C:\WINNT\system32\drivers\UMDF
2008-03-07 06:24 . 2008-03-07 06:24 97,216 --a------ C:\WINNT\system32\drivers\AnyDVD.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 01:56 --------- d-----w C:\Program Files\DAP
2008-03-28 01:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-17 06:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-15 05:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-15 04:27 --------- d-----w C:\Program Files\dl_Cats
2008-03-10 00:04 10 ----a-w C:\Program Files\.autoreg
2008-03-08 23:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-08 19:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-18 02:22 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-02-09 01:35 23,604 ----a-w C:\WINNT\system32\drivers\klopp.dat
2008-01-29 01:55 --------- d-----w C:\Documents and Settings\ANREW\Application Data\Apple Computer
2008-01-29 00:42 22,328 ----a-w C:\WINNT\system32\drivers\PnkBstrK.sys
2007-12-11 02:54 65,664 -c--a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2003-06-19 12:39 1,581 -c--a-w C:\Program Files\INSTALL.LOG
2003-02-03 23:53 251,088 -c--a-w C:\Program Files\NSSetup.exe
.

------- Sigcheck -------

2002-08-29 06:00 12800 0f7d9c87b0ce1fa520473119752c6f79 C:\WINNT\$NtServicePackUninstall$\svchost.exe
2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINNT\ServicePackFiles\i386\svchost.exe
2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINNT\system32\svchost.exe

2005-03-02 11:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINNT\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 08:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINNT\$hf_mig$\KB925902\SP2QFE\user32.dll
2003-09-25 09:49 560128 32173306185f603e75c477e117f3bb8d C:\WINNT\$NtServicePackUninstall$\user32.dll
2002-11-01 15:26 528896 68e1f4ef02df52ca9c5e157045d23582 C:\WINNT\$NtUninstallKB824141$\user32.dll
2004-08-04 00:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINNT\$NtUninstallKB890859$\user32.dll
2005-03-02 11:09 577024 de2db164bbb35db061af0997e4499054 C:\WINNT\$NtUninstallKB925902$\user32.dll
2002-08-29 06:00 560128 dd9269230c21ee8fb7fd3fccc3b1cfcb C:\WINNT\$NtUninstallQ328310$\user32.dll
2004-08-04 00:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINNT\ServicePackFiles\i386\user32.dll
2007-03-08 08:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINNT\system32\user32.dll
2007-03-08 08:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINNT\system32\dllcache\user32.dll

2002-08-29 06:00 75264 8529c295df59b564d37a73b5629162b1 C:\WINNT\$NtServicePackUninstall$\ws2_32.dll
2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINNT\ServicePackFiles\i386\ws2_32.dll
2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINNT\system32\ws2_32.dll
2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINNT\system32\dllcache\ws2_32.dll

2004-09-29 11:27 656896 2c07195588d69a067c2afdaa31759295 C:\WINNT\$hf_mig$\KB834707\SP2QFE\wininet.dll
2005-01-27 10:08 657920 a8eac5330876548e9966a7d13025d196 C:\WINNT\$hf_mig$\KB867282\SP2QFE\wininet.dll
2005-05-02 13:57 658944 e1e18136f9dd3df1ad9c82193a5898a6 C:\WINNT\$hf_mig$\KB883939\SP2QFE\wininet.dll
2005-03-10 00:43 657920 c8663b488996e89a84c3d17c1d12b79e C:\WINNT\$hf_mig$\KB890923\SP2QFE\wininet.dll
2005-09-02 16:53 660480 97a6fd7cafd688cf2c78939ebaf0cd0c C:\WINNT\$hf_mig$\KB896688\SP2QFE\wininet.dll
2005-07-02 19:09 659456 6e533d155b259eb2363d3e04b5be309f C:\WINNT\$hf_mig$\KB896727\SP2QFE\wininet.dll
2005-10-20 20:38 661504 af785c4947676a7fc1673fdc5c8d0b5b C:\WINNT\$hf_mig$\KB905915\SP2QFE\wininet.dll
2007-10-10 16:47 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINNT\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-06 19:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINNT\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2004-02-06 18:05 588288 4f64d1df989e3aa2fad91a2f1167b9c7 C:\WINNT\$NtServicePackUninstall$\wininet.dll
2004-08-04 00:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINNT\$NtUninstallKB834707$\wininet.dll
2004-09-29 11:47 656896 cba65b573c66fe23f647ff96e3a10994 C:\WINNT\$NtUninstallKB867282$\wininet.dll
2005-03-10 01:02 656896 6f018d6319be4f96426ea829b79e05d5 C:\WINNT\$NtUninstallKB883939$\wininet.dll
2005-01-27 10:13 656896 b5e043e440b210014e021b24cf0a72e3 C:\WINNT\$NtUninstallKB890923$\wininet.dll
2005-07-02 19:11 658432 5b5ff992c0fa762ccf8655fc290e6e52 C:\WINNT\$NtUninstallKB896688$\wininet.dll
2005-05-02 13:52 657920 1a078af3f85d10ba56444c23b3a18e74 C:\WINNT\$NtUninstallKB896727$\wininet.dll
2005-09-02 16:52 658432 af61ebb1f550175eff406d545d6ab086 C:\WINNT\$NtUninstallKB905915$\wininet.dll
2005-10-20 20:39 658432 e7b27b6b6e06ce34ea019fd8b858c613 C:\WINNT\$NtUninstallKB912812$\wininet.dll
2006-03-03 20:58 663552 c0845ecbf4f9164e618ee381b79c9032 C:\WINNT\$NtUninstallKB916281$\wininet.dll
2006-05-09 22:25 663552 d94cffdb53e7ac867438e2dfd50e7cbc C:\WINNT\$NtUninstallKB918899$\wininet.dll
2006-06-23 04:25 664576 64ce26db72810b30f7855ea51e1df836 C:\WINNT\$NtUninstallKB922760$\wininet.dll
2006-09-14 01:31 664576 d207370287cf769aebebf03837784963 C:\WINNT\$NtUninstallKB925454$\wininet.dll
2006-10-23 08:34 664576 231ef4179acabe486376b5ca893f1076 C:\WINNT\$NtUninstallKB928090$\wininet.dll
2007-01-04 07:05 665088 3ffa1573fc274e5aa7467d03941c45ee C:\WINNT\$NtUninstallKB931768$\wininet.dll
2007-02-20 02:52 665600 b258c922d22deec880b60720531d7627 C:\WINNT\$NtUninstallKB933566$\wininet.dll
2007-04-18 05:46 665600 4261ba03afd659de04f0a17dfbdd454d C:\WINNT\$NtUninstallKB937143$\wininet.dll
2007-06-26 07:35 665600 e1a3dd68b5380b360a7310a64d9bb188 C:\WINNT\$NtUninstallKB939653$\wininet.dll
2007-08-22 05:55 665600 a1bc17eb3758d73c3938b2318820f5b4 C:\WINNT\$NtUninstallKB942615$\wininet.dll
2007-10-10 22:57 666112 80d660a49e0d118144423099b2a9f5da C:\WINNT\$NtUninstallKB944533$\wininet.dll
2007-12-06 17:44 666112 085a7c37f9c6ede1ba870b7dbec06399 C:\WINNT\ie7\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINNT\ie7updates\KB942615-IE7\wininet.dll
2007-10-10 16:56 824832 30c1e0f34ad2972c72a01db5c74ab065 C:\WINNT\ie7updates\KB944533-IE7\wininet.dll
2004-08-04 00:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINNT\ServicePackFiles\i386\wininet.dll
2007-10-10 16:56 824832 30c1e0f34ad2972c72a01db5c74ab065 C:\WINNT\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\wininet.dll
2007-10-10 16:47 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINNT\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\wininet.dll
2007-12-06 19:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINNT\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2GDR\wininet.dll
2007-12-06 19:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINNT\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2QFE\wininet.dll
2007-12-06 19:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINNT\system32\wininet.dll
2007-12-06 19:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINNT\system32\dllcache\wininet.dll

2005-05-25 12:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINNT\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 10:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINNT\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 05:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINNT\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINNT\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2002-08-29 06:00 332928 244a2f9816bc9b593957281ef577d976 C:\WINNT\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINNT\$NtUninstallKB893066$\tcpip.sys
2005-05-25 12:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINNT\$NtUninstallKB913446$\tcpip.sys
2006-01-12 19:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINNT\$NtUninstallKB917953$\tcpip.sys
2006-04-20 04:51 359808 1dbf125862891817f374f407626967f4 C:\WINNT\$NtUninstallKB941644$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINNT\ServicePackFiles\i386\tcpip.sys
2007-10-30 10:20 360064 90caff4b094573449a0872a0f919b178 C:\WINNT\system32\dllcache\tcpip.sys
2007-10-30 10:20 360064 90caff4b094573449a0872a0f919b178 C:\WINNT\system32\drivers\tcpip.sys

2002-08-29 06:00 516608 2246d8d8f4714a2cedb21ab9b1849abb C:\WINNT\$NtServicePackUninstall$\winlogon.exe
2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINNT\ServicePackFiles\i386\winlogon.exe
2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINNT\system32\winlogon.exe
2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINNT\system32\dllcache\winlogon.exe

2002-08-29 06:00 167552 3b350e5a2a5e951453f3993275a4523a C:\WINNT\$NtServicePackUninstall$\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINNT\ServicePackFiles\i386\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINNT\system32\dllcache\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINNT\system32\drivers\ndis.sys

2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINNT\ServicePackFiles\i386\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINNT\system32\drivers\ip6fw.sys

2005-03-01 17:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINNT\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 02:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINNT\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2003-04-24 08:57 1949440 46ae6f2d416c39ffdcfc8bcb01203ea3 C:\WINNT\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-03 22:58 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINNT\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-01 17:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINNT\$NtUninstallKB931784$\ntkrnlpa.exe
2002-08-29 06:00 1947904 0e8efb15746878a9b256e75267337233 C:\WINNT\$NtUninstallQ811493$\ntkrnlpa.exe
2007-02-28 01:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINNT\Driver Cache\i386\ntkrnlpa.exe
2004-08-03 22:58 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINNT\ServicePackFiles\i386\ntkrnlpa.exe
2007-02-28 01:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINNT\system32\ntkrnlpa.exe
2007-02-28 01:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINNT\system32\dllcache\ntkrnlpa.exe

2005-03-01 18:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINNT\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 02:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINNT\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2003-04-24 08:57 1925760 97ec4ab4650da6fc521cf16f8a6ddcb0 C:\WINNT\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-03 23:19 2180992 ce218bc7088681faa06633e218596ca7 C:\WINNT\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-01 17:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINNT\$NtUninstallKB931784$\ntoskrnl.exe
2002-08-29 06:00 2042240 b9080d97dbd631aadf9128f7316958d2 C:\WINNT\$NtUninstallQ811493$\ntoskrnl.exe
2007-02-28 02:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINNT\Driver Cache\i386\ntoskrnl.exe
2004-08-03 23:19 2180992 ce218bc7088681faa06633e218596ca7 C:\WINNT\ServicePackFiles\i386\ntoskrnl.exe
2007-02-28 02:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINNT\system32\ntoskrnl.exe
2007-02-28 02:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINNT\system32\dllcache\ntoskrnl.exe

2007-06-13 03:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINNT\explorer.exe
2007-06-13 04:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINNT\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-08-29 06:00 1004032 a82b28bfc2e4455fe43022a498c0ef0a C:\WINNT\$NtServicePackUninstall$\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 C:\WINNT\$NtUninstallKB938828$\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 C:\WINNT\ServicePackFiles\i386\explorer.exe
2007-06-13 03:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINNT\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22342B44-5B98-4B30-9D53-C182AD8DF217}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3B659DC7-0C0D-71FD-0066-5D00CCC68BBF}]
C:\WINNT\system32\mhwmmri.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{434942D5-73A4-4416-A867-2C75B860DED5}]
C:\WINNT\system32\mljgg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63D41E8A-AEEC-4C76-BFDF-56894EFC9FEC}]
C:\Program Files\Common Files\larav89104.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69B43BE9-3BFB-4169-889E-152B8E553FCF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88CDC589-7446-4A8F-0FB7-B3C8F357C18F}]
C:\Program Files\Online Services\vikiv506.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9714A10A-FBC6-4427-BA95-8409A403D1EF}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nvcoi"="C:\Program Files\nvcoi\nvcoi.exe" [ ]
"Ltho"="C:\PROGRA~1\CURITY~1\csrss.exe" [ ]
"Wepsg"="C:\WINNT\system32\A?pPatch\dllhost.exe" [ ]
"SpybotSD TeaTimer"="F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [2004-07-12 16:50 4112384]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec Network Driver Update Warning"="C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE" [ ]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-07-13 17:19 95352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="C:\WINNT\system32\msiexec.exe" [2005-03-21 15:00 78848]
"RunNarrator"="Narrator.exe" [2004-08-04 00:56 53760 C:\WINNT\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-06-20 16:37:02 113664]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2006-10-29 20:26:48 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcbay]
iifcbay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqomnl]
urqomnl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Beyond TV.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Beyond TV.lnk
backup=C:\WINNT\pss\Beyond TV.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINNT\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINNT\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINNT\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a--c--- 2004-09-01 09:26 66672 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-03-07 06:26 1694656 F:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Awola]
C:\Documents and Settings\Owner\Application Data\Awola\Awola.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-10-28 16:25 94208 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGStream]
C:\Program Files\DIGStream\digstream.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
--a--c--- 2005-11-15 13:12 473928 C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 04:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a--c--- 2005-01-18 11:50 11776 C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 C:\WINNT\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2004-07-12 16:50 843776 C:\WINNT\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
--a------ 2006-03-28 12:14 90112 C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS]
--a------ 2006-03-30 13:34 65536 C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche]
C:\TV Capture Card\RecSche.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]
C:\W

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\gbsfgap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 2004-12-11 08:12 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Video@Home Scheduling Wizard]
C:\Program Files\Ulead Systems\Ulead Video@Home 2.0\monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVRCtrl]
C:\WINNT\WDVRCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
C:\Documents and Settings\Owner\Application Data\WinTouch\WinTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\WINNT\\system32\\dxdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\WinMX\\WinMX.exe"=
"C:\\Program Files\\Java\\j2re1.4.0_01\\bin\\javaw.exe"=
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ETDED.exe"=
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"F:\\LimeWire\\LimeWire.exe"=
"F:\\EA SPORTS\\MVP Baseball 2004\\mvp2004.exe"=
"F:\\EA SPORTS\\mvp2005.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"F:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"F:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"C:\\WINNT\\system32\\dlcccoms.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"F:\\programfiles\\kav\\kis\\setup.exe"=
"F:\\kav\\kis\\setup.exe"=
"C:\\kav\\kis\\setup.exe"=

R0 sojubus;sojubus;C:\WINNT\system32\DRIVERS\sojubus.sys [2003-10-05 11:41]
R0 sojuscsi;sojuscsi;C:\WINNT\system32\DRIVERS\sojuscsi.sys [2003-09-28 11:57]
R2 713xTVCard;SAA7130 TV Card;C:\WINNT\system32\DRIVERS\SAA713x.sys [2005-03-15 12:00]
R2 NMSSvc;Intel® NMS;C:\WINNT\System32\NMSSvc.exe [2002-05-03 11:36]
R2 PStrip;PStrip;C:\WINNT\system32\drivers\PStrip.sys [2001-07-23 16:31]
R2 RioPNP;RioPNP;C:\WINNT\system32\drivers\RioPNP.sys [2000-06-06 09:29]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINNT\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 NMSCFG;NIC Management Service Configuration Driver;C:\WINNT\system32\drivers\NMSCFG.SYS [2002-05-03 11:36]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINNT\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]
S1 LIKECDN2;LIKECDN2;C:\WINNT\system32\DRIVERS\LIKECDN2.sys []
S1 msgpcc;msgpcc;C:\WINNT\system32\drivers\msgpcc.sys []
S3 Cap7134;Philips PCI Capture;C:\WINNT\system32\DRIVERS\Cap7134.sys [2004-01-13 00:25]
S3 PCDRDRV;Pcdr Helper Driver;C:\Atf\Qctest\PCDoc\PCDRDRV.sys []
S3 PhTVTune;Philips TVTuner;C:\WINNT\system32\DRIVERS\PhTVTune.sys []

*Newly Created Service* - NMSCFG
*Newly Created Service* - NMSSVC
.
Contents of the 'Scheduled Tasks' folder
"2008-02-12 17:19:01 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2003-01-20 20:35:47 C:\WINNT\Tasks\ISP signup reminder 3.job"
- C:\WINNT\System32\OOBE\oobebaln.exe
"2008-03-29 16:15:00 C:\WINNT\Tasks\McAfee.com Update Check (S0029453895-Maria).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-03-29 16:16:00 C:\WINNT\Tasks\McAfee.com Update Check (S0029453895-Owner).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-03-29 03:57:00 C:\WINNT\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 09:06:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\OMSCAN]
"ImagePath"="\Sys"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINNT\system32\dlcccoms.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINNT\system32\nvsvc32.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINNT\system32\PnkBstrA.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\ScsiAccess.EXE
C:\WINNT\wanmpsvc.exe
.
**************************************************************************
.
Completion time: 2008-03-29 9:20:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-29 16:19:56
Pre-Run: 11,869,335,552 bytes free
Post-Run: 11,832,442,880 bytes free
.
2008-03-12 19:21:23 --- E O F ---







and here's the new hijackthis log...




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:02 AM, on 3/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINNT\system32\dlcccoms.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\nvsvc32.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINNT\system32\PnkBstrA.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\ScsiAccess.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\heytisdont\Getemgood.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\5q7jpcyr.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\5q7jpcyr.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {3B659DC7-0C0D-71FD-0066-5D00CCC68BBF} - C:\WINNT\system32\mhwmmri.dll (file missing)
O2 - BHO: (no name) - {434942D5-73A4-4416-A867-2C75B860DED5} - C:\WINNT\system32\mljgg.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {63D41E8A-AEEC-4C76-BFDF-56894EFC9FEC} - C:\Program Files\Common Files\larav89104.dll (file missing)
O2 - BHO: (no name) - {69B43BE9-3BFB-4169-889E-152B8E553FCF} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: 0 - {88CDC589-7446-4A8F-0FB7-B3C8F357C18F} - C:\Program Files\Online Services\vikiv506.dll (file missing)
O2 - BHO: PnIEBrowserHelperObj Class - {D2F719F3-106A-402B-9996-3A5B12ACA564} - C:\Program Files\GuardIE\PnIE.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Updated.Toolbar - {9F6A22E6-1682-4F82-9B72-6314794CB253} - C:\Program Files\Pop Blocker\Updated.dll (file missing)
O3 - Toolbar: @C:\Program Files\GuardIE\PnIE.dll,-100 - {37C8204D-97C3-4127-BB28-1BFF3FA2F7DA} - C:\Program Files\GuardIE\PnIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
O4 - HKCU\..\Run: [Ltho] "C:\PROGRA~1\CURITY~1\csrss.exe" -vt yazb
O4 - HKCU\..\Run: [Wepsg] C:\WINNT\system32\A?pPatch\dllhost.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINNT\system32\msiexec.exe" /L*v C:\WINNT\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINNT\system32\msiexec.exe" /L*v C:\WINNT\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\Program Files\GuardIE\PnIE.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\GuardIE\PnIE.dll,-100 - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\Program Files\GuardIE\PnIE.dll
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-12.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/1579b67930ebac003003/...ip/RdxIE601.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - file://D:\video@home\setup.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: iifcbay - iifcbay.dll (file missing)
O20 - Winlogon Notify: urqomnl - urqomnl.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: dlcc_device - - C:\WINNT\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

--
End of file - 9989 bytes

The file, sk99202k.sys, is valid. This is a false positive for Kaspersky and you may want to report it to them. They sis the same thing last year with sk99202k.exe. It happens, but better to be safe.


First:
1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Second:
Run HiJackThis again and post a new log in this thread.

OK, I did what you said, here's the new combofix log followed by the new hijack this log...





ComboFix 08-03-27.3 - Owner 2008-03-29 12:19:21.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.626 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Owner\Application Data\Awola\Awola.exe
C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\gbsfgap.exe
C:\Documents and Settings\Owner\Application Data\WinTouch\WinTouch.exe
C:\PROGRA~1\CURITY~1\csrss.exe
C:\Program Files\nvcoi\nvcoi.exe
C:\Program Files\Online Services\vikiv506.dll
C:\WINNT\system32\iifcbay.dll
C:\WINNT\system32\urqomnl.dll
.
-- Script messages for sUBs --
Findstr -MIF:/ sursen

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\nvcoi
C:\Program Files\nvcoi\mst.stt
C:\WINNT\system32\dr6
C:\WINNT\system32\ech5
C:\WINNT\system32\iDlo18
C:\WINNT\system32\lows8
C:\WINNT\system32\lows8\spgdn65.exe
C:\WINNT\system32\typ2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npf


((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))))
.

2008-03-27 18:08 . 2008-03-27 18:08 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Individual Software
2008-03-27 18:06 . 2008-03-27 18:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Individual Software
2008-03-27 18:06 . 1996-10-23 23:00 803,680 --a------ C:\WINNT\system32\AXDist.exe
2008-03-27 18:06 . 1999-05-05 09:32 286,480 --a------ C:\WINNT\system32\Olemsg32.dll
2008-03-27 18:06 . 2000-04-27 17:07 262,144 --a------ C:\WINNT\system32\Msrd2x35.dll
2008-03-27 18:06 . 1997-07-22 01:11 238,080 --a------ C:\WINNT\system32\Tx4ole.ocx
2008-03-27 18:06 . 1998-04-01 09:58 234,332 --a------ C:\WINNT\system32\Vssp_ae.dct
2008-03-27 18:06 . 1997-01-24 00:00 78,608 --a------ C:\WINNT\system32\Vb5db.dll
2008-03-27 18:06 . 1998-05-31 00:00 72,704 --a------ C:\WINNT\system32\Odbctl32.dll
2008-03-27 18:06 . 1996-12-11 00:00 46,080 --a------ C:\WINNT\system32\MCIWNDX.OCX
2008-03-27 18:06 . 1997-11-17 18:31 27,648 --a------ C:\WINNT\system32\Hh.exe
2008-03-27 18:06 . 1998-02-26 00:58 15,360 --a------ C:\WINNT\system32\BankTemplate.dll
2008-03-18 20:45 . 2008-03-18 20:45 <DIR> d-------- C:\Program Files\Google
2008-03-16 22:38 . 2008-03-16 22:38 1,367,144 ---hs---- C:\WINNT\system32\qibccpog.ini
2008-03-13 21:01 . 2007-12-06 19:21 6,066,176 --------- C:\WINNT\system32\dllcache\ieframe.dll
2008-03-13 21:01 . 2007-06-30 20:31 2,455,488 --------- C:\WINNT\system32\dllcache\ieapfltr.dat
2008-03-13 21:01 . 2007-06-30 20:36 991,232 --------- C:\WINNT\system32\dllcache\ieframe.dll.mui
2008-03-13 21:01 . 2007-12-06 19:21 459,264 --------- C:\WINNT\system32\dllcache\msfeeds.dll
2008-03-13 21:01 . 2007-12-06 19:21 383,488 --------- C:\WINNT\system32\dllcache\ieapfltr.dll
2008-03-13 21:01 . 2007-12-06 19:21 267,776 --------- C:\WINNT\system32\dllcache\iertutil.dll
2008-03-13 21:01 . 2007-12-06 19:21 63,488 --------- C:\WINNT\system32\dllcache\icardie.dll
2008-03-13 21:01 . 2007-12-06 19:21 52,224 --------- C:\WINNT\system32\dllcache\msfeedsbs.dll
2008-03-13 21:01 . 2007-12-06 04:00 13,824 --------- C:\WINNT\system32\dllcache\ieudinit.exe
2008-03-13 16:52 . 2008-03-13 16:52 91,700 --a------ C:\WINNT\system32\drivers\klin.dat
2008-03-13 16:52 . 2008-03-13 16:52 85,860 --a------ C:\WINNT\system32\drivers\klick.dat
2008-03-13 16:48 . 2008-03-13 16:48 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-03-13 16:37 . 2008-03-29 14:35 8,442,144 --ahs---- C:\WINNT\system32\drivers\fidbox.dat
2008-03-13 16:37 . 2008-03-29 14:35 136,224 --ahs---- C:\WINNT\system32\drivers\fidbox2.dat
2008-03-13 16:37 . 2008-03-29 12:27 114,992 --ahs---- C:\WINNT\system32\drivers\fidbox.idx
2008-03-13 16:37 . 2008-03-29 12:27 14,792 --ahs---- C:\WINNT\system32\drivers\fidbox2.idx
2008-03-13 16:26 . 2008-03-13 16:26 <DIR> d-------- C:\kav
2008-03-13 16:17 . 2008-03-13 16:17 2,238 --a------ C:\WINNT\system32\GClogo_32x32.ico
2008-03-12 21:07 . 2008-03-12 21:07 9,662 --a------ C:\WINNT\system32\ZoneAlarmIconUS.ico
2008-03-12 12:21 . 2008-03-12 12:21 287 --a------ C:\WINNT\system32\MRT.INI
2008-03-12 12:17 . 2008-03-12 12:17 237 --a------ C:\440.bat
2008-03-09 17:50 . 2008-03-09 17:50 1,308,461 --ahs---- C:\WINNT\system32\cmcspaef.ini
2008-03-09 17:29 . 2008-03-09 17:29 490,496 --a------ C:\Documents and Settings\Owner\installer.exe
2008-03-09 00:26 . 2003-01-13 16:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-03-09 00:26 . 2003-01-13 16:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-03-08 23:55 . 2008-03-29 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-08 23:53 . 2008-03-08 23:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-08 23:51 . 2008-03-09 17:50 1,308,401 --ahs---- C:\WINNT\system32\btpnlrka.ini
2008-03-08 16:41 . 2008-03-17 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-08 16:40 . 2008-03-08 16:40 40,960 --a------ C:\Documents and Settings\ANREW\f.exe
2008-03-08 13:55 . 2008-03-08 23:44 1,307,801 --ahs---- C:\WINNT\system32\dadrlocf.ini
2008-03-08 13:22 . 2008-03-08 13:50 1,307,621 --ahs---- C:\WINNT\system32\dobaeesj.ini
2008-03-08 01:35 . 2008-03-08 01:34 102,664 --a------ C:\WINNT\system32\drivers\tmcomm.sys
2008-03-07 21:45 . 2008-03-07 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-03-07 21:41 . 2008-03-07 21:44 24 ---hs---- C:\WINNT\SAAA8821A.tmp
2008-03-07 13:34 . 2008-03-07 13:34 40,960 --a------ C:\Documents and Settings\Owner\f.exe
2008-03-07 13:34 . 2008-03-08 16:40 134 --a------ C:\n.bat
2008-03-07 13:10 . 2008-03-07 13:10 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-03-07 13:07 . 2008-03-12 12:17 <DIR> d--hs---- C:\Documents and Settings\Owner\Complete
2008-03-07 13:06 . 2008-03-07 13:06 147,456 --a------ C:\WINNT\system32\vbzip10.dll
2008-03-07 12:13 . 2008-03-07 12:13 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-03-07 12:12 . 2008-03-07 12:13 <DIR> d-------- C:\WINNT\system32\drivers\UMDF
2008-03-07 06:24 . 2008-03-07 06:24 97,216 --a------ C:\WINNT\system32\drivers\AnyDVD.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 01:56 --------- d-----w C:\Program Files\DAP
2008-03-28 01:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-17 06:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-15 05:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-15 04:27 --------- d-----w C:\Program Files\dl_Cats
2008-03-10 00:04 10 ----a-w C:\Program Files\.autoreg
2008-03-08 23:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-08 19:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-18 02:22 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-02-09 01:35 23,604 ----a-w C:\WINNT\system32\drivers\klopp.dat
2008-01-29 01:55 --------- d-----w C:\Documents and Settings\ANREW\Application Data\Apple Computer
2008-01-29 00:42 22,328 ----a-w C:\WINNT\system32\drivers\PnkBstrK.sys
2007-12-11 02:54 65,664 -c--a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2003-06-19 12:39 1,581 -c--a-w C:\Program Files\INSTALL.LOG
2003-02-03 23:53 251,088 -c--a-w C:\Program Files\NSSetup.exe
.

------- Sigcheck -------

2002-08-29 06:00 12800 0f7d9c87b0ce1fa520473119752c6f79 C:\WINNT\$NtServicePackUninstall$\svchost.exe
2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINNT\ServicePackFiles\i386\svchost.exe
2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINNT\system32\svchost.exe

2005-03-02 11:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINNT\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 08:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINNT\$hf_mig$\KB925902\SP2QFE\user32.dll
2003-09-25 09:49 560128 32173306185f603e75c477e117f3bb8d C:\WINNT\$NtServicePackUninstall$\user32.dll
2002-11-01 15:26 528896 68e1f4ef02df52ca9c5e157045d23582 C:\WINNT\$NtUninstallKB824141$\user32.dll
2004-08-04 00:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINNT\$NtUninstallKB890859$\user32.dll
2005-03-02 11:09 577024 de2db164bbb35db061af0997e4499054 C:\WINNT\$NtUninstallKB925902$\user32.dll
2002-08-29 06:00 560128 dd9269230c21ee8fb7fd3fccc3b1cfcb C:\WINNT\$NtUninstallQ328310$\user32.dll
2004-08-04 00:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINNT\ServicePackFiles\i386\user32.dll
2007-03-08 08:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINNT\system32\user32.dll
2007-03-08 08:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINNT\system32\dllcache\user32.dll

2002-08-29 06:00 75264 8529c295df59b564d37a73b5629162b1 C:\WINNT\$NtServicePackUninstall$\ws2_32.dll
2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINNT\ServicePackFiles\i386\ws2_32.dll
2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINNT\system32\ws2_32.dll
2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINNT\system32\dllcache\ws2_32.dll

2004-09-29 11:27 656896 2c07195588d69a067c2afdaa31759295 C:\WINNT\$hf_mig$\KB834707\SP2QFE\wininet.dll
2005-01-27 10:08 657920 a8eac5330876548e9966a7d13025d196 C:\WINNT\$hf_mig$\KB867282\SP2QFE\wininet.dll
2005-05-02 13:57 658944 e1e18136f9dd3df1ad9c82193a5898a6 C:\WINNT\$hf_mig$\KB883939\SP2QFE\wininet.dll
2005-03-10 00:43 657920 c8663b488996e89a84c3d17c1d12b79e C:\WINNT\$hf_mig$\KB890923\SP2QFE\wininet.dll
2005-09-02 16:53 660480 97a6fd7cafd688cf2c78939ebaf0cd0c C:\WINNT\$hf_mig$\KB896688\SP2QFE\wininet.dll
2005-07-02 19:09 659456 6e533d155b259eb2363d3e04b5be309f C:\WINNT\$hf_mig$\KB896727\SP2QFE\wininet.dll
2005-10-20 20:38 661504 af785c4947676a7fc1673fdc5c8d0b5b C:\WINNT\$hf_mig$\KB905915\SP2QFE\wininet.dll
2007-10-10 16:47 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINNT\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-06 19:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINNT\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2004-02-06 18:05 588288 4f64d1df989e3aa2fad91a2f1167b9c7 C:\WINNT\$NtServicePackUninstall$\wininet.dll
2004-08-04 00:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINNT\$NtUninstallKB834707$\wininet.dll
2004-09-29 11:47 656896 cba65b573c66fe23f647ff96e3a10994 C:\WINNT\$NtUninstallKB867282$\wininet.dll
2005-03-10 01:02 656896 6f018d6319be4f96426ea829b79e05d5 C:\WINNT\$NtUninstallKB883939$\wininet.dll
2005-01-27 10:13 656896 b5e043e440b210014e021b24cf0a72e3 C:\WINNT\$NtUninstallKB890923$\wininet.dll
2005-07-02 19:11 658432 5b5ff992c0fa762ccf8655fc290e6e52 C:\WINNT\$NtUninstallKB896688$\wininet.dll
2005-05-02 13:52 657920 1a078af3f85d10ba56444c23b3a18e74 C:\WINNT\$NtUninstallKB896727$\wininet.dll
2005-09-02 16:52 658432 af61ebb1f550175eff406d545d6ab086 C:\WINNT\$NtUninstallKB905915$\wininet.dll
2005-10-20 20:39 658432 e7b27b6b6e06ce34ea019fd8b858c613 C:\WINNT\$NtUninstallKB912812$\wininet.dll
2006-03-03 20:58 663552 c0845ecbf4f9164e618ee381b79c9032 C:\WINNT\$NtUninstallKB916281$\wininet.dll
2006-05-09 22:25 663552 d94cffdb53e7ac867438e2dfd50e7cbc C:\WINNT\$NtUninstallKB918899$\wininet.dll
2006-06-23 04:25 664576 64ce26db72810b30f7855ea51e1df836 C:\WINNT\$NtUninstallKB922760$\wininet.dll
2006-09-14 01:31 664576 d207370287cf769aebebf03837784963 C:\WINNT\$NtUninstallKB925454$\wininet.dll
2006-10-23 08:34 664576 231ef4179acabe486376b5ca893f1076 C:\WINNT\$NtUninstallKB928090$\wininet.dll
2007-01-04 07:05 665088 3ffa1573fc274e5aa7467d03941c45ee C:\WINNT\$NtUninstallKB931768$\wininet.dll
2007-02-20 02:52 665600 b258c922d22deec880b60720531d7627 C:\WINNT\$NtUninstallKB933566$\wininet.dll
2007-04-18 05:46 665600 4261ba03afd659de04f0a17dfbdd454d C:\WINNT\$NtUninstallKB937143$\wininet.dll
2007-06-26 07:35 665600 e1a3dd68b5380b360a7310a64d9bb188 C:\WINNT\$NtUninstallKB939653$\wininet.dll
2007-08-22 05:55 665600 a1bc17eb3758d73c3938b2318820f5b4 C:\WINNT\$NtUninstallKB942615$\wininet.dll
2007-10-10 22:57 666112 80d660a49e0d118144423099b2a9f5da C:\WINNT\$NtUninstallKB944533$\wininet.dll
2007-12-06 17:44 666112 085a7c37f9c6ede1ba870b7dbec06399 C:\WINNT\ie7\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINNT\ie7updates\KB942615-IE7\wininet.dll
2007-10-10 16:56 824832 30c1e0f34ad2972c72a01db5c74ab065 C:\WINNT\ie7updates\KB944533-IE7\wininet.dll
2004-08-04 00:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINNT\ServicePackFiles\i386\wininet.dll
2007-10-10 16:56 824832 30c1e0f34ad2972c72a01db5c74ab065 C:\WINNT\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\wininet.dll
2007-10-10 16:47 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINNT\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\wininet.dll
2007-12-06 19:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINNT\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2GDR\wininet.dll
2007-12-06 19:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINNT\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2QFE\wininet.dll
2007-12-06 19:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINNT\system32\wininet.dll
2007-12-06 19:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINNT\system32\dllcache\wininet.dll

2005-05-25 12:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINNT\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 10:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINNT\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 05:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINNT\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINNT\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2002-08-29 06:00 332928 244a2f9816bc9b593957281ef577d976 C:\WINNT\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINNT\$NtUninstallKB893066$\tcpip.sys
2005-05-25 12:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINNT\$NtUninstallKB913446$\tcpip.sys
2006-01-12 19:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINNT\$NtUninstallKB917953$\tcpip.sys
2006-04-20 04:51 359808 1dbf125862891817f374f407626967f4 C:\WINNT\$NtUninstallKB941644$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINNT\ServicePackFiles\i386\tcpip.sys
2007-10-30 10:20 360064 90caff4b094573449a0872a0f919b178 C:\WINNT\system32\dllcache\tcpip.sys
2007-10-30 10:20 360064 90caff4b094573449a0872a0f919b178 C:\WINNT\system32\drivers\tcpip.sys

2002-08-29 06:00 516608 2246d8d8f4714a2cedb21ab9b1849abb C:\WINNT\$NtServicePackUninstall$\winlogon.exe
2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINNT\ServicePackFiles\i386\winlogon.exe
2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINNT\system32\winlogon.exe
2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINNT\system32\dllcache\winlogon.exe

2002-08-29 06:00 167552 3b350e5a2a5e951453f3993275a4523a C:\WINNT\$NtServicePackUninstall$\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINNT\ServicePackFiles\i386\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINNT\system32\dllcache\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINNT\system32\drivers\ndis.sys

2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINNT\ServicePackFiles\i386\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINNT\system32\drivers\ip6fw.sys

2005-03-01 17:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINNT\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 02:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINNT\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2003-04-24 08:57 1949440 46ae6f2d416c39ffdcfc8bcb01203ea3 C:\WINNT\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-03 22:58 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINNT\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-01 17:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINNT\$NtUninstallKB931784$\ntkrnlpa.exe
2002-08-29 06:00 1947904 0e8efb15746878a9b256e75267337233 C:\WINNT\$NtUninstallQ811493$\ntkrnlpa.exe
2007-02-28 01:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINNT\Driver Cache\i386\ntkrnlpa.exe
2004-08-03 22:58 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINNT\ServicePackFiles\i386\ntkrnlpa.exe
2007-02-28 01:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINNT\system32\ntkrnlpa.exe
2007-02-28 01:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINNT\system32\dllcache\ntkrnlpa.exe

2005-03-01 18:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINNT\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 02:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINNT\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2003-04-24 08:57 1925760 97ec4ab4650da6fc521cf16f8a6ddcb0 C:\WINNT\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-03 23:19 2180992 ce218bc7088681faa06633e218596ca7 C:\WINNT\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-01 17:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINNT\$NtUninstallKB931784$\ntoskrnl.exe
2002-08-29 06:00 2042240 b9080d97dbd631aadf9128f7316958d2 C:\WINNT\$NtUninstallQ811493$\ntoskrnl.exe
2007-02-28 02:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINNT\Driver Cache\i386\ntoskrnl.exe
2004-08-03 23:19 2180992 ce218bc7088681faa06633e218596ca7 C:\WINNT\ServicePackFiles\i386\ntoskrnl.exe
2007-02-28 02:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINNT\system32\ntoskrnl.exe
2007-02-28 02:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINNT\system32\dllcache\ntoskrnl.exe

2007-06-13 03:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINNT\explorer.exe
2007-06-13 04:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINNT\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-08-29 06:00 1004032 a82b28bfc2e4455fe43022a498c0ef0a C:\WINNT\$NtServicePackUninstall$\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 C:\WINNT\$NtUninstallKB938828$\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 C:\WINNT\ServicePackFiles\i386\explorer.exe
2007-06-13 03:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINNT\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-29_ 9.17.32.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-29 05:58:17 16,384 -c--a-w C:\WINNT\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-29 20:29:19 16,384 -c--a-w C:\WINNT\system32\config\systemprofile\Cookies\index.dat
- 2008-03-29 05:58:17 32,768 -c--a-w C:\WINNT\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-29 20:29:19 32,768 -c--a-w C:\WINNT\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-03-29 05:58:17 32,768 -c--a-w C:\WINNT\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-29 20:29:19 32,768 --sha-w C:\WINNT\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-29 19:28:47 16,384 ----atw C:\WINNT\Temp\Perflib_Perfdata_3a0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3B659DC7-0C0D-71FD-0066-5D00CCC68BBF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{434942D5-73A4-4416-A867-2C75B860DED5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63D41E8A-AEEC-4C76-BFDF-56894EFC9FEC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69B43BE9-3BFB-4169-889E-152B8E553FCF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88CDC589-7446-4A8F-0FB7-B3C8F357C18F}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [2004-07-12 16:50 4112384]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec Network Driver Update Warning"="C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE" [ ]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-07-13 17:19 95352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="C:\WINNT\system32\msiexec.exe" [2005-03-21 15:00 78848]
"RunNarrator"="Narrator.exe" [2004-08-04 00:56 53760 C:\WINNT\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-06-20 16:37:02 113664]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2006-10-29 20:26:48 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcbay]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqomnl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Beyond TV.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Beyond TV.lnk
backup=C:\WINNT\pss\Beyond TV.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINNT\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINNT\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINNT\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a--c--- 2004-09-01 09:26 66672 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-03-07 06:26 1694656 F:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-10-28 16:25 94208 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGStream]
C:\Program Files\DIGStream\digstream.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
--a--c--- 2005-11-15 13:12 473928 C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 04:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a--c--- 2005-01-18 11:50 11776 C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 C:\WINNT\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2004-07-12 16:50 843776 C:\WINNT\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
--a------ 2006-03-28 12:14 90112 C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS]
--a------ 2006-03-30 13:34 65536 C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche]
C:\TV Capture Card\RecSche.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 2004-12-11 08:12 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Video@Home Scheduling Wizard]
C:\Program Files\Ulead Systems\Ulead Video@Home 2.0\monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVRCtrl]
C:\WINNT\WDVRCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\WINNT\\system32\\dxdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\WinMX\\WinMX.exe"=
"C:\\Program Files\\Java\\j2re1.4.0_01\\bin\\javaw.exe"=
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ETDED.exe"=
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"F:\\LimeWire\\LimeWire.exe"=
"F:\\EA SPORTS\\MVP Baseball 2004\\mvp2004.exe"=
"F:\\EA SPORTS\\mvp2005.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"F:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"F:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"C:\\WINNT\\system32\\dlcccoms.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"F:\\programfiles\\kav\\kis\\setup.exe"=
"F:\\kav\\kis\\setup.exe"=
"C:\\kav\\kis\\setup.exe"=

R0 sojubus;sojubus;C:\WINNT\system32\DRIVERS\sojubus.sys [2003-10-05 11:41]
R0 sojuscsi;sojuscsi;C:\WINNT\system32\DRIVERS\sojuscsi.sys [2003-09-28 11:57]
R2 713xTVCard;SAA7130 TV Card;C:\WINNT\system32\DRIVERS\SAA713x.sys [2005-03-15 12:00]
R2 NMSSvc;Intel® NMS;C:\WINNT\System32\NMSSvc.exe [2002-05-03 11:36]
R2 PStrip;PStrip;C:\WINNT\system32\drivers\PStrip.sys [2001-07-23 16:31]
R2 RioPNP;RioPNP;C:\WINNT\system32\drivers\RioPNP.sys [2000-06-06 09:29]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINNT\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 NMSCFG;NIC Management Service Configuration Driver;C:\WINNT\system32\drivers\NMSCFG.SYS [2002-05-03 11:36]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINNT\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]
S1 LIKECDN2;LIKECDN2;C:\WINNT\system32\DRIVERS\LIKECDN2.sys []
S1 msgpcc;msgpcc;C:\WINNT\system32\drivers\msgpcc.sys []
S3 Cap7134;Philips PCI Capture;C:\WINNT\system32\DRIVERS\Cap7134.sys [2004-01-13 00:25]
S3 PCDRDRV;Pcdr Helper Driver;C:\Atf\Qctest\PCDoc\PCDRDRV.sys []
S3 PhTVTune;Philips TVTuner;C:\WINNT\system32\DRIVERS\PhTVTune.sys []

*Newly Created Service* - NMSCFG
*Newly Created Service* - NMSSVC
.
Contents of the 'Scheduled Tasks' folder
"2008-02-12 17:19:01 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2003-01-20 20:35:47 C:\WINNT\Tasks\ISP signup reminder 3.job"
- C:\WINNT\System32\OOBE\oobebaln.exe
"2008-03-29 21:40:00 C:\WINNT\Tasks\McAfee.com Update Check (S0029453895-Maria).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-03-29 21:36:00 C:\WINNT\Tasks\McAfee.com Update Check (S0029453895-Owner).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-03-29 19:57:00 C:\WINNT\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 14:35:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\OMSCAN]
"ImagePath"="\Sys"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINNT\system32\dlcccoms.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\PnkBstrA.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\ScsiAccess.EXE
C:\WINNT\wanmpsvc.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
.
**************************************************************************
.
Completion time: 2008-03-29 14:41:12 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-03-29 21:41:05
ComboFix2.txt 2008-03-29 16:20:15
Pre-Run: 11,792,986,112 bytes free
Post-Run: 11,754,364,928 bytes free
.
2008-03-12 19:21:23 --- E O F ---















HIJACK THIS>>>>>>>>>>>>>>>>>>





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:53:56 PM, on 3/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINNT\system32\dlcccoms.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\PnkBstrA.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\ScsiAccess.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\heytisdont\Getemgood.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\5q7jpcyr.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\5q7jpcyr.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PnIEBrowserHelperObj Class - {D2F719F3-106A-402B-9996-3A5B12ACA564} - C:\Program Files\GuardIE\PnIE.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Updated.Toolbar - {9F6A22E6-1682-4F82-9B72-6314794CB253} - C:\Program Files\Pop Blocker\Updated.dll (file missing)
O3 - Toolbar: @C:\Program Files\GuardIE\PnIE.dll,-100 - {37C8204D-97C3-4127-BB28-1BFF3FA2F7DA} - C:\Program Files\GuardIE\PnIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINNT\system32\msiexec.exe" /L*v C:\WINNT\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINNT\system32\msiexec.exe" /L*v C:\WINNT\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\Program Files\GuardIE\PnIE.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\GuardIE\PnIE.dll,-100 - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\Program Files\GuardIE\PnIE.dll
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-12.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/1579b67930ebac003003/...ip/RdxIE601.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - file://D:\video@home\setup.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: dlcc_device - - C:\WINNT\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

--
End of file - 9048 bytes

First:
Please turn off Spybot S&D's Tea Timer. Its interfering with some of our fixes. You can turn it back on when we are finished.

Spybot TeaTimer
1) Run Spybot-S&D
2) Go to the Mode menu and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.


Second:
1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

OK, Here's the new ones......



ComboFix 08-03-27.3 - Owner 2008-03-30 20:53:19.10 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.606 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\ANREW\f.exe
C:\WINNT\system32\btpnlrka.ini
C:\WINNT\system32\cmcspaef.ini
C:\WINNT\system32\dadrlocf.ini
C:\WINNT\system32\dobaeesj.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\ANREW\f.exe
C:\WINNT\system32\btpnlrka.ini
C:\WINNT\system32\cmcspaef.ini
C:\WINNT\system32\dadrlocf.ini
C:\WINNT\system32\dobaeesj.ini
F:\Program Files\heytisdont
F:\Program Files\heytisdont\Getemgood.exe.exe
F:\Program Files\heytisdont\hijackthis.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npf


((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))
.

2008-03-27 18:08 . 2008-03-27 18:08 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Individual Software
2008-03-27 18:06 . 2008-03-27 18:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Individual Software
2008-03-27 18:06 . 1996-10-23 23:00 803,680 --a------ C:\WINNT\system32\AXDist.exe
2008-03-27 18:06 . 1999-05-05 09:32 286,480 --a------ C:\WINNT\system32\Olemsg32.dll
2008-03-27 18:06 . 2000-04-27 17:07 262,144 --a------ C:\WINNT\system32\Msrd2x35.dll
2008-03-27 18:06 . 1997-07-22 01:11 238,080 --a------ C:\WINNT\system32\Tx4ole.ocx
2008-03-27 18:06 . 1998-04-01 09:58 234,332 --a------ C:\WINNT\system32\Vssp_ae.dct
2008-03-27 18:06 . 1997-01-24 00:00 78,608 --a------ C:\WINNT\system32\Vb5db.dll
2008-03-27 18:06 . 1998-05-31 00:00 72,704 --a------ C:\WINNT\system32\Odbctl32.dll
2008-03-27 18:06 . 1996-12-11 00:00 46,080 --a------ C:\WINNT\system32\MCIWNDX.OCX
2008-03-27 18:06 . 1997-11-17 18:31 27,648 --a------ C:\WINNT\system32\Hh.exe
2008-03-27 18:06 . 1998-02-26 00:58 15,360 --a------ C:\WINNT\system32\BankTemplate.dll
2008-03-18 20:45 . 2008-03-18 20:45 <DIR> d-------- C:\Program Files\Google
2008-03-16 22:38 . 2008-03-16 22:38 1,367,144 ---hs---- C:\WINNT\system32\qibccpog.ini
2008-03-13 21:01 . 2007-12-06 19:21 6,066,176 --------- C:\WINNT\system32\dllcache\ieframe.dll
2008-03-13 21:01 . 2007-06-30 20:31 2,455,488 --------- C:\WINNT\system32\dllcache\ieapfltr.dat
2008-03-13 21:01 . 2007-06-30 20:36 991,232 --------- C:\WINNT\system32\dllcache\ieframe.dll.mui
2008-03-13 21:01 . 2007-12-06 19:21 459,264 --------- C:\WINNT\system32\dllcache\msfeeds.dll
2008-03-13 21:01 . 2007-12-06 19:21 383,488 --------- C:\WINNT\system32\dllcache\ieapfltr.dll
2008-03-13 21:01 . 2007-12-06 19:21 267,776 --------- C:\WINNT\system32\dllcache\iertutil.dll
2008-03-13 21:01 . 2007-12-06 19:21 63,488 --------- C:\WINNT\system32\dllcache\icardie.dll
2008-03-13 21:01 . 2007-12-06 19:21 52,224 --------- C:\WINNT\system32\dllcache\msfeedsbs.dll
2008-03-13 21:01 . 2007-12-06 04:00 13,824 --------- C:\WINNT\system32\dllcache\ieudinit.exe
2008-03-13 16:52 . 2008-03-13 16:52 91,700 --a------ C:\WINNT\system32\drivers\klin.dat
2008-03-13 16:52 . 2008-03-13 16:52 85,860 --a------ C:\WINNT\system32\drivers\klick.dat
2008-03-13 16:48 . 2008-03-13 16:48 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-03-13 16:37 . 2008-03-30 21:00 8,578,336 --ahs---- C:\WINNT\system32\drivers\fidbox.dat
2008-03-13 16:37 . 2008-03-30 20:59 143,392 --ahs---- C:\WINNT\system32\drivers\fidbox2.dat
2008-03-13 16:37 . 2008-03-30 20:58 116,984 --ahs---- C:\WINNT\system32\drivers\fidbox.idx
2008-03-13 16:37 . 2008-03-30 20:58 15,488 --ahs---- C:\WINNT\system32\drivers\fidbox2.idx
2008-03-13 16:26 . 2008-03-13 16:26 <DIR> d-------- C:\kav
2008-03-13 16:17 . 2008-03-13 16:17 2,238 --a------ C:\WINNT\system32\GClogo_32x32.ico
2008-03-12 21:07 . 2008-03-12 21:07 9,662 --a------ C:\WINNT\system32\ZoneAlarmIconUS.ico
2008-03-12 12:21 . 2008-03-12 12:21 287 --a------ C:\WINNT\system32\MRT.INI
2008-03-12 12:17 . 2008-03-12 12:17 237 --a------ C:\440.bat
2008-03-09 17:29 . 2008-03-09 17:29 490,496 --a------ C:\Documents and Settings\Owner\installer.exe
2008-03-09 00:26 . 2003-01-13 16:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-03-09 00:26 . 2003-01-13 16:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-03-08 23:55 . 2008-03-30 21:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-08 23:53 . 2008-03-08 23:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-08 16:41 . 2008-03-17 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-08 01:35 . 2008-03-08 01:34 102,664 --a------ C:\WINNT\system32\drivers\tmcomm.sys
2008-03-07 21:45 . 2008-03-07 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-03-07 21:41 . 2008-03-07 21:44 24 ---hs---- C:\WINNT\SAAA8821A.tmp
2008-03-07 13:34 . 2008-03-07 13:34 40,960 --a------ C:\Documents and Settings\Owner\f.exe
2008-03-07 13:34 . 2008-03-08 16:40 134 --a------ C:\n.bat
2008-03-07 13:10 . 2008-03-07 13:10 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-03-07 13:07 . 2008-03-12 12:17 <DIR> d--hs---- C:\Documents and Settings\Owner\Complete
2008-03-07 13:06 . 2008-03-07 13:06 147,456 --a------ C:\WINNT\system32\vbzip10.dll
2008-03-07 12:13 . 2008-03-07 12:13 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-03-07 12:12 . 2008-03-07 12:13 <DIR> d-------- C:\WINNT\system32\drivers\UMDF
2008-03-07 06:24 . 2008-03-07 06:24 97,216 --a------ C:\WINNT\system32\drivers\AnyDVD.sys
2008-02-20 18:38 . 2008-02-20 18:39 <DIR> d-------- C:\Documents and Settings\Owner\CSET_CAT
2008-02-08 18:37 . 2008-02-08 18:37 219,664 --a------ C:\WINNT\system32\klogon.dll
2008-02-08 18:35 . 2008-02-08 18:35 23,604 --a------ C:\WINNT\system32\drivers\klopp.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-28 01:56 --------- d-----w C:\Program Files\DAP
2008-03-28 01:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-17 06:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-15 05:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-15 04:27 --------- d-----w C:\Program Files\dl_Cats
2008-03-10 00:04 10 ----a-w C:\Program Files\.autoreg
2008-03-08 23:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-08 19:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-18 02:22 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-01-29 01:55 --------- d-----w C:\Documents and Settings\ANREW\Application Data\Apple Computer
2008-01-29 00:42 22,328 ----a-w C:\WINNT\system32\drivers\PnkBstrK.sys
2007-12-11 02:54 65,664 -c--a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2003-06-19 12:39 1,581 -c--a-w C:\Program Files\INSTALL.LOG
2003-02-03 23:53 251,088 -c--a-w C:\Program Files\NSSetup.exe
.

------- Sigcheck -------

2002-08-29 06:00 12800 0f7d9c87b0ce1fa520473119752c6f79 C:\WINNT\$NtServicePackUninstall$\svchost.exe
2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINNT\ServicePackFiles\i386\svchost.exe
2004-08-04 00:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINNT\system32\svchost.exe

2005-03-02 11:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINNT\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 08:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINNT\$hf_mig$\KB925902\SP2QFE\user32.dll
2003-09-25 09:49 560128 32173306185f603e75c477e117f3bb8d C:\WINNT\$NtServicePackUninstall$\user32.dll
2002-11-01 15:26 528896 68e1f4ef02df52ca9c5e157045d23582 C:\WINNT\$NtUninstallKB824141$\user32.dll
2004-08-04 00:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINNT\$NtUninstallKB890859$\user32.dll
2005-03-02 11:09 577024 de2db164bbb35db061af0997e4499054 C:\WINNT\$NtUninstallKB925902$\user32.dll
2002-08-29 06:00 560128 dd9269230c21ee8fb7fd3fccc3b1cfcb C:\WINNT\$NtUninstallQ328310$\user32.dll
2004-08-04 00:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINNT\ServicePackFiles\i386\user32.dll
2007-03-08 08:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINNT\system32\user32.dll
2007-03-08 08:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINNT\system32\dllcache\user32.dll

2002-08-29 06:00 75264 8529c295df59b564d37a73b5629162b1 C:\WINNT\$NtServicePackUninstall$\ws2_32.dll
2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINNT\ServicePackFiles\i386\ws2_32.dll
2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINNT\system32\ws2_32.dll
2004-08-04 00:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINNT\system32\dllcache\ws2_32.dll

2004-09-29 11:27 656896 2c07195588d69a067c2afdaa31759295 C:\WINNT\$hf_mig$\KB834707\SP2QFE\wininet.dll
2005-01-27 10:08 657920 a8eac5330876548e9966a7d13025d196 C:\WINNT\$hf_mig$\KB867282\SP2QFE\wininet.dll
2005-05-02 13:57 658944 e1e18136f9dd3df1ad9c82193a5898a6 C:\WINNT\$hf_mig$\KB883939\SP2QFE\wininet.dll
2005-03-10 00:43 657920 c8663b488996e89a84c3d17c1d12b79e C:\WINNT\$hf_mig$\KB890923\SP2QFE\wininet.dll
2005-09-02 16:53 660480 97a6fd7cafd688cf2c78939ebaf0cd0c C:\WINNT\$hf_mig$\KB896688\SP2QFE\wininet.dll
2005-07-02 19:09 659456 6e533d155b259eb2363d3e04b5be309f C:\WINNT\$hf_mig$\KB896727\SP2QFE\wininet.dll
2005-10-20 20:38 661504 af785c4947676a7fc1673fdc5c8d0b5b C:\WINNT\$hf_mig$\KB905915\SP2QFE\wininet.dll
2007-10-10 16:47 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINNT\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-06 19:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINNT\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2004-02-06 18:05 588288 4f64d1df989e3aa2fad91a2f1167b9c7 C:\WINNT\$NtServicePackUninstall$\wininet.dll
2004-08-04 00:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINNT\$NtUninstallKB834707$\wininet.dll
2004-09-29 11:47 656896 cba65b573c66fe23f647ff96e3a10994 C:\WINNT\$NtUninstallKB867282$\wininet.dll
2005-03-10 01:02 656896 6f018d6319be4f96426ea829b79e05d5 C:\WINNT\$NtUninstallKB883939$\wininet.dll
2005-01-27 10:13 656896 b5e043e440b210014e021b24cf0a72e3 C:\WINNT\$NtUninstallKB890923$\wininet.dll
2005-07-02 19:11 658432 5b5ff992c0fa762ccf8655fc290e6e52 C:\WINNT\$NtUninstallKB896688$\wininet.dll
2005-05-02 13:52 657920 1a078af3f85d10ba56444c23b3a18e74 C:\WINNT\$NtUninstallKB896727$\wininet.dll
2005-09-02 16:52 658432 af61ebb1f550175eff406d545d6ab086 C:\WINNT\$NtUninstallKB905915$\wininet.dll
2005-10-20 20:39 658432 e7b27b6b6e06ce34ea019fd8b858c613 C:\WINNT\$NtUninstallKB912812$\wininet.dll
2006-03-03 20:58 663552 c0845ecbf4f9164e618ee381b79c9032 C:\WINNT\$NtUninstallKB916281$\wininet.dll
2006-05-09 22:25 663552 d94cffdb53e7ac867438e2dfd50e7cbc C:\WINNT\$NtUninstallKB918899$\wininet.dll
2006-06-23 04:25 664576 64ce26db72810b30f7855ea51e1df836 C:\WINNT\$NtUninstallKB922760$\wininet.dll
2006-09-14 01:31 664576 d207370287cf769aebebf03837784963 C:\WINNT\$NtUninstallKB925454$\wininet.dll
2006-10-23 08:34 664576 231ef4179acabe486376b5ca893f1076 C:\WINNT\$NtUninstallKB928090$\wininet.dll
2007-01-04 07:05 665088 3ffa1573fc274e5aa7467d03941c45ee C:\WINNT\$NtUninstallKB931768$\wininet.dll
2007-02-20 02:52 665600 b258c922d22deec880b60720531d7627 C:\WINNT\$NtUninstallKB933566$\wininet.dll
2007-04-18 05:46 665600 4261ba03afd659de04f0a17dfbdd454d C:\WINNT\$NtUninstallKB937143$\wininet.dll
2007-06-26 07:35 665600 e1a3dd68b5380b360a7310a64d9bb188 C:\WINNT\$NtUninstallKB939653$\wininet.dll
2007-08-22 05:55 665600 a1bc17eb3758d73c3938b2318820f5b4 C:\WINNT\$NtUninstallKB942615$\wininet.dll
2007-10-10 22:57 666112 80d660a49e0d118144423099b2a9f5da C:\WINNT\$NtUninstallKB944533$\wininet.dll
2007-12-06 17:44 666112 085a7c37f9c6ede1ba870b7dbec06399 C:\WINNT\ie7\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINNT\ie7updates\KB942615-IE7\wininet.dll
2007-10-10 16:56 824832 30c1e0f34ad2972c72a01db5c74ab065 C:\WINNT\ie7updates\KB944533-IE7\wininet.dll
2004-08-04 00:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINNT\ServicePackFiles\i386\wininet.dll
2007-10-10 16:56 824832 30c1e0f34ad2972c72a01db5c74ab065 C:\WINNT\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\wininet.dll
2007-10-10 16:47 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINNT\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\wininet.dll
2007-12-06 19:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINNT\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2GDR\wininet.dll
2007-12-06 19:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINNT\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2QFE\wininet.dll
2007-12-06 19:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINNT\system32\wininet.dll
2007-12-06 19:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINNT\system32\dllcache\wininet.dll

2005-05-25 12:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINNT\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 10:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINNT\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 05:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINNT\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINNT\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2002-08-29 06:00 332928 244a2f9816bc9b593957281ef577d976 C:\WINNT\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINNT\$NtUninstallKB893066$\tcpip.sys
2005-05-25 12:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINNT\$NtUninstallKB913446$\tcpip.sys
2006-01-12 19:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINNT\$NtUninstallKB917953$\tcpip.sys
2006-04-20 04:51 359808 1dbf125862891817f374f407626967f4 C:\WINNT\$NtUninstallKB941644$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINNT\ServicePackFiles\i386\tcpip.sys
2007-10-30 10:20 360064 90caff4b094573449a0872a0f919b178 C:\WINNT\system32\dllcache\tcpip.sys
2007-10-30 10:20 360064 90caff4b094573449a0872a0f919b178 C:\WINNT\system32\drivers\tcpip.sys

2002-08-29 06:00 516608 2246d8d8f4714a2cedb21ab9b1849abb C:\WINNT\$NtServicePackUninstall$\winlogon.exe
2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINNT\ServicePackFiles\i386\winlogon.exe
2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINNT\system32\winlogon.exe
2004-08-04 00:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINNT\system32\dllcache\winlogon.exe

2002-08-29 06:00 167552 3b350e5a2a5e951453f3993275a4523a C:\WINNT\$NtServicePackUninstall$\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINNT\ServicePackFiles\i386\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINNT\system32\dllcache\ndis.sys
2004-08-03 23:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINNT\system32\drivers\ndis.sys

2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINNT\ServicePackFiles\i386\ip6fw.sys
2004-08-03 23:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINNT\system32\drivers\ip6fw.sys

2005-03-01 17:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINNT\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 02:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINNT\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2003-04-24 08:57 1949440 46ae6f2d416c39ffdcfc8bcb01203ea3 C:\WINNT\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-03 22:58 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINNT\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-01 17:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINNT\$NtUninstallKB931784$\ntkrnlpa.exe
2002-08-29 06:00 1947904 0e8efb15746878a9b256e75267337233 C:\WINNT\$NtUninstallQ811493$\ntkrnlpa.exe
2007-02-28 01:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINNT\Driver Cache\i386\ntkrnlpa.exe
2004-08-03 22:58 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINNT\ServicePackFiles\i386\ntkrnlpa.exe
2007-02-28 01:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINNT\system32\ntkrnlpa.exe
2007-02-28 01:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINNT\system32\dllcache\ntkrnlpa.exe

2005-03-01 18:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINNT\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 02:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINNT\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2003-04-24 08:57 1925760 97ec4ab4650da6fc521cf16f8a6ddcb0 C:\WINNT\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-03 23:19 2180992 ce218bc7088681faa06633e218596ca7 C:\WINNT\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-01 17:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINNT\$NtUninstallKB931784$\ntoskrnl.exe
2002-08-29 06:00 2042240 b9080d97dbd631aadf9128f7316958d2 C:\WINNT\$NtUninstallQ811493$\ntoskrnl.exe
2007-02-28 02:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINNT\Driver Cache\i386\ntoskrnl.exe
2004-08-03 23:19 2180992 ce218bc7088681faa06633e218596ca7 C:\WINNT\ServicePackFiles\i386\ntoskrnl.exe
2007-02-28 02:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINNT\system32\ntoskrnl.exe
2007-02-28 02:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINNT\system32\dllcache\ntoskrnl.exe

2007-06-13 03:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINNT\explorer.exe
2007-06-13 04:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINNT\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-08-29 06:00 1004032 a82b28bfc2e4455fe43022a498c0ef0a C:\WINNT\$NtServicePackUninstall$\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 C:\WINNT\$NtUninstallKB938828$\explorer.exe
2004-08-04 00:56 1032192 a0732187050030ae399b241436565e64 C:\WINNT\ServicePackFiles\i386\explorer.exe
2007-06-13 03:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINNT\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-29_ 9.17.32.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-29 05:58:17 16,384 -c--a-w C:\WINNT\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-31 03:23:45 16,384 -c--a-w C:\WINNT\system32\config\systemprofile\Cookies\index.dat
- 2008-03-29 05:58:17 32,768 -c--a-w C:\WINNT\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-31 03:23:45 32,768 -c--a-w C:\WINNT\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-03-29 05:58:17 32,768 -c--a-w C:\WINNT\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-31 03:23:45 32,768 --sha-w C:\WINNT\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-31 03:59:19 16,384 ----atw C:\WINNT\Temp\Perflib_Perfdata_1dc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [2004-07-12 16:50 4112384]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec Network Driver Update Warning"="C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE" [ ]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-07-13 17:19 95352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="C:\WINNT\system32\msiexec.exe" [2005-03-21 15:00 78848]
"RunNarrator"="Narrator.exe" [2004-08-04 00:56 53760 C:\WINNT\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-06-20 16:37:02 113664]
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2006-10-29 20:26:48 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Beyond TV.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Beyond TV.lnk
backup=C:\WINNT\pss\Beyond TV.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINNT\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINNT\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINNT\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a--c--- 2004-09-01 09:26 66672 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-03-07 06:26 1694656 F:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-10-28 16:25 94208 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGStream]
C:\Program Files\DIGStream\digstream.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
--a--c--- 2005-11-15 13:12 473928 C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 04:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a--c--- 2005-01-18 11:50 11776 C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 C:\WINNT\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2004-07-12 16:50 843776 C:\WINNT\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
--a------ 2006-03-28 12:14 90112 C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS]
--a------ 2006-03-30 13:34 65536 C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche]
C:\TV Capture Card\RecSche.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 2004-12-11 08:12 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Video@Home Scheduling Wizard]
C:\Program Files\Ulead Systems\Ulead Video@Home 2.0\monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVRCtrl]
C:\WINNT\WDVRCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\WINNT\\system32\\dxdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\WinMX\\WinMX.exe"=
"C:\\Program Files\\Java\\j2re1.4.0_01\\bin\\javaw.exe"=
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ETDED.exe"=
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"F:\\LimeWire\\LimeWire.exe"=
"F:\\EA SPORTS\\MVP Baseball 2004\\mvp2004.exe"=
"F:\\EA SPORTS\\mvp2005.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"F:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"F:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"C:\\WINNT\\system32\\dlcccoms.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"F:\\programfiles\\kav\\kis\\setup.exe"=
"F:\\kav\\kis\\setup.exe"=
"C:\\kav\\kis\\setup.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"=

R0 sojubus;sojubus;C:\WINNT\system32\DRIVERS\sojubus.sys [2003-10-05 11:41]
R0 sojuscsi;sojuscsi;C:\WINNT\system32\DRIVERS\sojuscsi.sys [2003-09-28 11:57]
R2 713xTVCard;SAA7130 TV Card;C:\WINNT\system32\DRIVERS\SAA713x.sys [2005-03-15 12:00]
R2 NMSSvc;Intel® NMS;C:\WINNT\System32\NMSSvc.exe [2002-05-03 11:36]
R2 PStrip;PStrip;C:\WINNT\system32\drivers\PStrip.sys [2001-07-23 16:31]
R2 RioPNP;RioPNP;C:\WINNT\system32\drivers\RioPNP.sys [2000-06-06 09:29]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINNT\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 NMSCFG;NIC Management Service Configuration Driver;C:\WINNT\system32\drivers\NMSCFG.SYS [2002-05-03 11:36]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINNT\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]
S1 LIKECDN2;LIKECDN2;C:\WINNT\system32\DRIVERS\LIKECDN2.sys []
S1 msgpcc;msgpcc;C:\WINNT\system32\drivers\msgpcc.sys []
S3 Cap7134;Philips PCI Capture;C:\WINNT\system32\DRIVERS\Cap7134.sys [2004-01-13 00:25]
S3 PCDRDRV;Pcdr Helper Driver;C:\Atf\Qctest\PCDoc\PCDRDRV.sys []
S3 PhTVTune;Philips TVTuner;C:\WINNT\system32\DRIVERS\PhTVTune.sys []

*Newly Created Service* - NMSCFG
*Newly Created Service* - NMSSVC
.
Contents of the 'Scheduled Tasks' folder
"2008-02-12 17:19:01 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2003-01-20 20:35:47 C:\WINNT\Tasks\ISP signup reminder 3.job"
- C:\WINNT\System32\OOBE\oobebaln.exe
"2008-03-31 04:05:00 C:\WINNT\Tasks\McAfee.com Update Check (S0029453895-Maria).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-03-31 04:06:00 C:\WINNT\Tasks\McAfee.com Update Check (S0029453895-Owner).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.ex
- C:\PROGRA~1\McAfee.com\Agent
"2008-03-31 03:57:00 C:\WINNT\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 21:00:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\OMSCAN]
"ImagePath"="\Sys"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINNT\system32\dlcccoms.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINNT\system32\nvsvc32.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINNT\system32\PnkBstrA.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\ScsiAccess.EXE
C:\WINNT\wanmpsvc.exe
C:\WINNT\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-03-30 21:08:14 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-03-31 04:08:08
ComboFix2.txt 2008-03-29 21:41:17
ComboFix3.txt 2008-03-29 16:20:15
Pre-Run: 11,643,936,768 bytes free
Post-Run: 11,626,127,360 bytes free
.
2008-03-12 19:21:23 --- E O F ---






























Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:47 PM, on 3/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINNT\system32\dlcccoms.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\nvsvc32.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINNT\system32\PnkBstrA.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\ScsiAccess.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\5q7jpcyr.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\5q7jpcyr.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PnIEBrowserHelperObj Class - {D2F719F3-106A-402B-9996-3A5B12ACA564} - C:\Program Files\GuardIE\PnIE.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Updated.Toolbar - {9F6A22E6-1682-4F82-9B72-6314794CB253} - C:\Program Files\Pop Blocker\Updated.dll (file missing)
O3 - Toolbar: @C:\Program Files\GuardIE\PnIE.dll,-100 - {37C8204D-97C3-4127-BB28-1BFF3FA2F7DA} - C:\Program Files\GuardIE\PnIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINNT\system32\msiexec.exe" /L*v C:\WINNT\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINNT\system32\msiexec.exe" /L*v C:\WINNT\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\Program Files\GuardIE\PnIE.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\GuardIE\PnIE.dll,-100 - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\Program Files\GuardIE\PnIE.dll
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-12.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/1579b67930ebac003003/...ip/RdxIE601.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - file://D:\video@home\setup.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: dlcc_device - - C:\WINNT\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

--
End of file - 8962 bytes

We are almost there!

Run HiJackThis and press the Scan' button

When the scan is finished:
Check the following items in HijackThis.
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/1579b67930ebac003003/...ip/RdxIE601.cab

Close all windows except HijackThis and click Fix checked.

Reboot in normal mode

Run HiJackThis again and post a new log in this thread.

OK, got my fingers crossed, hope this one looks ok....









Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:45 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINNT\system32\dlcccoms.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\nvsvc32.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINNT\system32\PnkBstrA.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\ScsiAccess.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\5q7jpcyr.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\OWNER\Application Data\Mozilla\Profiles\default\5q7jpcyr.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PnIEBrowserHelperObj Class - {D2F719F3-106A-402B-9996-3A5B12ACA564} - C:\Program Files\GuardIE\PnIE.dll
O3 - Toolbar: Updated.Toolbar - {9F6A22E6-1682-4F82-9B72-6314794CB253} - C:\Program Files\Pop Blocker\Updated.dll (file missing)
O3 - Toolbar: @C:\Program Files\GuardIE\PnIE.dll,-100 - {37C8204D-97C3-4127-BB28-1BFF3FA2F7DA} - C:\Program Files\GuardIE\PnIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINNT\system32\msiexec.exe" /L*v C:\WINNT\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINNT\system32\msiexec.exe" /L*v C:\WINNT\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\Program Files\GuardIE\PnIE.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\GuardIE\PnIE.dll,-100 - {BDD75188-2FC0-4099-909F-AA8D432BE037} - C:\Program Files\GuardIE\PnIE.dll
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-12.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - file://D:\video@home\setup.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: dlcc_device - - C:\WINNT\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

--
End of file - 8587 bytes

Nice and clean. We'refinished unless there are outstanding issues not reflected in your recent logs.

Wow, thank you. My computer is pretty much back to normal. It's better than i thought it could ever be without reformatting and reinstalling. You have my eternal gratitude. I really appreciate all your help.


Please keep up the excellent work,


Talk to you later,


Yeri.