[tiera]

Everytime I start my comp this pops up:
Could not load the target dll ("C:\Program Files\BackWeb\BackWeb Client\6.1.0.170\Program\Backweb.dll",error code 126)

I don't know why it's popping up and if it's harming anything, but it's getting annoying and it seems to make my comp slower to load.
Here is my HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:09:18 AM, on 11/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\USB Storage RW\shwicon.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Paint Shop Pro.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ShowIcon_KYE Electronics Corp._USB Storage R/W v1.14e057] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE Electronics Corp.\USB Storage R/W v1.14e057"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Policies\Explorer\Run: [jtovu.exe] C:\WINDOWS\system\jtovu.exe
O4 - HKCU\..\Policies\Explorer\Run: [intfat32] C:\WINDOWS\System32\intfat32.exe
O4 - HKCU\..\Policies\Explorer\Run: [vqcgdwmwr.exe] C:\WINDOWS\system\vqcgdwmwr.exe
O4 - HKCU\..\Policies\Explorer\Run: [fxssrv] C:\WINDOWS\System32\fxssrv.exe
O4 - HKCU\..\Policies\Explorer\Run: [hnccdq.exe] C:\WINDOWS\system\hnccdq.exe
O4 - HKCU\..\Policies\Explorer\Run: [d3ddmd] C:\WINDOWS\System32\d3ddmd.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-21-2822633028-2782116066-2207802854-500\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User '?')
O4 - HKUS\S-1-5-21-2822633028-2782116066-2207802854-500\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent (User '?')
O4 - HKUS\S-1-5-21-2822633028-2782116066-2207802854-500\..\Policies\Explorer\Run: [jtovu.exe] C:\WINDOWS\system\jtovu.exe (User '?')
O4 - HKUS\S-1-5-21-2822633028-2782116066-2207802854-500\..\Policies\Explorer\Run: [d3ddmd] C:\WINDOWS\System32\d3ddmd.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-21-2822633028-2782116066-2207802854-500 Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe (User '?')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1186001047625
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia.com/install/pcs_0006.exe
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yaho...bio5_1_4_0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\rLsmontr.dll (file missing)
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\rLsmontr.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: hdafead - Unknown owner - C:\WINDOWS\system32\hdafead.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: Microsoft DHCP Routing Client (services) - Unknown owner - C:\RECYCLER\S-1-5-21-458573308-1249257218-1260325492-1443\system32\MSSvc.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - Unknown owner - C:\WINDOWS\wanmpsvc.exe (file missing)
O24 - Desktop Component 0: (no name) - http://www.pageproducer.com/users/jfan/av19.gif
O24 - Desktop Component 1: (no name) - http://friendpages.com/pages/k12stud...rl/photo20.jpg
O24 - Desktop Component 10: (no name) - http://mi.bpcdn.us/graphics22/Dancer-10.gif
O24 - Desktop Component 11: (no name) - http://mi.bpcdn.us/graphics22/Dancer-11.gif
O24 - Desktop Component 12: (no name) - http://mi.bpcdn.us/Blacklatin77/headshotbrick.jpg
O24 - Desktop Component 13: (no name) - http://groups.msn.com/_Secure/0YgDLAsIcHqw9lX*R88uVDMATSpnAZG8B*qOCPrvwbCBlXQCcwaO3mIF3YMKpPtW1jCCdH2IGBd dQ6Ke4Hm2a3ZLfya0pt0iKsvw02dceu7XaL1PziHMj0Dt1hls80K!3mndnZXks2NgvanhrPcPx! g/Anybody%20feelin'%20freaky.gif?dc=4675432102092549345
O24 - Desktop Component 14: (no name) - http://us.f1.yahoofs.com/groups/g_91...mlVX_AapOFh5es
O24 - Desktop Component 15: (no name) - http://groups.msn.com/isapi/fetch.dl...umEPQA9ADAAKQA
O24 - Desktop Component 16: (no name) - http://home.wanadoo.nl/m.longfur/balopmekop.gif
O24 - Desktop Component 17: (no name) - http://groups.msn.com/_Secure/0UADOA...30161427006715
O24 - Desktop Component 18: (no name) - http://www.angelfire.com/crazy2/lilb...ilver11_1_.gif
O24 - Desktop Component 19: (no name) - http://friendpages.com/pages/music/a...s2/photo40.jpg
O24 - Desktop Component 2: (no name) - http://pnavy.com/ultimatefansite/alb...grug.thumb.gif
O24 - Desktop Component 20: (no name) - http://members.aol.com/mzdeeeliteful...s/razbbump.gif
O24 - Desktop Component 21: (no name) - http://members.aol.com/mzdeeeliteful...marionbump.gif
O24 - Desktop Component 22: (no name) - http://members.aol.com/mzdeeeliteful...upgotstabe.gif
O24 - Desktop Component 23: (no name) - http://groups.msn.com/_Secure/0RQDPA...38782741005191
O24 - Desktop Component 24: (no name) - http://members.aol.com/b2kpleasure/images/jboogbump.gif
O24 - Desktop Component 25: (no name) - http://members.aol.com/b2kpleasure/i...oggotstabe.gif
O24 - Desktop Component 26: (no name) - http://www.pageproducer.com/users/tst/jboog_ag.gif
O24 - Desktop Component 27: (no name) - http://www.geocities.com/jewelsdollies/beach3rd.gif
O24 - Desktop Component 28: (no name) - http://friendpages.com/pages/music/m3lan13kd/photo8.jpg
O24 - Desktop Component 3: (no name) - http://pnavy.com/ultimatefansite/alb...02/boogbed.gif
O24 - Desktop Component 4: (no name) - http://www.pageproducer.com/users/ic...portj-boog.gif
O24 - Desktop Component 5: (no name) - http://www.pageproducer.com/users/unlimitedb2k/ani4.gif
O24 - Desktop Component 6: (no name) - http://www.pageproducer.com/users/lo...e/cuteanim.gif
O24 - Desktop Component 7: (no name) - http://www.pageproducer.com/users/tst/fizz-cbs.gif
O24 - Desktop Component 8: (no name) - http://www.tugstreetteam.com/images/buttons/banner1.gif
O24 - Desktop Component 9: (no name) - http://www.angelfire.com/music4/boot...rlemshaker.gif

--
End of file - 13288 bytes


Please help

[Cheeseball81]

You're infected............

Download the Trial version of Superantispyware Pro (SAS):
http://www.superantispyware.com/supe....html?rid=3132


Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new Hijack This log.

[tiera]

Thanks for your help!! Sorry I took so long to get back here, but I'm doing it now!

[Cheeseball81]

[tiera]

Oh my! I just came back to my comp and I see that the scan was still going after 10 hours! I had to stop it so someone can use the comp. and I will start it tomorrow morn before I go to help my sis at her job so it will be able to go the full amount of time it needs to.
Sorry 4 my horrible delay.

[Cheeseball81]

That's quite alright.

[tiera]

Here ya go!

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/14/2007 at 08:09 PM

Application Version : 3.9.1008

Core Rules Database Version : 3343
Trace Rules Database Version: 1344

Scan type : Complete Scan
Total Scan Time : 11:04:07

Memory items scanned : 331
Memory threats detected : 0
Registry items scanned : 5792
Registry threats detected : 160
File items scanned : 264864
File threats detected : 167

Adware.MyWay
HKLM\Software\Classes\CLSID\{04079851-5845-4dea-848C-3ECD647AA554}
HKCR\CLSID\{04079851-5845-4DEA-848C-3ECD647AA554}
HKCR\CLSID\{04079851-5845-4DEA-848C-3ECD647AA554}
HKCR\CLSID\{04079851-5845-4DEA-848C-3ECD647AA554}\InprocServer32
HKCR\CLSID\{04079851-5845-4DEA-848C-3ECD647AA554}\InprocServer32#ThreadingModel
HKCR\CLSID\{04079851-5845-4DEA-848C-3ECD647AA554}\Programmable
C:\PROGRAM FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL
HKLM\Software\Classes\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}\TypeLib
C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
HKLM\Software\Classes\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\TypeLib
HKCR\MyWayToolBar.NetscapeShutdown
HKCR\MyWayToolBar.NetscapeShutdown\CLSID
HKCR\MyWayToolBar.NetscapeShutdown\CurVer
HKCR\MyWayToolBar.NetscapeShutdown.1
HKCR\MyWayToolBar.NetscapeShutdown.1\CLSID
HKCR\MyWayToolBar.NetscapeStartup
HKCR\MyWayToolBar.NetscapeStartup\CLSID
HKCR\MyWayToolBar.NetscapeStartup\CurVer
HKCR\MyWayToolBar.NetscapeStartup.1
HKCR\MyWayToolBar.NetscapeStartup.1\CLSID
HKCR\MyWayToolBar.SettingsPlugin
HKCR\MyWayToolBar.SettingsPlugin\CLSID
HKCR\MyWayToolBar.SettingsPlugin\CurVer
HKCR\MyWayToolBar.SettingsPlugin.1
HKCR\MyWayToolBar.SettingsPlugin.1\CLSID
HKCR\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10}\InProcServer32
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Control
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Version
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Control
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Version
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\ProgID
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\ProgID
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Control
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\ProgID
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Version
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\0
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\0\win32
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\FLAGS
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\HELPDIR
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#UrlInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssista nt
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssista nt#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssista nt#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssista nt#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssista nt#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssista nt#UrlInfoAbout
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0122878.DLL

Adware.SafeSurfing Variant
HKLM\Software\Classes\CLSID\{197B8CA4-E215-46DD-8F33-E0544A80E5C4}
HKCR\CLSID\{197B8CA4-E215-46DD-8F33-E0544A80E5C4}
HKCR\CLSID\{197B8CA4-E215-46DD-8F33-E0544A80E5C4}
HKCR\CLSID\{197B8CA4-E215-46DD-8F33-E0544A80E5C4}\InprocServer32
HKCR\CLSID\{197B8CA4-E215-46DD-8F33-E0544A80E5C4}\InprocServer32#ThreadingModel
HKCR\CLSID\{197B8CA4-E215-46DD-8F33-E0544A80E5C4}\ProgID
HKCR\CLSID\{197B8CA4-E215-46DD-8F33-E0544A80E5C4}\Programmable
HKCR\CLSID\{197B8CA4-E215-46DD-8F33-E0544A80E5C4}\TypeLib
HKCR\CLSID\{197B8CA4-E215-46DD-8F33-E0544A80E5C4}\VersionIndependentProgID
C:\WINDOWS\SYSTEM32\VBRUNDLL.DLL

Adware.MyGlobalSearchBar
HKLM\Software\Classes\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}\InprocServer32
HKCR\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}\InprocServer32#ThreadingModel
HKCR\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}\Programmable
HKCR\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}\TypeLib
C:\PROGRAM FILES\MYGLOBALSEARCH\BAR\1.BIN\MGSBAR.DLL
HKLM\Software\Classes\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\InprocServer32
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\InprocServer32#ThreadingModel
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\Programmable
HKCR\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\TypeLib

Trojan.Search Variant
HKLM\Software\Classes\CLSID\{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F}
HKCR\CLSID\{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F}
HKCR\CLSID\{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F}
HKCR\CLSID\{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F}\Implemented Categories
HKCR\CLSID\{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F}\InprocServer32
HKCR\CLSID\{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F}\InprocServer32#ThreadingModel
HKCR\CLSID\{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F}\ProgID
HKCR\CLSID\{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F}\Programmable
HKCR\CLSID\{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F}\TypeLib
HKCR\CLSID\{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F}\VersionIndependentProgID
C:\PROGRAM FILES\MAXIFILES\MAXIFILES.DLL

Trojan.ca Module
HKLM\Software\Classes\CLSID\{B5F3970B-745E-46AC-B890-E08F69777D80}
HKCR\CLSID\{B5F3970B-745E-46AC-B890-E08F69777D80}
HKCR\CLSID\{B5F3970B-745E-46AC-B890-E08F69777D80}
HKCR\CLSID\{B5F3970B-745E-46AC-B890-E08F69777D80}\InprocServer32
HKCR\CLSID\{B5F3970B-745E-46AC-B890-E08F69777D80}\InprocServer32#ThreadingModel
HKCR\CLSID\{B5F3970B-745E-46AC-B890-E08F69777D80}\ProgID
HKCR\CLSID\{B5F3970B-745E-46AC-B890-E08F69777D80}\Programmable
HKCR\CLSID\{B5F3970B-745E-46AC-B890-E08F69777D80}\TypeLib
HKCR\CLSID\{B5F3970B-745E-46AC-B890-E08F69777D80}\VersionIndependentProgID
C:\WINDOWS\SYSTEM32\CA2.DLL

Adware.Yuupsearch
HKLM\Software\Classes\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}
HKCR\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}
HKCR\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}
HKCR\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\InprocServer32
HKCR\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\InprocServer32#ThreadingModel
HKCR\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\ProgID
HKCR\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\Programmable
HKCR\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\TypeLib
HKCR\CLSID\{BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408}\VersionIndependentProgID
C:\PROGRA~1\MAXIFI~1\MAXIFI~1.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cbs.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.adbrite[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.labpixies[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@partner2profit[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@windowsmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media.adrevolver[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@112.2o7[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@2o7[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@adbrite[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@adopt.euroclick[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@adopt.specificclick[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@adrevolver[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@adrevolver[3].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ads.labpixies[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ads.pointroll[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ads.revsci[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ads.sfomedia[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ads.supload[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@adserver.cams[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@adserver[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@advertising[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@anad.tacoda[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@anat.tacoda[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@as-us.falkag[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@atwola[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@best-pornotube-videos.blogspot[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@bluestreak[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@bs.serving-sys[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@burstnet[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@buzznet.112.2o7[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@casalemedia[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@clicksor[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@counter.hitslink[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@devart.adbureau[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@e-2dj6wfmiqodpmbp.stats.esomniture[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@e-2dj6wfmiuhd5iho.stats.esomniture[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@e-2dj6wgmyumd5clq.stats.esomniture[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@e-2dj6wjloencjwgp.stats.esomniture[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@e-2dj6wjnygmdjcbp.stats.esomniture[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@e2itg.pbteen[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@edge.ru4[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ehg-allergybuyersclub.hitbox[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ehg-hollywood.hitbox[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ehg-newyorkpost.hitbox[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ehg-vmixmediainc.hitbox[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@fastclick[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@h.starware[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@hitbox[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@image.masterstats[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@kanoodle[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@media.adrevolver[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@mediaonenetwork[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@mediaplex[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@mediaservers.vtc[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@metacafe.122.2o7[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@overture[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@pbteen[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@pornotubebabes[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@pornotube[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@questionmarket[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@realmedia[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@redorbit[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@revsci[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@rotator.adjuggler[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@sales.liveperson[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@server.iad.liveperson[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@serving-sys[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@sixapart.adbureau[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@statcounter[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@statcounter[3].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@statse.webtrendslive[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@stats[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@tacoda[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@trafficmp[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@tribalfusion[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@try.starware[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@usatoday1.112.2o7[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@view.atdmt[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@vmix.adbureau[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@www.49media[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@www.burstbeacon[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@www.burstnet[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@www.midtenmedia[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@www.smartadserver[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@xiti[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@yieldmanager[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@zedo[2].txt

Spyware.WebSearch (WinTools/Huntbar)
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#DeviceDesc

Adware.IST/ISTBar (Slotch Bar)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest

HSRB Module BHO
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\HIJACKTHIS\BACKUPS\BACKUP-20050714-165730-152.DLL
C:\WINDOWS\SYSTEM32\HSRB.DLL

Adware.DelFin Project/PromulGate
C:\PROGRAM FILES\PEDEVICE\PEDEV.DLL

Trojan.SERVICES
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0122717.EXE

Unclassified.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0122816.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124358.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124376.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124378.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124398.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124405.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124410.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124411.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124418.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124422.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124430.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124431.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124432.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124433.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124434.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124435.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124436.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124437.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124438.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124439.EXE

Adware.WeirdOnTheWeb
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0122818.EXE

Adware.eXact Advertising
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0122875.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124402.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124403.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124406.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124407.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124420.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124421.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124423.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124424.VXD
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124425.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124427.DLL

Adware.Media Pass
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0122895.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0122897.EXE

Adware.EliteBar
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124355.DLL

SIDEBDD.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124368.EXE

Unclassified.Novopops
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124377.DLL

Adware.Spyware Labs
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124379.EXE

Adware.DealHelper
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124396.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124419.EXE

Unclassified.MSW
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124397.EXE

Adware.CasinoClient
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124409.EXE

Adware.Direct Revenue
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124415.EXE

Adware.IE Plugin Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124416.DLL

Browser Hijacker.Begin2Search
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124426.DLL

Adware.ABetterInternet/Emissary
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22259DD-0682-4FF2-8563-2793E2342647}\RP187\A0124429.EXE

Adware.CouponAge
C:\WINDOWS\SYSTEM32\CACORE.DLL
C:\WINDOWS\SYSTEM32\CARULES.DLL

Adware.MSMC
C:\WINDOWS\SYSTEM32\MSDIOO.EXE

[tiera]

And here.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:25 AM, on 11/15/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\USB Storage RW\shwicon.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ShowIcon_KYE Electronics Corp._USB Storage R/W v1.14e057] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE Electronics Corp.\USB Storage R/W v1.14e057"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Policies\Explorer\Run: [jtovu.exe] C:\WINDOWS\system\jtovu.exe
O4 - HKCU\..\Policies\Explorer\Run: [intfat32] C:\WINDOWS\System32\intfat32.exe
O4 - HKCU\..\Policies\Explorer\Run: [vqcgdwmwr.exe] C:\WINDOWS\system\vqcgdwmwr.exe
O4 - HKCU\..\Policies\Explorer\Run: [fxssrv] C:\WINDOWS\System32\fxssrv.exe
O4 - HKCU\..\Policies\Explorer\Run: [hnccdq.exe] C:\WINDOWS\system\hnccdq.exe
O4 - HKCU\..\Policies\Explorer\Run: [d3ddmd] C:\WINDOWS\System32\d3ddmd.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-21-2822633028-2782116066-2207802854-500\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User '?')
O4 - HKUS\S-1-5-21-2822633028-2782116066-2207802854-500\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent (User '?')
O4 - HKUS\S-1-5-21-2822633028-2782116066-2207802854-500\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-21-2822633028-2782116066-2207802854-500\..\Policies\Explorer\Run: [jtovu.exe] C:\WINDOWS\system\jtovu.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-21-2822633028-2782116066-2207802854-500 Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe (User '?')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1186001047625
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia.com/install/pcs_0006.exe
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yaho...bio5_1_4_0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\rLsmontr.dll (file missing)
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\rLsmontr.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: hdafead - Unknown owner - C:\WINDOWS\system32\hdafead.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: Microsoft DHCP Routing Client (services) - Unknown owner - C:\RECYCLER\S-1-5-21-458573308-1249257218-1260325492-1443\system32\MSSvc.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - Unknown owner - C:\WINDOWS\wanmpsvc.exe (file missing)
O24 - Desktop Component 0: (no name) - http://www.pageproducer.com/users/jfan/av19.gif
O24 - Desktop Component 1: (no name) - http://friendpages.com/pages/k12stud...rl/photo20.jpg
O24 - Desktop Component 10: (no name) - http://mi.bpcdn.us/graphics22/Dancer-10.gif
O24 - Desktop Component 11: (no name) - http://mi.bpcdn.us/graphics22/Dancer-11.gif
O24 - Desktop Component 12: (no name) - http://mi.bpcdn.us/Blacklatin77/headshotbrick.jpg
O24 - Desktop Component 13: (no name) - http://groups.msn.com/_Secure/0YgDLAsIcHqw9lX*R88uVDMATSpnAZG8B*qOCPrvwbCBlXQCcwaO3mIF3YMKpPtW1jCCdH2IGBd dQ6Ke4Hm2a3ZLfya0pt0iKsvw02dceu7XaL1PziHMj0Dt1hls80K!3mndnZXks2NgvanhrPcPx! g/Anybody%20feelin'%20freaky.gif?dc=4675432102092549345
O24 - Desktop Component 14: (no name) - http://us.f1.yahoofs.com/groups/g_91...mlVX_AapOFh5es
O24 - Desktop Component 15: (no name) - http://groups.msn.com/isapi/fetch.dl...umEPQA9ADAAKQA
O24 - Desktop Component 16: (no name) - http://home.wanadoo.nl/m.longfur/balopmekop.gif
O24 - Desktop Component 17: (no name) - http://groups.msn.com/_Secure/0UADOA...30161427006715
O24 - Desktop Component 18: (no name) - http://www.angelfire.com/crazy2/lilb...ilver11_1_.gif
O24 - Desktop Component 19: (no name) - http://friendpages.com/pages/music/a...s2/photo40.jpg
O24 - Desktop Component 2: (no name) - http://pnavy.com/ultimatefansite/alb...grug.thumb.gif
O24 - Desktop Component 20: (no name) - http://members.aol.com/mzdeeeliteful...s/razbbump.gif
O24 - Desktop Component 21: (no name) - http://members.aol.com/mzdeeeliteful...marionbump.gif
O24 - Desktop Component 22: (no name) - http://members.aol.com/mzdeeeliteful...upgotstabe.gif
O24 - Desktop Component 23: (no name) - http://groups.msn.com/_Secure/0RQDPA...38782741005191
O24 - Desktop Component 24: (no name) - http://members.aol.com/b2kpleasure/images/jboogbump.gif
O24 - Desktop Component 25: (no name) - http://members.aol.com/b2kpleasure/i...oggotstabe.gif
O24 - Desktop Component 26: (no name) - http://www.pageproducer.com/users/tst/jboog_ag.gif
O24 - Desktop Component 27: (no name) - http://www.geocities.com/jewelsdollies/beach3rd.gif
O24 - Desktop Component 28: (no name) - http://friendpages.com/pages/music/m3lan13kd/photo8.jpg
O24 - Desktop Component 3: (no name) - http://pnavy.com/ultimatefansite/alb...02/boogbed.gif
O24 - Desktop Component 4: (no name) - http://www.pageproducer.com/users/ic...portj-boog.gif
O24 - Desktop Component 5: (no name) - http://www.pageproducer.com/users/unlimitedb2k/ani4.gif
O24 - Desktop Component 6: (no name) - http://www.pageproducer.com/users/lo...e/cuteanim.gif
O24 - Desktop Component 7: (no name) - http://www.pageproducer.com/users/tst/fizz-cbs.gif
O24 - Desktop Component 8: (no name) - http://www.tugstreetteam.com/images/buttons/banner1.gif
O24 - Desktop Component 9: (no name) - http://www.angelfire.com/music4/boot...rlemshaker.gif

--
End of file - 13511 bytes

[Cheeseball81]

Download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• ...

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

[tiera]

Here's the Combat log

ComboFix 07-11-08.1 - Administrator 2007-11-15 20:09:26.1 - NTFSx86

Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\FunWebProducts
C:\Documents and Settings\Administrator\Application Data\FunWebProducts\Data\Administrator\avatar.dat
C:\Documents and Settings\Administrator\Application Data\FunWebProducts\Data\Administrator\register.dat
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\8WMXL6EZ\www.broadcaster.com
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\8WMXL6EZ\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\8WMXL6EZ\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\Common Files\uninstall information
C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\pedevice
C:\Program Files\pedevice\communication.xml
C:\Program Files\pedevice\Domain.Watchlist.txt
C:\Program Files\pedevice\Downloader.exe
C:\Program Files\pedevice\pae-options.xml
C:\Program Files\pedevice\PeDev.exe
C:\Program Files\pedevice\pedevPS.dll
C:\Program Files\pedevice\Preparation.dll
C:\Program Files\pedevice\search.watchlist.txt
C:\WINDOWS\mscore.dll
C:\WINDOWS\system32\guard.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_IPRIP
-------\LEGACY_SERVICES
-------\iprip
-------\services


((((((((((((((((((((((((( Files Created from 2007-10-16 to 2007-11-16 )))))))))))))))))))))))))))))))
.

2007-11-15 19:59 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-13 20:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Netscape
2007-11-13 10:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-13 10:42 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-13 10:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-11-13 10:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-10 06:06 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-03 13:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Move Networks
2007-10-29 15:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2007-10-29 15:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2007-10-29 14:55 88 -r-hs---- C:\WINDOWS\system32\3FDE45360F.sys
2007-10-28 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2007-10-28 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-16 01:59 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-11-12 16:16 --------- d-----w C:\Program Files\mIRC
2007-11-10 14:33 --------- d-----w C:\Program Files\iLumina2
2007-10-29 21:35 --------- d-----w C:\Program Files\Corel
2007-10-29 20:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Corel
2007-10-29 20:20 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Netscape
2007-10-29 19:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2007-10-02 13:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-09-29 05:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Azureus
2007-09-27 19:14 --------- d-----w C:\Program Files\QuickTime
2007-09-27 19:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-27 19:09 --------- d-----w C:\Program Files\Apple Software Update
2007-09-27 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-09-25 21:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-25 21:49 --------- d-----w C:\Program Files\Electronic Arts
2007-09-21 15:06 --------- d-----w C:\Program Files\Coupons
2007-09-20 14:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\XnView
2007-07-01 23:30:54 56 --sh--r C:\WINDOWS\system32\0F3645DE3F.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowIcon_KYE Electronics Corp._USB Storage R/W v1.14e057"="C:\Program Files\USB Storage RW\shwicon.exe" [2002-07-03 21:33]
"POINTER"="point32.exe" []
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-02-10 21:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 17:14]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 16:19]
"nwiz"="nwiz.exe" [2003-07-28 16:19 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-24 10:59]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 05:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 05:03]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-23 12:09]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-07-28 16:19]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 21:49]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-09-14 18:06]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp center.lnk - C:\Program Files\hp center\137903\Program\BackWeb-137903.exe [2002-09-16 21:57:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explo rer]
@=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er]
"SpecifyDefaultButtons"=0 (0x0)
"Btn_Search"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Paint.exe]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Paint.exe
backup=C:\WINDOWS\pss\Paint.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVSCQgaSrv.exe]
C:\WINDOWS\LVSCQgaSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mp4sdmod]
C:\WINDOWS\System32\mp4sdmod.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
c:\PROGRA~1\NORTON~1\navapw32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u



[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\94e4697f-d456-4e5c-9385-f88be9d6cdee]
C:\WINDOWS\System32\bxrqcmc.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-09-27 19:10:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2004-11-13 02:23:45 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- c:\PROGRA~1\NORTON~1\NAVW32.exe
"2005-02-04 22:38:16 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-15 22:31:05
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-15 22:39:07 - machine was rebooted
.
--- E O F ---

[tiera]

Here's Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:28 PM, on 11/15/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\USB Storage RW\shwicon.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ShowIcon_KYE Electronics Corp._USB Storage R/W v1.14e057] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE Electronics Corp.\USB Storage R/W v1.14e057"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Policies\Explorer\Run: [jtovu.exe] C:\WINDOWS\system\jtovu.exe
O4 - HKCU\..\Policies\Explorer\Run: [intfat32] C:\WINDOWS\System32\intfat32.exe
O4 - HKCU\..\Policies\Explorer\Run: [vqcgdwmwr.exe] C:\WINDOWS\system\vqcgdwmwr.exe
O4 - HKCU\..\Policies\Explorer\Run: [fxssrv] C:\WINDOWS\System32\fxssrv.exe
O4 - HKCU\..\Policies\Explorer\Run: [hnccdq.exe] C:\WINDOWS\system\hnccdq.exe
O4 - HKCU\..\Policies\Explorer\Run: [d3ddmd] C:\WINDOWS\System32\d3ddmd.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-21-2822633028-2782116066-2207802854-500\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User '?')
O4 - HKUS\S-1-5-21-2822633028-2782116066-2207802854-500\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent (User '?')
O4 - HKUS\S-1-5-21-2822633028-2782116066-2207802854-500\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-21-2822633028-2782116066-2207802854-500\..\Policies\Explorer\Run: [jtovu.exe] C:\WINDOWS\system\jtovu.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-21-2822633028-2782116066-2207802854-500 Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe (User '?')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113fd.bay113.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1186001047625
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia.com/install/pcs_0006.exe
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yaho...bio5_1_4_0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: hdafead - Unknown owner - C:\WINDOWS\system32\hdafead.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - Unknown owner - C:\WINDOWS\wanmpsvc.exe (file missing)
O24 - Desktop Component 0: (no name) - http://www.pageproducer.com/users/jfan/av19.gif
O24 - Desktop Component 1: (no name) - http://friendpages.com/pages/k12stud...rl/photo20.jpg
O24 - Desktop Component 10: (no name) - http://mi.bpcdn.us/graphics22/Dancer-10.gif
O24 - Desktop Component 11: (no name) - http://mi.bpcdn.us/graphics22/Dancer-11.gif
O24 - Desktop Component 12: (no name) - http://mi.bpcdn.us/Blacklatin77/headshotbrick.jpg
O24 - Desktop Component 13: (no name) - http://groups.msn.com/_Secure/0YgDLAsIcHqw9lX*R88uVDMATSpnAZG8B*qOCPrvwbCBlXQCcwaO3mIF3YMKpPtW1jCCdH2IGBd dQ6Ke4Hm2a3ZLfya0pt0iKsvw02dceu7XaL1PziHMj0Dt1hls80K!3mndnZXks2NgvanhrPcPx! g/Anybody%20feelin'%20freaky.gif?dc=4675432102092549345
O24 - Desktop Component 14: (no name) - http://us.f1.yahoofs.com/groups/g_91...mlVX_AapOFh5es
O24 - Desktop Component 15: (no name) - http://groups.msn.com/isapi/fetch.dl...umEPQA9ADAAKQA
O24 - Desktop Component 16: (no name) - http://home.wanadoo.nl/m.longfur/balopmekop.gif
O24 - Desktop Component 17: (no name) - http://groups.msn.com/_Secure/0UADOA...30161427006715
O24 - Desktop Component 18: (no name) - http://www.angelfire.com/crazy2/lilb...ilver11_1_.gif
O24 - Desktop Component 19: (no name) - http://friendpages.com/pages/music/a...s2/photo40.jpg
O24 - Desktop Component 2: (no name) - http://pnavy.com/ultimatefansite/alb...grug.thumb.gif
O24 - Desktop Component 20: (no name) - http://members.aol.com/mzdeeeliteful...s/razbbump.gif
O24 - Desktop Component 21: (no name) - http://members.aol.com/mzdeeeliteful...marionbump.gif
O24 - Desktop Component 22: (no name) - http://members.aol.com/mzdeeeliteful...upgotstabe.gif
O24 - Desktop Component 23: (no name) - http://groups.msn.com/_Secure/0RQDPA...38782741005191
O24 - Desktop Component 24: (no name) - http://members.aol.com/b2kpleasure/images/jboogbump.gif
O24 - Desktop Component 25: (no name) - http://members.aol.com/b2kpleasure/i...oggotstabe.gif
O24 - Desktop Component 26: (no name) - http://www.pageproducer.com/users/tst/jboog_ag.gif
O24 - Desktop Component 27: (no name) - http://www.geocities.com/jewelsdollies/beach3rd.gif
O24 - Desktop Component 28: (no name) - http://friendpages.com/pages/music/m3lan13kd/photo8.jpg
O24 - Desktop Component 3: (no name) - http://pnavy.com/ultimatefansite/alb...02/boogbed.gif
O24 - Desktop Component 4: (no name) - http://www.pageproducer.com/users/ic...portj-boog.gif
O24 - Desktop Component 5: (no name) - http://www.pageproducer.com/users/unlimitedb2k/ani4.gif
O24 - Desktop Component 6: (no name) - http://www.pageproducer.com/users/lo...e/cuteanim.gif
O24 - Desktop Component 7: (no name) - http://www.pageproducer.com/users/tst/fizz-cbs.gif
O24 - Desktop Component 8: (no name) - http://www.tugstreetteam.com/images/buttons/banner1.gif
O24 - Desktop Component 9: (no name) - http://www.angelfire.com/music4/boot...rlemshaker.gif

--
End of file - 12813 bytes

[Cheeseball81]

1. Please download The Avenger by Swandog46 to your Desktop.

• Click on Avenger.zip to open the file
• Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Quote:

Files to delete:
C:\WINDOWS\system\jtovu.exe
C:\WINDOWS\System32\intfat32.exe
C:\WINDOWS\system\vqcgdwmwr.exe
C:\WINDOWS\System32\fxssrv.exe
C:\WINDOWS\system\hnccdq.exe
C:\WINDOWS\System32\d3ddmd.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Script file to execute" choose "Input Script Manually".
• Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
• Paste the text copied to clipboard into this window by pressing (Ctrl+V).
• Click Done
• Now click on the Green Light to begin execution of the script
• Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
• On reboot, it will briefly open a black command window on your desktop, this is normal.
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.

Rescan with Hijack This, close all browser windows except Hijack This, put a checkmark beside these entries and click fix checked.

O4 - HKCU\..\Policies\Explorer\Run: [jtovu.exe] C:\WINDOWS\system\jtovu.exe

O4 - HKCU\..\Policies\Explorer\Run: [intfat32] C:\WINDOWS\System32\intfat32.exe

O4 - HKCU\..\Policies\Explorer\Run: [vqcgdwmwr.exe] C:\WINDOWS\system\vqcgdwmwr.exe

O4 - HKCU\..\Policies\Explorer\Run: [fxssrv] C:\WINDOWS\System32\fxssrv.exe

O4 - HKCU\..\Policies\Explorer\Run: [hnccdq.exe] C:\WINDOWS\system\hnccdq.exe

O4 - HKCU\..\Policies\Explorer\Run: [d3ddmd] C:\WINDOWS\System32\d3ddmd.exe

O4 - HKUS\S-1-5-21-2822633028-2782116066-2207802854-500\..\Policies\Explorer\Run: [jtovu.exe] C:\WINDOWS\system\jtovu.exe (User '?')

O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia.com/install/pcs_0006.exe

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

Reboot and post another Hijack This log please.

[tiera]

On this part:
# Now click on the Green Light to begin execution of the script
# Answer "Yes" twice when prompted.

When I click yes the first time this comes up:
Error: Selected file does not seem to be a valid script.
I click ok then after that it says:
Press OK to log error and continue or Cancel to abort.
I abort then it says:
Error code: 1813

[Cheeseball81]

Make sure you are including the words "Files to delete"

[tiera]

c:\avenger.txt

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qobjpaje

*******************

Script file located at: \??\C:\vohcflvj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system\jtovu.exe not found!
Deletion of file C:\WINDOWS\system\jtovu.exe failed!

Could not process line:
C:\WINDOWS\system\jtovu.exe
Status: 0xc0000034



File C:\WINDOWS\System32\intfat32.exe not found!
Deletion of file C:\WINDOWS\System32\intfat32.exe failed!

Could not process line:
C:\WINDOWS\System32\intfat32.exe
Status: 0xc0000034



File C:\WINDOWS\system\vqcgdwmwr.exe not found!
Deletion of file C:\WINDOWS\system\vqcgdwmwr.exe failed!

Could not process line:
C:\WINDOWS\system\vqcgdwmwr.exe
Status: 0xc0000034



File C:\WINDOWS\System32\fxssrv.exe not found!
Deletion of file C:\WINDOWS\System32\fxssrv.exe failed!

Could not process line:
C:\WINDOWS\System32\fxssrv.exe
Status: 0xc0000034



File C:\WINDOWS\system\hnccdq.exe not found!
Deletion of file C:\WINDOWS\system\hnccdq.exe failed!

Could not process line:
C:\WINDOWS\system\hnccdq.exe
Status: 0xc0000034



File C:\WINDOWS\System32\d3ddmd.exe not found!
Deletion of file C:\WINDOWS\System32\d3ddmd.exe failed!

Could not process line:
C:\WINDOWS\System32\d3ddmd.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.