Thanks for helping, i noticed your reply right after you posted it and installed and ran combofix right away. i really appreciate it!
here are the logs:
ComboFix 09-11-08.03 - Lyndsae ^_^ 11/08/2009 16:13.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.276 [GMT -6:00]
Running from: c:\documents and settings\Lyndsae ^_^\My Documents\Downloads\ComboFix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\3295423899.dat
c:\windows\system32\Data
c:\windows\system32\dikekuro.dll
c:\windows\system32\drivers\6579da52.sys
c:\windows\system32\kuzeduhu.dll
c:\windows\system32\tidahahi.dll
c:\windows\system32\zabinose.dll
c:\windows\Tasks\wooxadmx.job
Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NEW_DRV
-------\Service_6579da52
((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 )))))))))))))))))))))))))))))))
.
2009-11-08 20:36 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-08 20:35 . 2009-11-08 20:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-08 20:35 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-08 19:59 . 2009-11-08 20:00 -------- d-----w- c:\program files\Unlocker
2009-11-08 18:49 . 2009-11-08 18:49 -------- d-----w- c:\program files\ERUNT
2009-11-08 16:46 . 2009-11-08 16:46 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-06 00:57 . 2009-11-06 00:57 -------- d-----w- c:\program files\CodeStuff
2009-11-05 19:44 . 2009-11-05 19:44 -------- d-----w- c:\program files\ESET
2009-11-05 19:34 . 2009-11-05 19:34 152576 ----a-w- c:\documents and settings\Lyndsae ^_^\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-05 19:33 . 2009-11-05 19:33 -------- d-----w- c:\documents and settings\Lyndsae ^_^\Application Data\Malwarebytes
2009-11-05 19:32 . 2009-11-05 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-02 18:03 . 2009-11-02 18:03 -------- d-----w- c:\program files\Trend Micro
2009-10-27 17:42 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-27 17:14 . 2009-11-08 18:38 -------- d-----w- c:\windows\A589DA2651BD475D8C32E19E34145842.TMP
2009-10-26 22:57 . 2009-10-26 22:57 -------- d-----w- c:\program files\MSECache
2009-10-26 05:02 . 2009-10-27 17:35 -------- d-----w- c:\program files\Solveig Multimedia
2009-10-26 05:02 . 2009-10-27 17:35 -------- d-----w- c:\program files\Common Files\Solveig Multimedia
2009-10-26 03:53 . 2009-10-26 03:53 -------- d-----w- c:\documents and settings\Lyndsae ^_^\Application Data\Smart SWF Converter
2009-10-26 03:32 . 2009-10-27 17:15 -------- d-----w- c:\documents and settings\Lyndsae ^_^\Application Data\authorPOINT
2009-10-26 03:00 . 2009-10-26 03:00 -------- d-----w- c:\program files\MikSoftware
2009-10-26 00:46 . 2009-10-26 00:46 -------- d-----w- c:\documents and settings\Lyndsae ^_^\Application Data\VisiPPT
2009-10-26 00:42 . 2009-10-26 01:02 -------- d-----w- c:\documents and settings\Lyndsae ^_^\Application Data\GeoVid
2009-10-26 00:41 . 2009-10-26 00:41 -------- d-----w- c:\program files\Common Files\GeoVid
2009-10-26 00:41 . 2005-06-07 20:11 60416 ----a-w- c:\windows\system32\dsetup.dll
2009-10-25 05:59 . 2009-10-25 05:59 -------- d-----w- c:\documents and settings\Lyndsae ^_^\Application Data\iSpring Solutions
2009-10-25 03:42 . 2009-10-25 03:42 -------- d-sh--w- c:\documents and settings\Lyndsae ^_^\PrivacIE
2009-10-25 02:35 . 2009-10-25 02:35 -------- d-----w- c:\documents and settings\Lyndsae ^_^\Application Data\Moyea
2009-10-25 02:21 . 2008-12-18 06:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-25 02:21 . 2008-06-15 15:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-10-25 02:21 . 2008-06-15 15:01 258352 ----a-w- c:\windows\system32\unicows.dll
2009-10-25 02:21 . 2009-10-25 02:21 -------- d-----w- c:\program files\Cucusoft
2009-10-25 01:54 . 2009-08-19 10:18 107864 ----a-w- c:\windows\system32\tsccvid.dll
2009-10-25 01:54 . 2009-10-25 01:54 -------- d-----w- c:\windows\system32\QuickTime
2009-10-25 01:53 . 2009-10-25 01:53 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2009-10-25 01:52 . 2009-10-25 01:52 -------- d-----w- c:\program files\TechSmith
2009-10-24 23:00 . 2000-08-23 22:00 33280 ----a-w- c:\windows\system32\huffyuv.dll
2009-10-24 22:59 . 2009-10-27 17:34 -------- d-----w- c:\program files\Presentersoft PowerVideoMaker
2009-10-24 15:06 . 2008-02-25 19:05 892928 ----a-w- c:\windows\system32\iconv.dll
2009-10-24 15:06 . 2009-10-27 17:36 -------- d-----w- c:\program files\Wondershare
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 19:42 . 2008-05-12 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-05 19:36 . 2005-01-04 06:29 -------- d-----w- c:\program files\Java
2009-10-29 21:35 . 2008-05-12 19:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-27 17:32 . 2005-01-04 06:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-27 17:15 . 2009-10-25 05:49 66 ----a-w- c:\documents and settings\Lyndsae ^_^\Application Data\isfree4_0.tmp
2009-10-25 02:21 . 2009-05-18 02:32 -------- d-----w- c:\documents and settings\Lyndsae ^_^\Application Data\GetRightToGo
2009-10-25 01:55 . 2005-01-23 14:24 81760 -c--a-w- c:\documents and settings\Lyndsae ^_^\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-24 16:33 . 2007-09-26 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-11 10:17 . 2009-07-06 15:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-13 20:40 . 2009-08-29 14:15 43008 ----a-w- c:\documents and settings\Lyndsae ^_^\Application Data\Mozilla\Firefox\Profiles\k5et27jp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-08-13 20:39 . 2009-08-29 14:15 340480 -c--a-w- c:\documents and settings\Lyndsae ^_^\Application Data\Mozilla\Firefox\Profiles\k5et27jp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-08-13 20:39 . 2009-08-29 14:15 346112 ----a-w- c:\documents and settings\Lyndsae ^_^\Application Data\Mozilla\Firefox\Profiles\k5et27jp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2006-08-22 10:20 . 2006-08-22 10:20 774144 -c--a-w- c:\program files\RngInterstitial.dll
2006-03-27 10:38 . 2005-06-17 00:16 104 --sh--r- c:\windows\SYSTEM32\F3EC9B26E0.sys
2006-03-27 10:38 . 2006-03-14 23:30 3766 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-01-04 26112]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\explorer.exe" [2009-11-08 1312080]
"P17Helper"="P17.dll" - c:\windows\SYSTEM32\P17.dll [2004-06-10 60928]
c:\documents and settings\Lyndsae ^_^\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-12-18 1312096]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-17 113664]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDef end]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\SYSTEM32\\spoolsv.exe"=
"c:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe"=
R2 dockloginservice;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [12/18/2008 12:05 PM 155648]
S2 CryptSvcCryptSvc;Cryptographic Services CryptSvcCryptSvc;c:\windows\system32\acluis.exe srv --> c:\windows\system32\acluis.exe srv [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
2009-07-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?sourceid=navclient&ie=UTF-8&hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 3.81\AMVConverter\grab.html
IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 3.81\MediaManager\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: pearsoned.com\www
Trusted Zone: photobucket.com\www
Handler: rlfile - {F541A92B-CDC2-4B7C-BEF1-C7443070F3D8} - c:\windows\Downloaded Program Files\RocketEngine.dll
DPF: Photobucket Publisher - hxxp://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB
FF - ProfilePath - c:\documents and settings\Lyndsae ^_^\Application Data\Mozilla\Firefox\Profiles\k5et27jp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Causes Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - plugin: c:\documents and settings\Lyndsae ^_^\Application Data\Mozilla\Firefox\Profiles\k5et27jp.default\extensions\moveplayer@movene tworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-WordPerfect Office 1215 - c:\program files\WordPerfect Office 12\Programs\Registration.exe
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
SharedTaskScheduler-{a7786afa-d86b-424c-a42e-249109c44a23} - c:\windows\system32\sayobure.dll
SharedTaskScheduler-{fef64dc9-51ba-4791-9af7-891397930391} - c:\windows\system32\puvibimo.dll
SharedTaskScheduler-{f6f8ba01-b339-4d65-a9bb-c6452a07b44a} - c:\windows\system32\yilefaju.dll
SharedTaskScheduler-{3b6aaa79-cf85-4f4a-b8aa-aacd83fa60c5} - c:\windows\system32\komiwozu.dll
SharedTaskScheduler-{c09c54ac-a937-4eb6-af68-3b1a05ff7af6} - c:\windows\system32\kalerazo.dll
SSODL-wiyewanud-{a7786afa-d86b-424c-a42e-249109c44a23} - c:\windows\system32\sayobure.dll
SSODL-kezawovor-{fef64dc9-51ba-4791-9af7-891397930391} - c:\windows\system32\puvibimo.dll
SSODL-vadihonok-{f6f8ba01-b339-4d65-a9bb-c6452a07b44a} - c:\windows\system32\yilefaju.dll
SSODL-bejatanor-{3b6aaa79-cf85-4f4a-b8aa-aacd83fa60c5} - c:\windows\system32\komiwozu.dll
SSODL-pohibozov-{c09c54ac-a937-4eb6-af68-3b1a05ff7af6} - c:\windows\system32\kalerazo.dll
AddRemove-hijackthis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-11-08 16:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1952)
c:\windows\system32\msls31.dll
c:\windows\system32\ImgUtil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Rundll32.exe
.
**************************************************************************
.
Completion time: 2009-11-08 16:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-08 22:37
Pre-Run: 61,105,815,552 bytes free
Post-Run: 60,981,850,112 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 3BAEAB363F804D2ED27B2FFC1C9911E6
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:20 PM, on 11/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\myhjt.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\explorer.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.81\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 3.81\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [international] International
O11 - Options group: [java_sun] Java (Sun)
O15 - Trusted Zone:
http://www.pearsoned.com
O15 - Trusted Zone:
http://www.photobucket.com
O16 - DPF: Photobucket Publisher -
http://pic.photobucket.com/plugins/c..._publisher.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) -
http://asp.mathxl.com/wizmodules/tes...enXInstall.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -
http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A615BCC-676D-41AA-AB4E-C1860690FFB4} (CFXEngine Object) -
http://www.rocketlifeproduction.com/...RocketLife.cab
O16 - DPF: {7530bfb8-7293-4d34-9923-61a11451afc5} (OnlineScanner Control) -
http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) -
http://picture.vzw.com/activex/Veriz...oadControl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) -
http://asp.mathxl.com/books/_Players...stallAsst2.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) -
https://media.pineconeresearch.com/A...oadcontrol.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -
https://a248.e.akamai.net/f/248/5462...l/SymDlBrg.cab
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) -
http://myitlab.pearsoned.com/Pegasus...es/ax/stub.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) -
https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} -
http://3dlifeplayer.dl.3dvia.com/pla.../installer.exe
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) -
http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) -
http://cvs.pnimedia.com/upload/activ...v2.0.0.10.cab?
O18 - Protocol: rlfile - {F541A92B-CDC2-4B7C-BEF1-C7443070F3D8} - C:\WINDOWS\Downloaded Program Files\RocketEngine.dll
O19 - User stylesheet: (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Cryptographic Services CryptSvcCryptSvc (CryptSvcCryptSvc) - Unknown owner - C:\WINDOWS\system32\acluis.exe (file missing)
O23 - Service: Dock Login Service (dockloginservice) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
--
End of file - 10578 bytes
Welcome to Tech Support Guy! Read our Welcome Guide or take a minute to watch the video below!
Malware Removal & HijackThis Logs 
Search 
