Solved hijackthis log

[Resolved] hijackthis log

I dont know if it is a vista problem(vista home premium) or what it is. I think it may be a virus but am unsure. I ran spybot s&d and found 161 problems. I then fixed them all. the computer is now running faster but i still have a problem. I use norton antivirus for my computer protection but i see now they miss a lot. I have wireless internet from a cable company. it works fine but the connection title has changed on my notification bar at the bottom right hand side of my screen. It has always been my name "schuyler" as the connection but now it shows LilWayne(schuyler) as the connection title. I dont know if someone has hacked into my computer or what it could be. If I disconnect from the internet and reconnect it comes up just fine. It is just a problem when i boot my computer after it has been turned off. If anyone has any advice it would be greatly appreciated.

here is the hijackthis log


Logfile of HijackThis v1.99.1
Scan saved at 3:36:32 PM, on 6/18/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [xMain] C:\Windows\System32\xlaunch.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - ?p=ZUzed004MQUS_ZZzer000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

Hi cjschuyler,

Please read this topic, install the latest version of Hijackthis, run a scan and save the log (you can close it for now). Then, download and run Deckard's System Scanner and post the main.txt log here.

 

thanks for your help. i was in another forum and was told to do the hijackthis download and post it here. it was a different version than the one you linked me to. here is the new log from the new version. it is the notepad copy.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:23:20 AM, on 6/19/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [xMain] C:\Windows\System32\xlaunch.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - ?p=ZUzed004MQUS_ZZzer000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13551 bytes


i hope this is what you need. thanks again for assisting me.

 

Hi! Did you miss this part of my instructions above?

 

Yep, I did. Will have it soon

 

Sorry for the wait. Thanks for the help here is the DSS Main.txt then the Extra.txt

Deckard's System Scanner v20071014.68
Run by Clyde F. Schuyler Jr on 2008-06-19 17:59:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
8: 2008-06-19 14:29:29 UTC - RP307 - Scheduled Checkpoint
7: 2008-06-18 14:29:52 UTC - RP306 - Scheduled Checkpoint
6: 2008-06-17 14:15:02 UTC - RP305 - Windows Update
5: 2008-06-17 10:54:23 UTC - RP304 - Scheduled Checkpoint
4: 2008-06-16 10:25:19 UTC - RP303 - Scheduled Checkpoint


-- First Restore Point --
1: 2008-06-14 13:55:53 UTC - RP300 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Clyde F. Schuyler Jr.exe) --------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:03:28 PM, on 6/19/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\Clyde F. Schuyler Jr\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Clyde F. Schuyler Jr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [xMain] C:\Windows\System32\xlaunch.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - ?p=ZUzed004MQUS_ZZzer000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13497 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>
R2 MyWebSearchService (My Web Search Service) - c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe <Not Verified; MyWebSearch.com; My Web Search Bar>

S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-16 21:12:16 576 --a------ C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Clyde F. Schuyler Jr.job


-- Files created between 2008-05-19 and 2008-06-19 -----------------------------

2008-06-19 05:23:10 0 d-------- C:\Program Files\Trend Micro
2008-06-18 14:23:09 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-11 07:43:00 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-06-10 18:23:29 107370 --a------ C:\Windows\hpqins13.dat
2008-06-01 07:59:17 0 d-------- C:\Windows\system32\custom matrices
2008-06-01 07:59:08 0 d-------- C:\Windows\system32\QuickTime
2008-06-01 07:59:08 0 d-------- C:\Windows\system32\C2MP
2008-05-30 19:22:48 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 815104 --a------ C:\Windows\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 683520 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-27 12:48:21 0 d-------- C:\Program Files\dopewars
2008-05-24 05:55:00 711168 --a------ C:\Windows\system32\xvidcore.dll
2008-05-24 05:55:00 204800 --a------ C:\Windows\system32\TomsMoComp_ff.dll
2008-05-24 05:55:00 60273 --a------ C:\Windows\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-05-24 05:55:00 455680 --a------ C:\Windows\system32\libmplayer.dll
2008-05-24 05:55:00 114688 --a------ C:\Windows\system32\libmpeg2_ff.dll
2008-05-24 05:55:00 3614208 --a------ C:\Windows\system32\libavcodec.dll
2008-05-24 05:55:00 692224 --a------ C:\Windows\system32\ff_x264.dll
2008-05-24 05:55:00 23552 --a------ C:\Windows\system32\ff_wmv9.dll
2008-05-24 05:55:00 7680 --a------ C:\Windows\system32\ff_vfw.dll
2008-05-24 05:55:00 38400 --a------ C:\Windows\system32\ff_unrar.dll
2008-05-24 05:55:00 115200 --a------ C:\Windows\system32\ff_tremor.dll
2008-05-24 05:55:00 143360 --a------ C:\Windows\system32\ff_theora.dll
2008-05-24 05:55:00 113152 --a------ C:\Windows\system32\ff_samplerate.dll
2008-05-24 05:55:00 114688 --a------ C:\Windows\system32\ff_realaac.dll
2008-05-24 05:55:00 99840 --a------ C:\Windows\system32\ff_libmad.dll
2008-05-24 05:55:00 211968 --a------ C:\Windows\system32\ff_libfaad2.dll
2008-05-24 05:55:00 147456 --a------ C:\Windows\system32\ff_libdts.dll
2008-05-24 05:55:00 40448 --a------ C:\Windows\system32\ff_liba52.dll
2008-05-24 05:55:00 204800 --a------ C:\Windows\system32\ff_kernelDeint.dll
2008-05-24 05:55:00 741376 --a------ C:\Windows\system32\audxlib.dll
2008-05-22 18:22:18 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:18:54 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Find3M Report ---------------------------------------------------------------

2008-06-19 17:49:36 81006 --a------ C:\Users\Clyde F. Schuyler Jr\AppData\Roaming\nvModes.dat
2008-06-19 17:49:35 81006 --a------ C:\Users\Clyde F. Schuyler Jr\AppData\Roaming\nvModes.001
2008-06-18 14:52:05 12 --a------ C:\Windows\bthservsdp.dat
2008-06-18 14:50:46 0 d-------- C:\Program Files\MyWebSearch
2008-06-18 08:20:13 16546 --a------ C:\Users\Clyde F. Schuyler Jr\AppData\Roaming\UserTile.png
2008-06-12 23:03:13 0 d-------- C:\Users\Clyde F. Schuyler Jr\AppData\Roaming\dvdcss
2008-06-12 12:33:02 0 d-------- C:\Users\Clyde F. Schuyler Jr\AppData\Roaming\DivX
2008-06-11 07:43:20 0 d-------- C:\Program Files\DivX
2008-06-11 07:43:00 0 d-------- C:\Program Files\Common Files
2008-06-11 06:19:47 0 d-------- C:\Program Files\Windows Mail
2008-06-09 20:35:10 422 --a------ C:\Users\Clyde F. Schuyler Jr\AppData\Roaming\wklnhst.dat
2008-05-31 07:33:09 0 d-------- C:\Program Files\Symantec
2008-05-18 18:57:30 147290 --a------ C:\Windows\hpoins17.dat
2008-04-26 16:27:21 0 d-------- C:\Program Files\Apple Software Update
2008-03-29 11:42:22 245248 --a------ C:\Windows\system32\dxr.dll
2008-03-29 11:42:20 159744 --a------ C:\Windows\system32\mmfinfo.dll
2008-03-29 11:42:14 102400 --a------ C:\Windows\system32\avss.dll
2008-03-29 11:42:08 148992 --a------ C:\Windows\system32\mkx.dll
2008-03-29 11:42:04 141312 --a------ C:\Windows\system32\mp4.dll
2008-03-29 11:42:04 108032 --a------ C:\Windows\system32\avi.dll
2008-03-29 11:42:02 120832 --a------ C:\Windows\system32\ogm.dll
2008-03-29 11:42:02 335872 --a------ C:\Windows\system32\gdsmux.exe
2008-03-29 11:42:00 163840 --a------ C:\Windows\system32\ts.dll
2008-03-29 11:42:00 103424 --a------ C:\Windows\system32\dsmux.exe
2008-03-29 11:41:54 135168 --a------ C:\Windows\system32\mkv2vfr.exe
2008-03-29 11:41:54 97280 --a------ C:\Windows\system32\avs.dll
2008-03-29 11:41:52 79360 --a------ C:\Windows\system32\mkzlib.dll
2008-03-29 11:41:52 23552 --a------ C:\Windows\system32\mkunicode.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
03/02/2007 05:52 PM 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [06/26/2007 10:39 PM]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/15/2006 01:02 AM]
"QPService "= "C:\Program Files\HP\QuickPlay\QPService.exe" [11/24/2006 07:33 PM]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 10:34 PM]
"QlbCtrl "= "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [11/06/2006 02:58 PM]
"HP Health Check Scheduler "= "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [09/19/2007 06:30 PM]
"WAWifiMessage "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [10/18/2006 01:56 PM]
"hpWirelessAssistant "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [10/18/2006 01:32 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [12/18/2006 04:12 PM]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM]
"xMain "= "C:\Windows\System32\xlaunch.exe" [07/19/2007 04:40 PM]
"NvSvc "= "C:\Windows\system32\nvsvc.dll" [01/14/2007 02:40 AM]
"NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [01/14/2007 02:40 AM]
"NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [01/14/2007 02:40 AM]
"Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 06:38 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"hpqSRMon "= "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [03/13/2008 09:34 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [01/17/2008 08:14 PM]
"HPAdvisor "= "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [11/21/2006 08:36 PM]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 AM]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [06/11/2007 06:16 PM]
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 10:59 AM]
"ISUSPM Startup "= "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [08/11/2005 03:30 PM]
"CollaborationHost "= "C:\Windows\system32\p2phost.exe" [11/02/2006 08:35 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher "=%WINDIR%\SMINST\launcher.exe
"SpybotSnD "= "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

C:\Users\Clyde F. Schuyler Jr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/27/2006 12:24:54 AM]
palmOne Registration.lnk - C:\Program Files\palmOne\register.exe [2/22/2005 11:31:52 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 5:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/23/2006 4:01:50 AM]
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [7/19/2007 5:48:12 PM]
HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [6/9/2004 2:16:08 PM]
HP Connections.lnk - C:\Program Files\HP Connections\6811507\Program\HP Connections.exe [12/18/2006 3:52:31 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 10:26:24 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@= "IEEE 1394 Bus host controllers "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@= "SBP2 IEEE 1394 Devices "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@= "SecurityDevices "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{111daee0-59de-11dc-983a-001b24278338}]
AutoRun\command- H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{142c3754-a23f-11dc-9d48-001b24278338}]
Auto\command- setup.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e19710c-dffb-11dc-ba44-001b24278338}]
AutoRun\command- G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e80ea11-6819-11dc-bd3b-001b24278338}]
AutoRun\command- wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3433c9c6-66ca-11dc-bd76-001b24278338}]
Auto\command- F:\setup.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{487d2460-795d-11dc-a1ce-001b24278338}]
AutoRun\command- Autorun.exe /run
Shell00\Command- Autorun.exe /run
Shell01\Command- Autorun.exe /action
Shell02\Command- Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e3ab13b-36b0-11dc-9a79-001b24278338}]
AutoRun\command- G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a55b2d4-3aa4-11dc-a05c-001b24278338}]
Auto\command- setup.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{638ff324-9e4c-11dc-9ba4-001b24278338}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7be0e727-f412-11dc-b690-001b24278338}]
Auto\command- setup.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7be0e72a-f412-11dc-b690-001b24278338}]
AutoRun\command- I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7be0e753-f412-11dc-b690-001b24278338}]
Auto\command- H:\setup.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{880a5aab-6c5a-11dc-8046-001b24278338}]
AutoRun\command- G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97464666-2c2a-11dd-9e50-001b24278338}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{974646a4-2c2a-11dd-9e50-001b24278338}]
Explore\command- explorer.exe /n,/e ,.
Launch\command- portablevaultaes.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa887a87-588b-11dc-9cc8-001b24278338}]
Auto\command- RavMonE.exe e
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d00d5b09-d4b3-11dc-8242-001b24278338}]
Auto\command- setup.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3331e57-e957-11dc-b752-001b24278338}]
Auto\command- setup.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d586565c-5eab-11dc-95b0-001b24278338}]
Auto\command- H:\setup.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8fe20b5-5617-11dc-95af-001b24278338}]
Auto\command- G:\setup.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e592fa-2bd7-11dd-a090-001b24278338}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea14c5de-3b6b-11dc-9843-001b24278338}]
AutoRun\command- H:\LaunchU3.exe -a

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-19 18:05:46 ------------

 

here is the Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vistaâ„¢ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: AMD Turion(tm) 64 X2 Mobile Technology TL-56
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 1982 MiB / 1034.13 MiB
Pagefile Memory (total/avail): 4173.13 MiB / 3014.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.22 MiB

C: is Fixed (NTFS) - 142.44 GiB total, 54.11 GiB free.
D: is Fixed (NTFS) - 6.61 GiB total, 0.65 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST916082 1AS SCSI Disk Device - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 142.44 GiB - C:
\PARTITION1 - Installable File System - 6.61 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Internet Security v2007 (Symantec Corporation)
AV: Norton Internet Security v2007 (Symantec Corporation)
AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.) Disabled
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled
AS: Norton Internet Security v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe "= "C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Clyde F. Schuyler Jr\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CJ
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Clyde F. Schuyler Jr
LOCALAPPDATA=C:\Users\Clyde F. Schuyler Jr\AppData\Local
LOGONSERVER=\\CJ
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4802
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\CLYDEF~1.SCH\AppData\Local\Temp
TMP=C:\Users\CLYDEF~1.SCH\AppData\Local\Temp
USERDOMAIN=CJ
USERNAME=Clyde F. Schuyler Jr
USERPROFILE=C:\Users\Clyde F. Schuyler Jr
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Clyde F. Schuyler Jr
Guest (new local, guest, net ready)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\HP Games\Ancient Sudoku\Uninstall.exe "
--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe "
--> "C:\Program Files\HP Games\Big Kahuna Reef\Uninstall.exe "
--> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe "
--> "C:\Program Files\HP Games\Blasterball 3\Uninstall.exe "
--> "C:\Program Files\HP Games\Boggle Supreme\Uninstall.exe "
--> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe "
--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe "
--> "C:\Program Files\HP Games\Crystal Maze\Uninstall.exe "
--> "C:\Program Files\HP Games\Family Feud\Uninstall.exe "
--> "C:\Program Files\HP Games\FATE\Uninstall.exe "
--> "C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe "
--> "C:\Program Files\HP Games\Flip Words\Uninstall.exe "
--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe "
--> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe "
--> "C:\Program Files\HP Games\Lemonade Tycoon 2\Uninstall.exe "
--> "C:\Program Files\HP Games\My HP Game Console\Uninstall.exe "
--> "C:\Program Files\HP Games\Otto\Uninstall.exe "
--> "C:\Program Files\HP Games\Penguins!\Uninstall.exe "
--> "C:\Program Files\HP Games\Poker Superstars 2\Uninstall.exe "
--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe "
--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe "
--> "C:\Program Files\HP Games\Polar Tubing\Uninstall.exe "
--> "C:\Program Files\HP Games\Puzzle Express\Uninstall.exe "
--> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe "
--> "C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe "
--> "C:\Program Files\HP Games\Super Granny\Uninstall.exe "
--> "C:\Program Files\HP Games\The Apprentice\Uninstall.exe "
--> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe "
--> "C:\Program Files\HP Games\Word Symphony\Uninstall.exe "
--> "C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe "
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> MsiExec /X{82D8304F-73D7-4EE6-8472-D0684BAA2865}
300_saver_02 --> C:\Windows\system32\300_saver_02.scr /u
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
AGEIA PhysX v7.05.06 --> MsiExec.exe /X{82D8304F-73D7-4EE6-8472-D0684BAA2865}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ASL_HS_Installer32 --> MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom 802.11 Wireless LAN Adapter --> "C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey= "Software\Broadcom\802.11\UninstallInfo" /rootdir= "C:\Program Files\Broadcom\Broadcom 802.11\Driver "
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HUFSetup.EXE -U -IwisR30B7.inf
DarkCrusade --> C:\Program Files\InstallShield Installation Information\{32F27FAA-60D1-4EC3-8502-51AEC72BF50F}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documents To Go --> MsiExec.exe /X{BDFE199D-E889-4BB6-BECB-C4BDF5700849}
DVD Ripper 4 --> C:\Program Files\ImTOO\DVD Ripper 4\Uninstall.exe
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe "
EA SPORTS online 2006 --> C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
FLV Player --> "C:\Windows\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml "
HAMA Double Action Air Grip Gamepad --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{975E4CAE-D408-48DA-9346-65D7DB72B7DE}\setup.exe" -l0x9 -removeonly
Hewlett-Packard Active Check for Health Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library --> C:\Program Files\InstallShield Installation Information\{11BB336F-0E58-4977-B866-F24FA334616B}\setup.exe -runfromtemp -l0x0409
HP Active Support Library 32 bit components --> MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}
HP Connections (remove only) --> C:\Windows\HPCPCUninstall-6811507\HPBWSetup.exe -appid 6811507 -uninstall
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Participation Program 9.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Easy Setup - Core --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support --> MsiExec.exe /I{584B0895-8EF3-4175-8E80-1B68BFA04636}
HP Imaging Device Functions 9.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Pavilion Webcam Driver for Vista v061.001.00005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CA81D12-9EC2-4082-972B-43ECA63F41F2}\setup.exe" -l0x9 -removeonly
HP Photosmart All-In-One Software 9.0 --> C:\Program Files\HP\Digital Imaging\{034F8C89-C4F4-4731-A32B-F4294C04729F}\setup\hpzscr01.exe -datfile hposcr17.dat
HP Photosmart Essential 3.0 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.10 B9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 uninst
HP QuickPlay 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Smart Web Printing --> MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Total Care Advisor --> MsiExec.exe /X{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guide 0041 --> MsiExec.exe /I{ABFBC596-7EB3-4E4D-A1A3-D2B6806EF1FE}
HP Wireless Assistant --> MsiExec.exe /I{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}
HPNetworkAssistant --> MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
HPSSupply --> MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Media Player Codec Pack 3.2.0 --> C:\Windows\system32\C2MP\Uninst.exe
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Standard 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARDR /dll OSETUP.DLL
Microsoft Office Standard 2007 --> MsiExec.exe /X{91120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
muvee autoProducer 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99C5770C-1C90-42E7-9B74-D47CFAF14621}\setup.exe" -l0x9
My HP Games --> "C:\Program Files\HP Games\Uninstall.exe "
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_3_0_12\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
palmOne --> MsiExec.exe /X{FF8157AA-F640-45BD-B7C2-BAA1016B267A}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Rome - Total War - Gold Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}\setup.exe" -l0x9 -removeonly
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive --> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9 --> MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7\HXFSETUP.EXE -U -Iwis30B7z.inf
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe "
Symantec Technical Support Web Controls --> MsiExec.exe /X{9743AF47-B746-4324-B4C4-512E67D04370}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll ",standAloneUninstall
Tiger Woods PGA TOUR 06 --> C:\Program Files\EA SPORTS\Tiger Woods PGA TOUR 06\EAUninstall.exe
Virtual Pool Windows --> C:\Windows\uninst.exe -f "C:\Program Files\Intrplay\VPoolW\DeIsL1.isu "
Warhammer 40,000: Dawn Of War - Platinum Edition --> MsiExec.exe /X{8F99E711-CE74-4718-BE04-19D1A53A735C}
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! IE Search Suggest --> C:\PROGRA~1\Yahoo!\Search\UNINST~1.EXE
Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type73599 / Error
Event Submitted/Written: 06/19/2008 07:47:44 AM
Event ID/Source: 1002 / Application Hang
Event Description:
The program WINWORD.EXE version 12.0.4518.1014 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 135c
Start Time: 01c8d2022ade2bf0
Termination Time: 65

Event Record #/Type73545 / Success
Event Submitted/Written: 06/18/2008 02:54:28 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type73543 / Success
Event Submitted/Written: 06/18/2008 02:54:27 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type73535 / Success
Event Submitted/Written: 06/18/2008 02:54:16 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type73517 / Success
Event Submitted/Written: 06/18/2008 02:52:07 PM
Event ID/Source: 903 / Software Licensing Service
Event Description:
The Software Licensing service has stopped.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type144690 / Warning
Event Submitted/Written: 06/19/2008 05:49:41 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001A73478D88. The following error occurred:
%%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Event Record #/Type144679 / Warning
Event Submitted/Written: 06/19/2008 05:49:16 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001A73478D88. The following error occurred:
%%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Event Record #/Type144666 / Warning
Event Submitted/Written: 06/19/2008 05:49:12 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001A73478D88. The following error occurred:
%%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Event Record #/Type144626 / Warning
Event Submitted/Written: 06/19/2008 08:42:28 AM
Event ID/Source: 58 / Print
Event Description:
\\nicoles-PC\HP Photosmart C5200 series initialization failed at \\nicoles-PC\print$\COLOR\sRGB Color Space Profile.icm. Error: 5. Access is denied.
. This can occur because of system instability or a lack of system resources.

Event Record #/Type144625 / Warning
Event Submitted/Written: 06/19/2008 08:42:28 AM
Event ID/Source: 58 / Print
Event Description:
\\nicoles-PC\HP Photosmart C5200 series initialization failed at \\nicoles-PC\print$\COLOR\Adobe RGB (1998) D65 WP 2.2 Gamma.icc. Error: 5. Access is denied.
. This can occur because of system instability or a lack of system resources.



-- End of Deckard's System Scanner: finished at 2008-06-19 18:05:46 ------------

 

Using a flash drive or 2 on that machine? It appears you have a Flash Drive infection. Please do the following with the flash drive attached and active.

Download ComboFix by sUBs from here, saving the file to your desktop.


Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

Here is the Hijackthis log and the log from the Combo Fix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:58 PM, on 6/19/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [xMain] C:\Windows\System32\xlaunch.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - ?p=ZUzed004MQUS_ZZzer000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12661 bytes

 

ComboFix 08-06-19.1 - Clyde F. Schuyler Jr 2008-06-19 20:04:30.1 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.1006 [GMT -4:00]
Running from: C:\Users\Clyde F. Schuyler Jr\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Windows\system32\AutoRun.inf
C:\Windows\system32\f3PSSavr.scr

.
((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 21:49 81,006 ----a-w C:\Users\Clyde F. Schuyler Jr\AppData\Roaming\nvModes.dat
2008-06-19 09:23 --------- d-----w C:\Program Files\Trend Micro
2008-06-18 18:51 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-06-18 18:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-13 03:03 --------- d-----w C:\Users\Clyde F. Schuyler Jr\AppData\Roaming\dvdcss
2008-06-12 16:33 --------- d-----w C:\Users\Clyde F. Schuyler Jr\AppData\Roaming\DivX
2008-06-11 11:43 --------- d-----w C:\Program Files\DivX
2008-06-11 11:43 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-06-11 10:19 --------- d-----w C:\Program Files\Windows Mail
2008-06-10 00:35 422 ----a-w C:\Users\Clyde F. Schuyler Jr\AppData\Roaming\wklnhst.dat
2008-06-10 00:19 --------- d-----w C:\ProgramData\Symantec
2008-05-31 11:33 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-05-31 11:33 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-05-31 11:33 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-05-31 11:33 --------- d-----w C:\Program Files\Symantec
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-05-27 16:48 --------- d-----w C:\Program Files\dopewars
2008-05-22 22:22 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-05-09 14:58 --------- d-----w C:\ProgramData\WildTangent
2008-04-26 20:27 --------- d-----w C:\Program Files\Apple Software Update
2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-23 04:27 428,032 ----a-w C:\Windows\System32\EncDec.dll
2008-04-23 04:27 292,352 ----a-w C:\Windows\System32\psisdecd.dll
2008-04-23 04:27 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-04-16 18:25 29,952 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
2008-03-29 15:42 335,872 ----a-w C:\Windows\System32\gdsmux.exe
2008-03-29 15:42 245,248 ----a-w C:\Windows\System32\dxr.dll
2008-03-29 15:42 163,840 ----a-w C:\Windows\System32\ts.dll
2008-03-29 15:42 159,744 ----a-w C:\Windows\System32\mmfinfo.dll
2008-03-29 15:42 148,992 ----a-w C:\Windows\System32\mkx.dll
2008-03-29 15:42 141,312 ----a-w C:\Windows\System32\mp4.dll
2008-03-29 15:42 120,832 ----a-w C:\Windows\System32\ogm.dll
2008-03-29 15:42 108,032 ----a-w C:\Windows\System32\avi.dll
2008-03-29 15:42 103,424 ----a-w C:\Windows\System32\dsmux.exe
2008-03-29 15:42 102,400 ----a-w C:\Windows\System32\avss.dll
2008-03-29 15:41 97,280 ----a-w C:\Windows\System32\avs.dll
2008-03-29 15:41 79,360 ----a-w C:\Windows\System32\mkzlib.dll
2008-03-29 15:41 23,552 ----a-w C:\Windows\System32\mkunicode.dll
2008-03-29 15:41 135,168 ----a-w C:\Windows\System32\mkv2vfr.exe
2008-02-04 11:23 548,864 ----a-w C:\Program Files\NIS05ENG.exe.xds
2007-09-17 10:41 174 --sha-w C:\Program Files\desktop.ini
2007-07-05 14:12 25,990,432 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-09-21 13:02 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-09-21 13:02 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-09-21 13:02 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-10-11 09:10 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-11 09:10 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-11 09:10 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-17 20:14 1232896]
"HPAdvisor "= "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-21 20:36 1474560]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 18:16 4670968]
"YSearchProtection "= "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 10:59 224248]
"ISUSPM Startup "= "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30 249856]
"CollaborationHost "= "C:\Windows\system32\p2phost.exe" [2006-11-02 08:35 191488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 01:02 815104]
"QPService "= "C:\Program Files\HP\QuickPlay\QPService.exe" [2006-11-24 19:33 167936]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"QlbCtrl "= "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 14:58 159744]
"HP Health Check Scheduler "= "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-09-19 18:30 66816]
"WAWifiMessage "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 13:56 317152]
"hpWirelessAssistant "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 13:32 472800]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-18 16:12 77824]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"xMain "= "C:\Windows\System32\xlaunch.exe" [2007-07-19 16:40 0]
"NvSvc "= "C:\Windows\system32\nvsvc.dll" [2007-01-14 02:40 90191]
"NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [2007-01-14 02:40 7766016]
"NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [2007-01-14 02:40 81920]
"Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"hpqSRMon "= "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 09:34 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher "= "%WINDIR%\SMINST\launcher.exe" [ ]

C:\Users\Clyde F. Schuyler Jr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 00:24:54 98632]
palmOne Registration.lnk - C:\Program Files\palmOne\register.exe [2005-02-22 11:31:52 2301952]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 05:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 04:01:50 734872]
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2007-07-19 17:48:12 28672]
HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 14:16:08 471040]
HP Connections.lnk - C:\Program Files\HP Connections\6811507\Program\HP Connections.exe [2006-12-18 15:52:31 34520]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter "= ac3filter.acm
"vidc.hfyu "= huffyuv.dll
"msacm.divxa32 "= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify "=dword:00000001
"InternetSettingsDisableNotify "=dword:00000001
"AutoUpdateDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{95ECDD01-AB84-4195-A36C-29147C571235} "= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9E02C4F2-DF48-4ADA-B6DF-757714F01315} "= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{847B4D9A-56A3-49A5-9521-2D7585715908} "= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{90528E1E-A1FE-4A81-B793-12DCFBBD3662} "= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{090CF6CF-EE2B-41E5-8C78-4E27BDD9A0C7} "= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{6B57F522-FAAD-41A8-B1C1-953062BF9446} "= C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
"{AB06BDE8-59B8-48EC-BE3A-F47C57907ABE} "= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{81A65DC1-77E6-4167-8E14-4B7FCA87FA72} "= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{EC58DC15-F7C5-434D-85D3-CDAD99FD9AC4} "= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{60DEC888-F219-4253-B879-9DCB9F49D1E6} "= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{69766FF7-C030-44B6-941A-342BD87A0965} "= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6B858232-CDA8-4787-BC69-95686C88817A} "= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{964A17A2-B864-49C4-AE05-C970AF48F245} "= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D0E33B3D-1A5D-4264-A998-9D761F9F2B0E} "= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E4F8C58C-172C-4E9F-87BD-9C7CCBAA8251} "= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0CA0798A-3E2C-4FD7-BEAB-7513E7519FE5} "= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9F5F74B4-E75F-48BE-8F7F-6273CF214C46} "= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{27758D9E-011E-4709-8E52-DDEBD0C692BB} "= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{A023C928-B901-43DE-9C61-5A4008E4E752} "= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{932EF2A4-5EA2-49F5-BAB7-842C93A837E9} "= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{236D7187-9DF9-405F-B7E5-4CFEA483667D} "= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D694CCBC-DC86-4891-B9F5-FD0B8007B089} "= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C5148F9C-BFBD-44E8-9508-6EF172E6E598} "= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{7C9E46EB-EB3F-46DF-AA3D-047E96DC96C7} "= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{F2F1382B-AB3D-46AA-97C2-FB0F038CA1F0} "= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{187231DB-62F2-499C-8B59-3CA5559E8ED7} "= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{F82934B0-4308-49B6-AF77-6AFFE009F335} "= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{4A49FC0A-847A-414D-932E-3E3D973366C9} "= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{A173761C-9E07-44C3-B296-127C485164C0} "= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{7D31B107-5331-4F24-A76E-8371C259FD45} "= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{900130C9-7354-426C-A04A-DC887986C4C3} "= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{A88AB81C-5BD8-4F4C-88E2-8FDFB7949595} "= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{CAD192A9-B787-47E3-B63C-6FC3377750D8} "= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{3ACE67C1-DDA7-446A-A234-8DCD3D002999} "= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{4EEA660E-839F-4EB3-A1EA-C9048D6797AA} "= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{ABE77EF7-CFCA-441F-A196-6B72CE0B5873} "= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{95FE5341-0ED2-4BC9-B5DC-52912CDD88ED} "= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{4BFFFBEA-E040-43E5-9675-F0BE9CC0317E} "= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{2F1147D6-4279-4784-8BFA-A94C4D771E2E} "= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{55867A9E-CA8A-4775-92B7-2D3482AD1386} "= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{39A13FA7-BC6C-4506-8C6E-743FCDF94DB8} "= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{CEF37556-19F2-4D04-9EB4-314E00D7E2BF} "= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{ACDDBFDB-1DE2-4040-A3F8-7589867360C0} "= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{C51C5070-D5DE-4027-936A-621CA53C211A} "= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{28208792-79CC-40A8-8B09-6D5E7AB2E69B} "= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1 "= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe "= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080617.001\IDSvix86.sys [2008-02-13 12:18]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55]
S2 MyWebSearchService;My Web Search Service;C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe []
S3 GameConsoleService;GameConsoleService; "C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2008-05-05 18:25]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{111daee0-59de-11dc-983a-001b24278338}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{142c3754-a23f-11dc-9d48-001b24278338}]
\shell\Auto\command - setup.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e19710c-dffb-11dc-ba44-001b24278338}]
\shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e80ea11-6819-11dc-bd3b-001b24278338}]
\shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3433c9c6-66ca-11dc-bd76-001b24278338}]
\shell\Auto\command - F:\setup.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{487d2460-795d-11dc-a1ce-001b24278338}]
\shell\AutoRun\command - Autorun.exe /run
\shell\Shell00\Command - Autorun.exe /run
\shell\Shell01\Command - Autorun.exe /action
\shell\Shell02\Command - Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e3ab13b-36b0-11dc-9a79-001b24278338}]
\shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a55b2d4-3aa4-11dc-a05c-001b24278338}]
\shell\Auto\command - setup.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7be0e727-f412-11dc-b690-001b24278338}]
\shell\Auto\command - setup.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7be0e72a-f412-11dc-b690-001b24278338}]
\shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7be0e753-f412-11dc-b690-001b24278338}]
\shell\Auto\command - H:\setup.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{880a5aab-6c5a-11dc-8046-001b24278338}]
\shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97464666-2c2a-11dd-9e50-001b24278338}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{974646a4-2c2a-11dd-9e50-001b24278338}]
\Shell\Explore\command - explorer.exe /n,/e ,.
\Shell\Launch\command - portablevaultaes.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d00d5b09-d4b3-11dc-8242-001b24278338}]
\shell\Auto\command - setup.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3331e57-e957-11dc-b752-001b24278338}]
\shell\Auto\command - setup.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d586565c-5eab-11dc-95b0-001b24278338}]
\shell\Auto\command - H:\setup.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8fe20b5-5617-11dc-95af-001b24278338}]
\shell\Auto\command - G:\setup.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e592fa-2bd7-11dd-a090-001b24278338}]
\shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea14c5de-3b6b-11dc-9843-001b24278338}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-17 01:12:16 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Clyde F. Schuyler Jr.job "
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 20:10:22
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-06-19 20:18:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-20 00:17:56

The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.

313 --- E O F --- 2008-06-17 14:15:31

 

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

Driver::
MyWebSearchService
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{142c3754-a23f-11dc-9d48-001b24278338}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3433c9c6-66ca-11dc-bd76-001b24278338}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{487d2460-795d-11dc-a1ce-001b24278338}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e3ab13b-36b0-11dc-9a79-001b24278338}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a55b2d4-3aa4-11dc-a05c-001b24278338}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7be0e727-f412-11dc-b690-001b24278338}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7be0e753-f412-11dc-b690-001b24278338}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d00d5b09-d4b3-11dc-8242-001b24278338}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3331e57-e957-11dc-b752-001b24278338}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d586565c-5eab-11dc-95b0-001b24278338}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8fe20b5-5617-11dc-95af-001b24278338}]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


Then reboot the machine (if ComboFix didn't) to see if the connection icon still behaves the same.
If it does, download "Registry Search Tool" (RegSrch.vbs) from here
http://www.billsway.com/vbspage/
start it and paste in LilWayne .......wait for it to complete the search, click ok at the prompt. Then when wordpad opens, copy that back here please if anything is found.

 

Combo fix is not working anymore.

I keep getting "Directory name is not valid "

I then tried the DSS again and it says the same thing. I then deleted them both and attempted to save them and run them again. I am getting nothing but "directory name is not valid" Thank you for dealing with me. I really do not know what to do now.

 

Is the C:\ComboFix folder there? If so, please rename it then try to drag-n-drop CFScript.txt onto ComboFix.exe again. You did name the script CFScript.txt, correct?

 

The Folders are gone for the DSS and Combo Fix. I deleted it earlier when it was not working and attempted to reinstall. it does not look like it has done so. neither application is working. I have them both saved to the desktop again but it is not working.

 

I did the Registry search from the other site and got this

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "LilWayne" 6/20/2008 5:19:01 AM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{8C47E9AC-4EFE-4B9D-A004-62EF98665B97}]
"ProfileName "= "LilWayne "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{8C47E9AC-4EFE-4B9D-A004-62EF98665B97}]
"Description "= "LilWayne "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged\010103000F0000F0080000000F0000F0CC4F97C6D87F21951F5246B0594C9D8F551576BB6B681E00A6668223BA83F4DF]
"Description "= "LilWayne "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged\010103000F0000F0080000000F0000F0CC4F97C6D87F21951F5246B0594C9D8F551576BB6B681E00A6668223BA83F4DF]
"FirstNetwork "= "LilWayne "

 

Highlight and copy the contents of the code box below to a blank notepad. Save it to the desktop as;

Filename: fix.reg
Save as type: All Files (*.*)

Code:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{8C47E9AC-4EFE-4B9D-A004-62EF98665B97}]
 "ProfileName "= "Network "
 "Description "= "Network "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged\010103000F0000F0080000000F0000F0CC4F97C6D87F21951F5246B0594C9D8F551576BB6B681E00A6668223BA83F4DF]
 "Description "= "Network "
 "FirstNetwork "= "Network "

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{142c3754-a23f-11dc-9d48-001b24278338}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3433c9c6-66ca-11dc-bd76-001b24278338}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{487d2460-795d-11dc-a1ce-001b24278338}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e3ab13b-36b0-11dc-9a79-001b24278338}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a55b2d4-3aa4-11dc-a05c-001b24278338}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7be0e727-f412-11dc-b690-001b24278338}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7be0e753-f412-11dc-b690-001b24278338}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d00d5b09-d4b3-11dc-8242-001b24278338}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3331e57-e957-11dc-b752-001b24278338}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d586565c-5eab-11dc-95b0-001b24278338}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8fe20b5-5617-11dc-95af-001b24278338}]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MyWebSearchService]

Right click fix.reg and select Run As Administrator, then allow it to merge with the registry.
Restart the computer.
Let me know the result.

 

Its Fixed

Its Fixed. it now says network schuyler. Thank you very much. was it something to be worried about? What could have happened for it to change like that? Again thanks for your help. I just was worried someone else would be able to get on the computer without me knowing.

 

Glad to hear that's fixed. As to the cause ......... ??

Let's run an online scan. Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Post the Kaspersky log and one more fresh HijackThis log.

 

Sorry for the Time between postings. I let ths computer run over night and i checked it this morning. The computer said the scan was done but i had no infections or anything, it was just blank. I thank you again for all of the help.

 

Great! Go ahead and delete ComboFix.exe and dss.exe, as well as the reg fix on the desktop.
I'd say that's a wrap. You agree?