[lazj]

I have tried to get of CiD popups by using the following:
C:NoLop.exe
Anti-Malware
CCleaner
No results. Can you suggest a method to get rid of this annoying Popup?

[Hybr!d]

http://www.computer-juice.com/forums...-posting-7476/

Follow the guide and post the log files, without them we cannot see what is going on and what route to take.

[Hybr!d]

You cannot link to files on your PC, we on the other side cannot access your machine so cannot see the files.

Open the log files and copy/paste the text in your next post.

[lazj]

Malwarebytes' Anti-Malware 1.28
Database version: 1262
Windows 6.0.6001 Service Pack 1

10/13/2008 8:16:58 AM
mbam-log-2008-10-13 (08-16-58).txt

Scan type: Quick Scan
Objects scanned: 48726
Time elapsed: 8 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{cd24eb02-9831-4838-99d0-726d411b1328} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f20da564-9254-49fe-a678-cc3cef172252} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\test account\AppData\LocalLow\CyberDefender\cdmyidd.dll (Trojan.BHO) -> Quarantined and deleted successfully.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/12/2008 at 04:22 PM

Application Version : 4.21.1004

Core Rules Database Version : 3595
Trace Rules Database Version: 1582

Scan type : Complete Scan
Total Scan Time : 04:14:31

Memory items scanned : 757
Memory threats detected : 0
Registry items scanned : 7008
Registry threats detected : 74
File items scanned : 902929
File threats detected : 132

Adware.HotBar/ShopperReports (Low Risk)
HKLM\Software\Classes\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}
HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}
HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}
HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}\Implemented Categories
HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}\InprocServer32
HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}\InprocServer32#ThreadingModel
HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}\ProgID
HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}\TypeLib
HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}\VersionIndependentProgID
HKCR\SmartShopper.HbInfoBand.1
HKCR\SmartShopper.HbInfoBand.1\CLSID
HKCR\SmartShopper.HbInfoBand
HKCR\SmartShopper.HbInfoBand\CLSID
HKCR\SmartShopper.HbInfoBand\CurVer
HKCR\TypeLib\{CA295D63-514A-4ED0-9B5F-640890F2366B}
HKCR\TypeLib\{CA295D63-514A-4ED0-9B5F-640890F2366B}\1.0
HKCR\TypeLib\{CA295D63-514A-4ED0-9B5F-640890F2366B}\1.0\0
HKCR\TypeLib\{CA295D63-514A-4ED0-9B5F-640890F2366B}\1.0\0\win32
HKCR\TypeLib\{CA295D63-514A-4ED0-9B5F-640890F2366B}\1.0\FLAGS
HKCR\TypeLib\{CA295D63-514A-4ED0-9B5F-640890F2366B}\1.0\HELPDIR
C:\PROGRAM FILES\SMARTSHOPPER\BIN\2.5.0\SMRTSHPR.DLL
HKLM\Software\Classes\CLSID\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}
HKCR\CLSID\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}
HKCR\CLSID\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}
HKCR\CLSID\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}\InprocServer32
HKCR\CLSID\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}\InprocServer32#ThreadingModel
HKCR\CLSID\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}\ProgID
HKCR\CLSID\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}\TypeLib
HKCR\CLSID\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}\VersionIndependentProgID
HKCR\SmartShopper.SmrtShprCtl.1
HKCR\SmartShopper.SmrtShprCtl.1\CLSID
HKCR\SmartShopper.SmrtShprCtl
HKCR\SmartShopper.SmrtShprCtl\CLSID
HKCR\SmartShopper.SmrtShprCtl\CurVer
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}
HKU\S-1-5-21-1334249916-3024689584-3692128641-1006\Software\Microsoft\Internet Explorer\Explorer Bars\{137E6E5E-A205-4657-A49F-1AB865787089}
HKCR\Interface\{B0E8C398-DABE-4CE1-B4D9-ED43B64923F5}
HKCR\Interface\{B0E8C398-DABE-4CE1-B4D9-ED43B64923F5}\ProxyStubClsid
HKCR\Interface\{B0E8C398-DABE-4CE1-B4D9-ED43B64923F5}\ProxyStubClsid32
HKCR\Interface\{B0E8C398-DABE-4CE1-B4D9-ED43B64923F5}\TypeLib
HKCR\Interface\{B0E8C398-DABE-4CE1-B4D9-ED43B64923F5}\TypeLib#Version

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\InprocServer32
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\InprocServer32#InprocServer32
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\InprocServer32#ThreadingModel
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ProgID
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\Programmable
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\TypeLib
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\VersionIndependentProgID
HKCR\SearchSettings.BHO.1
HKCR\SearchSettings.BHO.1\CLSID
HKCR\SearchSettings.BHO
HKCR\SearchSettings.BHO\CLSID
HKCR\SearchSettings.BHO\CurVer
HKCR\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
HKCR\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}\1.0
HKCR\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}\1.0\0
HKCR\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}\1.0\0\win32
HKCR\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}\1.0\FLAGS
HKCR\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}\1.0\HELPDIR
C:\PROGRAM FILES\SEARCH SETTINGS\KB127\SEARCHSETTINGS.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCR\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
HKCR\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}\ProxyStubClsid
HKCR\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}\ProxyStubClsid32
HKCR\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}\TypeLib
HKCR\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}\TypeLib#Version

Adware.Tracking Cookie
C:\Users\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@fastclick[3].txt
C:\Users\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@interclick[1].txt
C:\Users\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@adopt.euroclick[3].txt
C:\Users\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@ads.react2media[1].txt
C:\Users\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@atdmt[2].txt
C:\Users\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@tribalfusion[2].txt
C:\Users\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@www.burstnet[2].txt
C:\Users\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@doubleclick[2].txt
C:\Users\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@adultfriendfinder[1].txt
C:\Users\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@burstnet[3].txt
C:\Users\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@advertising[1].txt
C:\Users\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@adserver.adtechus[1].txt
C:\Users\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@questionmarket[1].txt
C:\Users\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@ad.zanox[2].txt
C:\Users\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@apmebf[2].txt
C:\Users\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@eas.apm.emediate[1].txt
C:\Users\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@ad.yieldmanager[3].txt
.richmedia.yahoo.com [ C:\Documents and Settings\Jerry\AppData\Roaming\Mozilla\Firefox\Pro files\pxejzy91.default\cookies.txt ]
.richmedia.yahoo.com [ C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\pxejzy91.default\coo kies.txt ]
C:\Documents and Settings\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@ad.yieldmanager[1].txt
C:\Documents and Settings\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@ad.yieldmanager[3].txt
C:\Documents and Settings\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@ad.zanox[2].txt
C:\Documents and Settings\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@adopt.euroclick[2].txt
C:\Documents and Settings\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@adopt.euroclick[3].txt
C:\Documents and Settings\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@ads.react2media[1].txt
C:\Documents and Settings\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@adserver.adtechus[1].txt
C:\Documents and Settings\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@adultfriendfinder[1].txt
C:\Documents and Settings\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@advertising[1].txt
C:\Documents and Settings\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@apmebf[1].txt
C:\Documents and Settings\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@apmebf[2].txt
C:\Documents and Settings\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@atdmt[2].txt
C:\Documents and Settings\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@burstnet[2].txt
C:\Documents and Settings\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@burstnet[3].txt
C:\Documents and Settings\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@doubleclick[1].txt
C:\Documents and Settings\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@doubleclick[2].txt
C:\Documents and Settings\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@eas.apm.emediate[1].txt
C:\Documents and Settings\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@fastclick[1].txt
C:\Documents and Settings\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@fastclick[3].txt
C:\Documents and Settings\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@interclick[1].txt
C:\Documents and Settings\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@questionmarket[1].txt
C:\Documents and Settings\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@tribalfusion[2].txt
C:\Documents and Settings\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@www.burstnet[1].txt
C:\Documents and Settings\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@www.burstnet[2].txt
C:\Documents and Settings\test account\Application Data\Microsoft\Windows\Cookies\test_account@ad.yie ldmanager[1].txt
C:\Documents and Settings\test account\Application Data\Microsoft\Windows\Cookies\test_account@ad.yie ldmanager[3].txt
C:\Documents and Settings\test account\Application Data\Microsoft\Windows\Cookies\test_account@ad.zan ox[2].txt
C:\Documents and Settings\test account\Application Data\Microsoft\Windows\Cookies\test_account@adopt. euroclick[2].txt
C:\Documents and Settings\test account\Application Data\Microsoft\Windows\Cookies\test_account@adopt. euroclick[3].txt
C:\Documents and Settings\test account\Application Data\Microsoft\Windows\Cookies\test_account@ads.re act2media[1].txt
C:\Documents and Settings\test account\Application Data\Microsoft\Windows\Cookies\test_account@adserv er.adtechus[1].txt
C:\Documents and Settings\test account\Application Data\Microsoft\Windows\Cookies\test_account@adultf riendfinder[1].txt
C:\Documents and Settings\test account\Application Data\Microsoft\Windows\Cookies\test_account@advert ising[1].txt
C:\Documents and Settings\test account\Application Data\Microsoft\Windows\Cookies\test_account@apmebf[1].txt
C:\Documents and Settings\test account\Application Data\Microsoft\Windows\Cookies\test_account@apmebf[2].txt
C:\Documents and Settings\test account\Application Data\Microsoft\Windows\Cookies\test_account@atdmt[2].txt
C:\Documents and Settings\test account\Application Data\Microsoft\Windows\Cookies\test_account@burstn et[2].txt
C:\Documents and Settings\test account\Application Data\Microsoft\Windows\Cookies\test_account@burstn et[3].txt
C:\Documents and Settings\test account\Application Data\Microsoft\Windows\Cookies\test_account@double click[1].txt
C:\Documents and Settings\test account\Application Data\Microsoft\Windows\Cookies\test_account@double click[2].txt
C:\Documents and Settings\test account\Application Data\Microsoft\Windows\Cookies\test_account@eas.ap m.emediate[1].txt
C:\Documents and Settings\test account\Application Data\Microsoft\Windows\Cookies\test_account@fastcl ick[1].txt
C:\Documents and Settings\test account\Application Data\Microsoft\Windows\Cookies\test_account@fastcl ick[3].txt
C:\Documents and Settings\test account\Application Data\Microsoft\Windows\Cookies\test_account@interc lick[1].txt
C:\Documents and Settings\test account\Application Data\Microsoft\Windows\Cookies\test_account@questi onmarket[1].txt
C:\Documents and Settings\test account\Application Data\Microsoft\Windows\Cookies\test_account@tribal fusion[2].txt
C:\Documents and Settings\test account\Application Data\Microsoft\Windows\Cookies\test_account@www.bu rstnet[1].txt
C:\Documents and Settings\test account\Application Data\Microsoft\Windows\Cookies\test_account@www.bu rstnet[2].txt
C:\Documents and Settings\test account\Cookies\test_account@ad.yieldmanager[1].txt
C:\Documents and Settings\test account\Cookies\test_account@ad.yieldmanager[3].txt
C:\Documents and Settings\test account\Cookies\test_account@ad.zanox[2].txt
C:\Documents and Settings\test account\Cookies\test_account@adopt.euroclick[2].txt
C:\Documents and Settings\test account\Cookies\test_account@adopt.euroclick[3].txt
C:\Documents and Settings\test account\Cookies\test_account@ads.react2media[1].txt
C:\Documents and Settings\test account\Cookies\test_account@adserver.adtechus[1].txt
C:\Documents and Settings\test account\Cookies\test_account@adultfriendfinder[1].txt
C:\Documents and Settings\test account\Cookies\test_account@advertising[1].txt
C:\Documents and Settings\test account\Cookies\test_account@apmebf[1].txt
C:\Documents and Settings\test account\Cookies\test_account@apmebf[2].txt
C:\Documents and Settings\test account\Cookies\test_account@atdmt[2].txt
C:\Documents and Settings\test account\Cookies\test_account@burstnet[2].txt
C:\Documents and Settings\test account\Cookies\test_account@burstnet[3].txt
C:\Documents and Settings\test account\Cookies\test_account@doubleclick[1].txt
C:\Documents and Settings\test account\Cookies\test_account@doubleclick[2].txt
C:\Documents and Settings\test account\Cookies\test_account@eas.apm.emediate[1].txt
C:\Documents and Settings\test account\Cookies\test_account@fastclick[1].txt
C:\Documents and Settings\test account\Cookies\test_account@fastclick[3].txt
C:\Documents and Settings\test account\Cookies\test_account@interclick[1].txt
C:\Documents and Settings\test account\Cookies\test_account@questionmarket[1].txt
C:\Documents and Settings\test account\Cookies\test_account@tribalfusion[2].txt
C:\Documents and Settings\test account\Cookies\test_account@www.burstnet[1].txt
C:\Documents and Settings\test account\Cookies\test_account@www.burstnet[2].txt
.richmedia.yahoo.com [ C:\Users\Jerry\AppData\Roaming\Mozilla\Firefox\Pro files\pxejzy91.default\cookies.txt ]
.richmedia.yahoo.com [ C:\Users\Jerry\Application Data\Mozilla\Firefox\Profiles\pxejzy91.default\coo kies.txt ]
C:\Users\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@ad.yieldmanager[1].txt
C:\Users\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@adopt.euroclick[2].txt
C:\Users\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@apmebf[1].txt
C:\Users\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@burstnet[2].txt
C:\Users\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@doubleclick[1].txt
C:\Users\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@fastclick[1].txt
C:\Users\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@tribalfusion[1].txt
C:\Users\test account\AppData\Roaming\Microsoft\Windows\Cookies\ test_account@www.burstnet[1].txt
C:\Users\test account\Application Data\Microsoft\Windows\Cookies\test_account@ad.yie ldmanager[1].txt
C:\Users\test account\Application Data\Microsoft\Windows\Cookies\test_account@adopt. euroclick[2].txt
C:\Users\test account\Application Data\Microsoft\Windows\Cookies\test_account@apmebf[1].txt
C:\Users\test account\Application Data\Microsoft\Windows\Cookies\test_account@burstn et[2].txt
C:\Users\test account\Application Data\Microsoft\Windows\Cookies\test_account@double click[1].txt
C:\Users\test account\Application Data\Microsoft\Windows\Cookies\test_account@fastcl ick[1].txt
C:\Users\test account\Application Data\Microsoft\Windows\Cookies\test_account@tribal fusion[1].txt
C:\Users\test account\Application Data\Microsoft\Windows\Cookies\test_account@www.bu rstnet[1].txt
C:\Users\test account\Cookies\test_account@ad.yieldmanager[1].txt
C:\Users\test account\Cookies\test_account@adopt.euroclick[2].txt
C:\Users\test account\Cookies\test_account@apmebf[1].txt
C:\Users\test account\Cookies\test_account@burstnet[2].txt
C:\Users\test account\Cookies\test_account@doubleclick[1].txt
C:\Users\test account\Cookies\test_account@fastclick[1].txt
C:\Users\test account\Cookies\test_account@tribalfusion[1].txt
C:\Users\test account\Cookies\test_account@www.burstnet[1].txt

Adware.MyWebSearch/FunWebProducts
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearch Service
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearch Service#Type
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearch Service#Start
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearch Service#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearch Service#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearch Service#ObjectName

Trojan.Malware
C:\DOCUMENTS AND SETTINGS\JERRY\DOCUMENTS\MY COMPLETED DOWNLOADS\ERRORNUKERINSTALLER.EXE
C:\DOCUMENTS AND SETTINGS\JERRY\MY DOCUMENTS\MY COMPLETED DOWNLOADS\ERRORNUKERINSTALLER.EXE
C:\USERS\JERRY\DOCUMENTS\MY COMPLETED DOWNLOADS\ERRORNUKERINSTALLER.EXE
C:\USERS\JERRY\MY DOCUMENTS\MY COMPLETED DOWNLOADS\ERRORNUKERINSTALLER.EXE

Adware.MyWebSearch-Installer
C:\DOCUMENTS AND SETTINGS\JERRY\DOCUMENTS\MY COMPLETED DOWNLOADS\MYFUNCARDSSETUP2.3.50.10.ZUFOX000.EXE
C:\DOCUMENTS AND SETTINGS\JERRY\MY DOCUMENTS\MY COMPLETED DOWNLOADS\MYFUNCARDSSETUP2.3.50.10.ZUFOX000.EXE
C:\USERS\JERRY\DOCUMENTS\MY COMPLETED DOWNLOADS\MYFUNCARDSSETUP2.3.50.10.ZUFOX000.EXE
C:\USERS\JERRY\MY DOCUMENTS\MY COMPLETED DOWNLOADS\MYFUNCARDSSETUP2.3.50.10.ZUFOX000.EXE

Unclassified.PC MightyMax
C:\DOCUMENTS AND SETTINGS\JERRY\DOCUMENTS\MY COMPLETED DOWNLOADS\PCMIGHTYMAXSETUP.EXE
C:\DOCUMENTS AND SETTINGS\JERRY\MY DOCUMENTS\MY COMPLETED DOWNLOADS\PCMIGHTYMAXSETUP.EXE
C:\USERS\JERRY\DOCUMENTS\MY COMPLETED DOWNLOADS\PCMIGHTYMAXSETUP.EXE
C:\USERS\JERRY\MY DOCUMENTS\MY COMPLETED DOWNLOADS\PCMIGHTYMAXSETUP.EXE

Adware.AdRotator/CPMSky
C:\WINDOWS\SYSTEM32\CPMSKY-UNINST.EXE
ghjak thisLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:00 AM, on 10/13/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\DAP\DAP.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PhraseExpress\phraseexpress.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\mozilla firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Zumie Search Service - Zumie.com - C:\Program Files\Zumie\zumie.exe

--
End of file - 2158 bytes

[evilfantasy]

Download random's system information tool (RSIT) by random/random from and save it to your Desktop.

• Double click on RSIT.exe to run.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open.
• log.txt <will be maximized and info.txt <will be minimized
• Please post the contents of both logs in the next reply.

[lazj]

Logfile of random's system information tool 1.04 (written by random/random)
Run by test account at 2008-10-14 08:21:02
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 6 GB (8%) free of 68 GB
Total RAM: 958 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:08 AM, on 10/14/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\DAP\DAP.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PhraseExpress\phraseexpress.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\mozilla firefox\firefox.exe
C:\Users\test account\Documents\My Completed Downloads\RSIT.exe
C:\Program Files\trend micro\test account.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = file://C:\PROGRA~1\SPEEDB~1\vaproxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {cfa0cec7-199f-5527-85db-7c85624cac53} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [vc log bows face] "C:\ProgramData\Rdr Balm Funk.2l27mb"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe /Q:A
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe -AUTO
O4 - HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1334249916-3024689584-3692128641-1000\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-1334249916-3024689584-3692128641-1000\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify (User '?')
O4 - HKUS\S-1-5-21-1334249916-3024689584-3692128641-1000\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP (User '?')
O4 - HKUS\S-1-5-21-1334249916-3024689584-3692128641-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-1334249916-3024689584-3692128641-1000\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User '?')
O4 - HKUS\S-1-5-21-1334249916-3024689584-3692128641-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'admin')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PhraseExpress.lnk = C:\Program Files\PhraseExpress\phraseexpress.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll (file missing)
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Mediabee (MBXmlRpc) - Mediabee - C:\Program Files\Mediabee\src\py\dist\MediabeeService.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Zumie Search Service - Zumie.com - C:\Program Files\Zumie\zumie.exe

--
End of file - 13657 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Jerry.job
C:\Windows\tasks\SpeedOptimizer Startup.job
C:\Windows\tasks\User_Feed_Synchronization-{083146DB-8157-459E-A19D-B1E7E9E1C4F4}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll [2008-08-11 656696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-07-23 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-08-03 5751624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{cfa0cec7-199f-5527-85db-7c85624cac53}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-08-03 5751624]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-06-30 349552]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"vc log bows face"=C:\ProgramData\Rdr Balm Funk.2l27mb [2008-06-22 253968]
"SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe [2008-04-16 985440]
"DXM6Patch_981116"=C:\Windows\p_981116.exe [1998-11-30 497376]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15 70912]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-01-25 51048]
"SpeedBitVideoAccelerator"=C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe [2008-07-27 2705008]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-11-07 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-11-07 8534560]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.d ll [2007-11-07 81920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"RCAutoLiveUpdate"=C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe [2008-05-30 865744]
"RCSystemTray"=C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe [2008-05-30 914896]
"LVCOMS"=C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE [2002-02-01 98304]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-10-03 480560]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-12-19 468264]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-07 44128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
"DownloadAccelerator"=C:\Program Files\DAP\DAP.EXE [2008-09-15 3061248]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-08-11 21741864]
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2008-08-03 160592]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
[]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PhraseExpress.lnk - C:\Program Files\PhraseExpress\phraseexpress.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2008-10-13 14:47:50 ----DC---- C:\Program Files\Lavasoft
2008-10-13 14:45:58 ----DC---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-13 13:55:32 ----DC---- C:\rsit
2008-10-13 11:51:32 ----DC---- C:\ProgramData\WindowsSearch
2008-10-13 11:45:30 ----DC---- C:\Program Files\Trend Micro
2008-10-13 08:32:11 ----AC---- C:\Windows\system32\javaws.exe
2008-10-13 08:32:11 ----AC---- C:\Windows\system32\javaw.exe
2008-10-13 08:32:11 ----AC---- C:\Windows\system32\java.exe
2008-10-11 11:57:18 ----DC---- C:\ProgramData\SUPERAntiSpyware.com
2008-10-11 11:55:38 ----DC---- C:\Users\test account\AppData\Roaming\SUPERAntiSpyware.com
2008-10-11 09:44:35 ----AC---- C:\Windows\st_affiliate.ini
2008-10-09 17:46:39 ----DC---- C:\Users\test account\AppData\Roaming\Malwarebytes
2008-10-09 17:46:33 ----DC---- C:\ProgramData\Malwarebytes
2008-10-09 17:39:50 ----AC---- C:\delete.bat
2008-10-07 16:31:04 ----DC---- C:\Program Files\VistaCodecPack
2008-10-07 16:28:54 ----DC---- C:\ProgramData\VistaCodecs
2008-10-07 13:15:00 ----DC---- C:\Users\test account\AppData\Roaming\Uniblue
2008-10-06 12:05:38 ----DC---- C:\Users\test account\AppData\Roaming\AVS4YOU
2008-10-06 12:05:31 ----DC---- C:\ProgramData\AVS4YOU
2008-10-06 12:04:26 ----DC---- C:\Program Files\AVS4YOU
2008-10-06 11:58:35 ----DC---- C:\Users\test account\AppData\Roaming\NCH Swift Sound
2008-10-04 19:22:54 ----DC---- C:\Users\test account\AppData\Roaming\CyberLink
2008-10-03 01:01:32 ----DC---- C:\23ff9ae6f1ff235e97164ba9
2008-10-02 16:51:21 ----DC---- C:\Program Files\Broadcom
2008-10-02 16:51:21 ----AC---- C:\Windows\system32\bcmihvui.dll
2008-10-02 16:51:06 ----DC---- C:\Users\test account\AppData\Roaming\InstallShield
2008-10-02 16:07:03 ----DC---- C:\Program Files\Common Files\LightScribe
2008-10-02 09:24:28 ----DC---- C:\Program Files\Common Files\Apple
2008-10-02 09:24:16 ----DC---- C:\ProgramData\Apple Computer
2008-10-02 09:22:25 ----DC---- C:\Program Files\Apple Software Update
2008-10-01 19:11:36 ----ADC---- C:\ProgramData\TEMP
2008-10-01 15:29:34 ----DC---- C:\Program Files\Miraplacid Form Lite
2008-09-23 16:48:32 ----DC---- C:\Program Files\Zumie
2008-09-23 16:48:26 ----DC---- C:\Program Files\SmartShopper

======List of files/folders modified in the last 1 months======

2008-10-14 08:21:56 ----DC---- C:\Windows\Temp
2008-10-14 08:19:31 ----DC---- C:\Users\test account\AppData\Roaming\Skype
2008-10-14 08:17:13 ----DC---- C:\Program Files\mozilla firefox
2008-10-14 08:09:49 ----DC---- C:\Users\test account\AppData\Roaming\skypePM
2008-10-14 07:17:45 ----DC---- C:\Program Files\SpeedBit Video Accelerator
2008-10-14 07:16:27 ----DC---- C:\Windows\SMINST
2008-10-13 16:38:31 ----DC---- C:\Program Files\spybot - search & destroy
2008-10-13 16:31:50 ----DC---- C:\ProgramData\Spybot - Search & Destroy
2008-10-13 14:49:27 ----SHDC---- C:\Windows\Installer
2008-10-13 14:49:27 ----DC---- C:\Windows
2008-10-13 14:47:50 ----RDC---- C:\Program Files
2008-10-13 14:47:50 ----DC---- C:\Windows\system32\drivers
2008-10-13 14:47:49 ----DC---- C:\Windows\System32
2008-10-13 14:47:16 ----SHD---- C:\System Volume Information
2008-10-13 14:45:58 ----DC---- C:\Program Files\Common Files
2008-10-13 14:08:08 ----DC---- C:\Windows\system32\Tasks
2008-10-13 12:13:34 ----DC---- C:\Program Files\Common Files\Symantec Shared
2008-10-13 11:51:32 ----HDC---- C:\ProgramData
2008-10-13 09:12:54 ----DC---- C:\Windows\system32\catroot2
2008-10-13 09:12:52 ----DC---- C:\Windows\tracing
2008-10-13 09:00:39 ----DC---- C:\Windows\Tasks
2008-10-13 08:48:47 ----DC---- C:\Program Files\Java
2008-10-13 08:01:22 ----DC---- C:\Windows\MaxSecureBackup
2008-10-13 07:54:06 ----SDC---- C:\Users\test account\AppData\Roaming\Microsoft
2008-10-12 13:04:12 ----DC---- C:\Downloads
2008-10-12 12:27:01 ----DC---- C:\Program Files\BitComet
2008-10-12 10:59:10 ----DC---- C:\Windows\Prefetch
2008-10-11 09:20:29 ----AC---- C:\Windows\win.ini
2008-10-10 11:25:18 ----DC---- C:\Windows\Debug
2008-10-10 11:18:19 ----DC---- C:\Program Files\Yahoo!
2008-10-09 17:58:37 ----AC---- C:\Users\test account\AppData\Roaming\burnaware.ini
2008-10-09 06:56:42 ----DC---- C:\Users\test account\AppData\Roaming\LimeWire
2008-10-08 07:41:29 ----DC---- C:\Users\test account\AppData\Roaming\Real
2008-10-07 07:24:38 ----DC---- C:\Program Files\Common Files\AVSMedia
2008-10-06 11:58:35 ----DC---- C:\ProgramData\NCH Swift Sound
2008-10-05 10:33:45 ----DC---- C:\Program Files\The Print Shop 20
2008-10-05 10:29:53 ----DC---- C:\Windows\inf
2008-10-05 10:29:53 ----AC---- C:\Windows\system32\PerfStringBackup.INI
2008-10-04 19:43:49 ----DC---- C:\Users\test account\AppData\Roaming\Image Zone Express
2008-10-02 20:13:57 ----DC---- C:\Users\test account\AppData\Roaming\Hewlett-Packard
2008-10-02 20:11:45 ----HDC---- C:\System.sav
2008-10-02 20:11:25 ----DC---- C:\Program Files\Hewlett-Packard
2008-10-02 20:10:35 ----DC---- C:\SwSetup
2008-10-02 19:57:49 ----RSDC---- C:\Windows\Fonts
2008-10-02 17:28:36 ----DC---- C:\ProgramData\CyberLink
2008-10-02 17:26:34 ----DC---- C:\Program Files\Hp
2008-10-02 17:26:18 ----HDC---- C:\Program Files\InstallShield Installation Information
2008-10-02 16:54:25 ----DC---- C:\Windows\system32\catroot
2008-10-02 16:51:02 ----AC---- C:\Windows\system32\bcmwlcoi.dll
2008-10-02 16:51:02 ----AC---- C:\Windows\system32\bcmihvsrv.dll
2008-10-02 15:53:15 ----DC---- C:\ProgramData\Hewlett-Packard
2008-10-02 09:24:48 ----DC---- C:\Program Files\QuickTime
2008-10-02 08:15:46 ----SHDC---- C:\boot
2008-10-02 08:15:46 ----DC---- C:\Windows\system32\config
2008-10-02 07:17:47 ----DC---- C:\ProgramData\NVIDIA
2008-10-01 15:01:46 ----DC---- C:\Users\test account\AppData\Roaming\Adobe
2008-10-01 14:54:48 ----DC---- C:\Users\test account\AppData\Roaming\Mozilla
2008-10-01 10:35:38 ----DC---- C:\Users\test account\AppData\Roaming\HP
2008-10-01 10:35:35 ----DC---- C:\Users\test account\AppData\Roaming\ArcSoft
2008-10-01 10:33:32 ----RDC---- C:\Users
2008-10-01 10:33:28 ----DC---- C:\ProgramData\WildTangent
2008-10-01 10:33:27 ----DC---- C:\ProgramData\Symantec
2008-10-01 10:33:24 ----DC---- C:\ProgramData\Roxio
2008-10-01 10:33:23 ----DC---- C:\ProgramData\NCH Software
2008-10-01 10:33:22 ----DC---- C:\ProgramData\Kodak
2008-10-01 10:33:22 ----DC---- C:\ProgramData\HP
2008-10-01 10:33:19 ----DC---- C:\ProgramData\Adobe
2008-10-01 10:33:19 ----DC---- C:\Program Files\Windows Media Player
2008-10-01 10:33:18 ----DC---- C:\Program Files\Winamp
2008-10-01 10:33:18 ----DC---- C:\Program Files\TweakNow RegCleaner Std
2008-10-01 10:33:10 ----DC---- C:\Program Files\MSN
2008-10-01 10:33:10 ----DC---- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-10-01 10:33:04 ----DC---- C:\Program Files\Google
2008-10-01 10:33:03 ----DC---- C:\Program Files\DAP
2008-10-01 10:33:02 ----DC---- C:\Program Files\Common Files\microsoft shared
2008-10-01 10:33:00 ----HDC---- C:\CanoScan
2008-10-01 10:33:00 ----DC---- C:\My Downloads
2008-10-01 10:33:00 ----DC---- C:\kgdemo
2008-10-01 08:58:24 ----DC---- C:\Program Files\microsoft money 2007
2008-09-28 08:01:26 ----DC---- C:\Program Files\Windows Mail
2008-09-22 07:22:48 ----DC---- C:\Program Files\LimeWire
2008-09-16 17:04:27 ----DC---- C:\Program Files\NCH Software
2008-09-16 17:04:21 ----DC---- C:\Users\test account\AppData\Roaming\NCH Software

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-09-02 371248]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs \20081010.002\IDSvix86.sys [2008-09-12 270384]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2008-01-17 447024]
R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2008-01-31 279088]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2008-06-13 24112]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 CO_Mon;CO_Mon; \??\C:\Windows\system32\drivers\CO_Mon.sys [2007-08-08 36056]
R2 elagopro;GoProto Protocol Driver for LELA; C:\Windows\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\Windows\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys [2007-08-26 8413]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-10-02 1207288]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 182272]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-07 99376]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\2008101 3.037\NAVENG.SYS [2008-08-25 89104]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\2008101 3.037\NAVEX15.SYS [2008-08-25 873552]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-03 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-11-07 8231584]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-15 12032]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-08-28 123952]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S2 sbbotdi;sbbotdi; C:\Windows\system32\drivers\sbbotdi.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-10-02 1207288]
S3 COH_Mon;COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 DetectACNT;DetectACNT; \??\C:\Windows\system32\FinePointLib\DetectACNT.sy s [2002-11-21 51800]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
S3 grmnusb;grmnusb; C:\Windows\system32\drivers\grmnusb.sys [2007-03-08 8320]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-02-21 159232]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-18 1380864]
S3 LVBulk;LVBulk Service; C:\Windows\system32\DRIVERS\LVBulk.sys [2002-02-01 10261]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 PAC7302;PAC7302 VGA USB Camera; C:\Windows\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V); C:\Windows\system32\DRIVERS\LV551AV.sys [2002-02-01 220055]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2008-01-31 317616]
S3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-19 9216]
S3 UIUSys;Conexant Setup API; C:\Windows\system32\drivers\UIUSys.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
S3 WinPhlash;WinPhlash; \??\C:\SwSetup\SP38173\SWinFlash\PHLASHNT.SYS [2006-09-06 31616]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.SYS [2008-01-19 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-13 611664]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-04-15 94208]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-10-18 79136]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]
R2 MBXmlRpc;Mediabee; C:\Program Files\Mediabee\src\py\dist\MediabeeService.exe [2006-07-21 19968]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 TivoBeacon2;TiVo Beacon; C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2008-04-04 868864]
R2 VideoAcceleratorService;VideoAcceleratorService; C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-07-27 292472]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
R2 Zumie Search Service;Zumie Search Service; C:\Program Files\Zumie\zumie.exe [2008-09-22 5120]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-07-23 1245064]
S3 Boonty Games;Boonty Games; C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2008-07-12 69120]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-04 3220856]
S3 NtmsSvc;@%SystemRoot%\system32\ntmssvc.dll,-2; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe []

-----------------EOF-----------------

[evilfantasy]

Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

----------

Create An Uninstall List

• Start HijackThis
• Click on the Open the Misc Tools section
• Click on the Open Uninstall Manager button.
• Click on the Save list button and specify where you would like to save this file and click Save.
  • When you press Save button a notepad will open with the contents of that file.
• Copy and paste that list in your reply.

----------

Next post add:
ComboFix log
Uninstall list

[lazj]

32 Bit HP CIO Components Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 9
Adobe Shockwave Player 11
AI RoboForm (All Users)
AppCore
Broadcom 802.11 Wireless LAN Adapter
BurnAware Free Edition 1.3.1 beta
ccCommon
Component Framework
Conexant HD Audio
Download Accelerator Plus (DAP)
Drivers Install For Linksys Easylink Advisor
ESU for Microsoft Vista
Garmin WebUpdater
Google Toolbar for Firefox
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HP Active Support Library
HP Active Support Library 32 bit components
HP Active Support Library 32 bit components
HP DVD Play 3.6
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart.All-In-One Driver Software 8.0 .A
HP Solution Center 8.0
HP Update
HP User Guides 0041
HP Wireless Assistant
HPNetworkAssistant
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LightScribe System Software 1.10.19.1
LimeWire 4.18.8
Linksys EasyLink Advisor 1.6 (0032)
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Max Registry Cleaner
MDI2PDF 2.4
Mediabee
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Money 2007
Microsoft Money Shared Libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Miraplacid Form 2.1 Lite
Mozilla Firefox (3.0.3)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MyIdentityDefender Toolbar
NCH Toolbox
NetWaiting
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
Norton Security Scan
NVIDIA Drivers
PaperPort 8.0 SE
PhraseExpress v5.1.29
PopGun
QuickPlay SlingPlayer 0.4.6
QuickTime
Revo Uninstaller 1.75
Roxio Activation Module
Search Settings 1.2
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Shockwave
Skype™ 3.8
SPBBC 32bit
SpeedBit Video Accelerator
Spybot - Search & Destroy
Switch Sound File Converter
Symantec Real Time Storage Protection Component
TextStat 3.0
The Print Shop 20
TiVo Desktop 2.6.1
TweakNow RegCleaner Standard
Vista Codec Package
Webcam 2200
Windows Media Player Firefox Plugin
WinZip
Yahoo! Toolbar

ComboFix 08-10-14.03 - test account 2008-10-14 17:50:11.1 - NTFSx86
Running from: C:\Users\test account\Documents\My Completed Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Zumie
C:\Program Files\Zumie\home.js
C:\Program Files\Zumie\readme.html
C:\Program Files\Zumie\uninstall.exe
C:\Program Files\Zumie\zopt.exe
C:\Program Files\Zumie\zumie.dll
C:\Program Files\Zumie\zumie.exe
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Tem porary Internet Files\78bd5595-8971-66a5-d696-163ed98fd6d4
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Tem porary Internet Files\tmp1403.tmp
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Tem porary Internet Files\tmp150C.tmp
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Tem porary Internet Files\tmp2B05.tmp
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Tem porary Internet Files\tmp499D.tmp
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Tem porary Internet Files\tmp53CA.tmp
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Tem porary Internet Files\tmp5BBC.tmp
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Tem porary Internet Files\tmp5D99.tmp
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Tem porary Internet Files\tmp619F.tmp
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Tem porary Internet Files\tmp68FF.tmp
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Tem porary Internet Files\tmp6E6C.tmp
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Tem porary Internet Files\tmp712.tmp
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Tem porary Internet Files\tmp7944.tmp
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Tem porary Internet Files\tmp87B.tmp
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Tem porary Internet Files\tmp8FF6.tmp
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Tem porary Internet Files\tmp9AA9.tmp
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Tem porary Internet Files\tmp9FF6.tmp
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Tem porary Internet Files\tmpA830.tmp
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Tem porary Internet Files\tmpAA61.tmp
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Tem porary Internet Files\tmpAEB1.tmp
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Tem porary Internet Files\tmpB288.tmp
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Tem porary Internet Files\tmpB723.tmp
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Tem porary Internet Files\tmpC190.tmp
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Tem porary Internet Files\tmpEEDE.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Boonty Games
-------\Service_Zumie Search Service


((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 )))))))))))))))))))))))))))))))
.

2008-10-14 08:55 . 2008-10-14 08:55 <DIR> d----c--- C:\Program Files\VS Revo Group
2008-10-13 13:55 . 2008-10-13 13:56 <DIR> d----c--- C:\rsit
2008-10-13 11:51 . 2008-10-13 11:51 <DIR> d----c--- C:\Users\All Users\WindowsSearch
2008-10-13 11:51 . 2008-10-13 11:51 <DIR> d----c--- C:\ProgramData\WindowsSearch
2008-10-11 11:57 . 2008-10-11 11:57 <DIR> d----c--- C:\Users\All Users\SUPERAntiSpyware.com
2008-10-11 11:57 . 2008-10-11 11:57 <DIR> d----c--- C:\ProgramData\SUPERAntiSpyware.com
2008-10-11 11:55 . 2008-10-11 11:55 <DIR> d----c--- C:\Users\test account\AppData\Roaming\SUPERAntiSpyware.com
2008-10-11 09:44 . 2008-10-11 09:44 75 --a--c--- C:\Windows\st_affiliate.ini
2008-10-09 17:46 . 2008-10-09 17:46 <DIR> d----c--- C:\Users\test account\AppData\Roaming\Malwarebytes
2008-10-09 17:46 . 2008-10-09 17:46 <DIR> d----c--- C:\Users\All Users\Malwarebytes
2008-10-09 17:46 . 2008-10-09 17:46 <DIR> d----c--- C:\ProgramData\Malwarebytes
2008-10-09 17:39 . 2008-10-09 17:39 106 --a--c--- C:\delete.bat
2008-10-07 16:31 . 2008-10-07 16:31 <DIR> d----c--- C:\Program Files\VistaCodecPack
2008-10-07 16:28 . 2008-10-07 16:28 <DIR> d----c--- C:\Users\All Users\VistaCodecs
2008-10-07 16:28 . 2008-10-07 16:28 <DIR> d----c--- C:\ProgramData\VistaCodecs
2008-10-07 13:15 . 2008-10-07 13:15 <DIR> d----c--- C:\Users\test account\AppData\Roaming\Uniblue
2008-10-06 12:05 . 2008-10-06 12:05 <DIR> d----c--- C:\Users\test account\AppData\Roaming\AVS4YOU
2008-10-06 12:05 . 2008-10-06 12:05 <DIR> d----c--- C:\Users\All Users\AVS4YOU
2008-10-06 12:05 . 2008-10-06 12:05 <DIR> d----c--- C:\ProgramData\AVS4YOU
2008-10-06 12:04 . 2008-10-07 07:24 <DIR> d----c--- C:\Program Files\AVS4YOU
2008-10-06 11:58 . 2008-10-06 11:58 <DIR> d----c--- C:\Users\test account\AppData\Roaming\NCH Swift Sound
2008-10-04 19:22 . 2008-10-04 19:22 <DIR> d----c--- C:\Users\test account\AppData\Roaming\CyberLink
2008-10-03 01:01 . 2008-10-03 01:01 <DIR> d----c--- C:\23ff9ae6f1ff235e97164ba9
2008-10-02 16:53 . 2008-10-02 16:52 873,152 --a--c--- C:\Windows\System32\oem10.inf
2008-10-02 16:51 . 2008-10-02 16:51 <DIR> d----c--- C:\Users\test account\AppData\Roaming\InstallShield
2008-10-02 16:51 . 2008-10-02 16:51 <DIR> d----c--- C:\Program Files\Broadcom
2008-10-02 16:51 . 2008-10-02 16:51 3,141,632 --a--c--- C:\Windows\System32\bcmihvui.dll
2008-10-02 16:51 . 2008-10-02 16:51 1,207,288 --a--c--- C:\Windows\System32\drivers\BCMWL6.SYS
2008-10-02 16:07 . 2008-10-02 16:07 <DIR> d----c--- C:\Program Files\Common Files\LightScribe
2008-10-02 09:24 . 2008-10-02 09:24 <DIR> d----c--- C:\Users\All Users\Apple Computer
2008-10-02 09:24 . 2008-10-02 09:24 <DIR> d----c--- C:\ProgramData\Apple Computer
2008-10-02 09:24 . 2008-10-02 09:24 <DIR> d----c--- C:\Program Files\Common Files\Apple
2008-10-01 19:11 . 2008-10-01 19:11 <DIR> dr---c--- C:\Users\Public\Videos
2008-10-01 19:11 . 2008-10-01 19:11 <DIR> dr---c--- C:\Users\Public\Pictures
2008-10-01 19:11 . 2008-10-14 09:45 <DIR> d-a--c--- C:\Users\All Users\TEMP
2008-10-01 19:11 . 2008-10-14 09:45 <DIR> d-a--c--- C:\ProgramData\TEMP
2008-10-01 15:29 . 2008-10-01 15:29 <DIR> d----c--- C:\Program Files\Miraplacid Form Lite
2008-10-01 15:29 . 2008-10-01 15:29 310 --a--c--- C:\Windows\System32\mformlite.cfg
2008-09-23 16:48 . 2008-09-23 16:48 <DIR> d----c--- C:\Program Files\SmartShopper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-10-14 22:06 --------- dc----w C:\Program Files\SpeedBit Video Accelerator
2008-10-14 21:49 --------- dc----w C:\Users\test account\AppData\Roaming\Skype
2008-10-14 20:06 --------- dc----w C:\Users\test account\AppData\Roaming\skypePM
2008-10-14 15:15 --------- dc----w C:\Program Files\Hp
2008-10-14 13:03 --------- dc----w C:\ProgramData\Lavasoft
2008-10-14 12:22 2,596 -c--a-w C:\Users\test account\AppData\Roaming\wklnhst.dat
2008-10-13 20:38 --------- dc----w C:\Program Files\spybot - search & destroy
2008-10-13 20:31 --------- dc----w C:\ProgramData\Spybot - Search & Destroy
2008-10-13 16:13 --------- dc----w C:\Program Files\Common Files\Symantec Shared
2008-10-13 12:48 --------- dc----w C:\Program Files\Java
2008-10-10 15:18 --------- dc----w C:\Program Files\Yahoo!
2008-10-09 10:56 --------- dc----w C:\Users\test account\AppData\Roaming\LimeWire
2008-10-07 11:24 --------- dc----w C:\Program Files\Common Files\AVSMedia
2008-10-06 15:58 --------- dc----w C:\ProgramData\NCH Swift Sound
2008-10-05 14:33 --------- dc----w C:\Program Files\The Print Shop 20
2008-10-04 23:43 --------- dc----w C:\Users\test account\AppData\Roaming\Image Zone Express
2008-10-03 00:13 --------- dc----w C:\Users\test account\AppData\Roaming\Hewlett-Packard
2008-10-03 00:11 --------- dc----w C:\Program Files\Hewlett-Packard
2008-10-02 21:28 --------- dc----w C:\ProgramData\CyberLink
2008-10-02 21:26 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-10-02 20:51 87,328 -c--a-w C:\Windows\System32\bcmwlcoi.dll
2008-10-02 20:51 3,481,600 -c--a-w C:\Windows\System32\bcmihvsrv.dll
2008-10-02 19:53 --------- dc----w C:\ProgramData\Hewlett-Packard
2008-10-02 13:24 --------- dc----w C:\Program Files\QuickTime
2008-10-02 11:17 --------- dc----w C:\ProgramData\NVIDIA
2008-10-01 14:35 --------- dc----w C:\Users\test account\AppData\Roaming\HP
2008-10-01 14:35 --------- dc----w C:\Users\test account\AppData\Roaming\ArcSoft
2008-10-01 14:34 --------- dc----w C:\Users\Jerry\AppData\Roaming\Roxio
2008-10-01 14:34 --------- dc----w C:\Users\Jerry\AppData\Roaming\LimeWire
2008-10-01 14:34 --------- dc----w C:\Users\Jerry\AppData\Roaming\HP
2008-10-01 14:34 --------- dc----w C:\Users\Jerry\AppData\Roaming\Hewlett-Packard
2008-10-01 14:34 --------- dc----w C:\Users\Jerry\AppData\Roaming\ErrorSmart
2008-10-01 14:34 --------- dc----w C:\Users\Jerry\AppData\Roaming\Azureus
2008-10-01 14:33 --------- dc----w C:\ProgramData\WildTangent
2008-10-01 14:33 --------- dc----w C:\ProgramData\Symantec
2008-10-01 14:33 --------- dc----w C:\ProgramData\Roxio
2008-10-01 14:33 --------- dc----w C:\ProgramData\NCH Software
2008-10-01 14:33 --------- dc----w C:\ProgramData\Kodak
2008-10-01 14:33 --------- dc----w C:\ProgramData\HP
2008-10-01 14:33 --------- dc----w C:\Program Files\Winamp
2008-10-01 14:33 --------- dc----w C:\Program Files\TweakNow RegCleaner Std
2008-10-01 14:33 --------- dc----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-10-01 14:33 --------- dc----w C:\Program Files\Google
2008-10-01 14:33 --------- dc----w C:\Program Files\DAP
2008-10-01 12:58 --------- dc----w C:\Program Files\microsoft money 2007
2008-09-28 12:01 --------- dc----w C:\Program Files\Windows Mail
2008-09-22 11:22 --------- dc----w C:\Program Files\LimeWire
2008-09-16 21:04 --------- dc----w C:\Users\test account\AppData\Roaming\NCH Software
2008-09-16 21:04 --------- dc----w C:\Program Files\NCH Software
2008-09-10 12:22 --------- dc----w C:\Program Files\Logitech
2008-09-10 12:05 --------- dc----w C:\Program Files\Microsoft Works
2008-09-05 17:17 --------- dc----w C:\Program Files\Common Files\Roxio Shared
2008-09-05 17:09 --------- dc----w C:\Program Files\Roxio
2008-09-05 16:04 --------- dc----w C:\Program Files\Common Files\Real
2008-09-04 21:57 --------- dc----w C:\Program Files\Zeallsoft
2008-09-04 20:34 921,632 -c--a-w C:\PA7302.DAT
2008-09-04 13:31 --------- dc----w C:\Program Files\Skype
2008-09-04 13:30 --------- dc----w C:\ProgramData\Skype
2008-09-04 13:30 --------- dc----w C:\Program Files\Common Files\Skype
2008-09-03 21:22 --------- dc----w C:\Program Files\Web Publish
2008-09-03 21:18 --------- dc----w C:\Program Files\Free Audio Pack
2008-09-03 21:18 --------- dc----w C:\Program Files\Coupons
2008-09-02 15:17 --------- dc----w C:\Users\test account\AppData\Roaming\com.adobe.mauby.4875E02D9F B21EE389F73B8D1702B320485DF8CE.1
2008-09-02 15:12 --------- dc----w C:\Program Files\Common Files\Adobe
2008-08-31 17:04 --------- dc----w C:\Users\test account\AppData\Roaming\Roxio
2008-08-31 15:33 174 --sha-w C:\Program Files\desktop.ini
2008-08-31 15:18 --------- dc----w C:\Program Files\Windows Sidebar
2008-08-31 15:18 --------- dc----w C:\Program Files\Windows Photo Gallery
2008-08-31 15:18 --------- dc----w C:\Program Files\Windows Journal
2008-08-31 15:18 --------- dc----w C:\Program Files\Windows Calendar
2008-08-31 15:18 --------- d-----w C:\Program Files\Windows Collaboration
2008-08-31 15:17 --------- dc----w C:\Program Files\Windows Defender
2008-08-31 14:38 82,432 -c--a-w C:\Windows\System32\axaltocm.dll
2008-08-31 14:38 101,888 -c--a-w C:\Windows\System32\ifxcardm.dll
2008-08-30 23:22 2,560 -c--a-w C:\Windows\_MSRSTRT.EXE
2008-08-30 12:00 --------- dc----w C:\ProgramData\PC Drivers HeadQuarters
2008-08-28 15:58 805 -c--a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-08-28 15:58 123,952 -c--a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-08-28 15:58 10,671 -c--a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-08-28 15:58 --------- dc----w C:\Program Files\Symantec
2008-08-27 10:44 --------- dc----w C:\ProgramData\SpeedBit
2008-08-22 16:06 --------- dc----w C:\Program Files\Common Files\InstallShield
2008-08-22 11:07 --------- dc----w C:\Users\test account\AppData\Roaming\Printer Info Cache
2008-08-22 10:08 878,592 ----a-w C:\Windows\System32\wininet.dll
2008-08-22 10:07 43,008 ----a-w C:\Windows\System32\licmgr10.dll
2008-08-22 10:07 18,944 ----a-w C:\Windows\System32\corpol.dll
2008-08-22 10:06 72,704 ----a-w C:\Windows\System32\admparse.dll
2008-08-22 10:06 71,680 ----a-w C:\Windows\System32\iesetup.dll
2008-08-22 10:06 66,560 ----a-w C:\Windows\System32\wextract.exe
2008-08-22 10:06 129,024 ----a-w C:\Windows\System32\ieUnatt.exe
2008-08-22 10:06 110,080 ----a-w C:\Windows\System32\PDMSetup.exe
2008-08-22 10:06 103,936 ----a-w C:\Windows\System32\SetDepNx.exe
2008-08-22 10:06 103,424 ----a-w C:\Windows\System32\SetIEInstalledDate.exe
2008-08-22 10:05 35,840 ----a-w C:\Windows\System32\imgutil.dll
2008-08-22 10:05 168,960 ----a-w C:\Windows\System32\iexpress.exe
2008-08-22 10:04 48,640 ----a-w C:\Windows\System32\PrivacIE.dll
2008-08-22 10:04 48,128 ----a-w C:\Windows\System32\mshtmler.dll
2008-08-22 10:04 45,568 ----a-w C:\Windows\System32\mshta.exe
2008-08-22 09:57 156,160 ----a-w C:\Windows\System32\msls31.dll
2008-08-20 16:01 --------- dc-h--w C:\Users\test account\AppData\Roaming\Gtek
2008-01-10 21:15 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
2008-01-10 21:15 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-10 21:15 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
2007-08-25 11:40 22 -csha-w C:\Windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2008-09-15 3061248]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-11 21741864]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-08-03 160592]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"vc log bows face"="C:\ProgramData\Rdr Balm Funk.2l27mb" [X]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2008-04-16 985440]
"DXM6Patch_981116"="C:\Windows\p_981116.exe" [1998-11-30 497376]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 51048]
"SpeedBitVideoAccelerator"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2008-07-27 2705008]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [2007-11-07 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RCAutoLiveUpdate"="C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe" [2008-05-30 865744]
"RCSystemTray"="C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe" [2008-05-30 914896]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2002-02-01 98304]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-07 44128]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
PhraseExpress.lnk - C:\Program Files\PhraseExpress\phraseexpress.exe [2008-06-15 3049064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"msacm.divxa32"= divxa32.acm
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{8B1EFD3F-0865-45BE-ADA7-CCCC619B71D8}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2EB80D87-88A9-4C82-90C4-9AEF4D208859}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8EA3AED1-C1B5-4A18-AB62-8AE628E1498A}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6A3B5310-9011-4130-A7F0-4C3C4AC56CFC}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9BD6E2B5-F7BE-491E-ADE1-21667DCE93D9}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4F0200F0-E972-4675-9D7D-F12481964368}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{ADE15D3D-D0CC-41D3-A211-07F709F240BF}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A9251460-71C1-4F7D-B46F-8D2B3391E92E}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{357B5EBD-4989-47C5-BF9C-28C0E9E7B924}"= UDP:C:\Program Files\PhraseExpress\phraseexpress.exe:PhraseExpres s
"{D975942A-FC2C-4607-A1D6-EFA46866AB7F}"= TCP:C:\Program Files\PhraseExpress\phraseexpress.exe:PhraseExpres s
"{9711707E-E6E5-4A7D-AF05-1294EE4A2202}"= Disabled:UDP:E:\setup\HPZNUI01.EXE:hpznui01.exe
"{E98846AF-9AC4-4B6F-826A-79648B55CF5B}"= Disabled:TCP:E:\setup\HPZNUI01.EXE:hpznui01.exe
"{3CD907B4-4E05-43BB-ACBB-A376EB51A72D}"= UDP:22486:BitComet 22486 TCP
"{69E0484E-34B6-42A0-AE1C-239711EFF93C}"= TCP:22486:BitComet 22486 UDP
"{BEB49AC1-E10F-4D08-8BE6-4C6A36A97726}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{11712C75-C948-430B-85BD-503B72780CE1}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{754E5717-BE14-4DDE-9BC3-B16350776909}"= UDP:22486:BitComet 22486 TCP
"{A6BC1D3D-9047-43EF-9CD4-C8CDC8938644}"= TCP:22486:BitComet 22486 UDP
"{5E1FA3B2-A283-4D9D-9FDE-A75E8A26259D}"= Disabled:UDP:C:\Users\Jerry\AppData\Local\Temp\7zS FCC5.tmp\setup\HPZnui01.exe:hpznui01.exe
"{0336C00A-F059-404A-8899-BED1E0CCA1F6}"= Disabled:TCP:C:\Users\Jerry\AppData\Local\Temp\7zS FCC5.tmp\setup\HPZnui01.exe:hpznui01.exe
"{80822BD2-789F-4C8F-A6AC-E7B9144C4C80}"= Disabled:UDP:C:\Users\Jerry\AppData\Local\Temp\7zS 1B3D.tmp\setup\HPZnui01.exe:hpznui01.exe
"{D20CFDCE-1258-429C-A6BC-596F62E79A33}"= Disabled:TCP:C:\Users\Jerry\AppData\Local\Temp\7zS 1B3D.tmp\setup\HPZnui01.exe:hpznui01.exe
"TCP Query User{77381D1C-1B58-4BC5-B9E0-EE73DDFCA01E}C:\\program files\\dap\\dap.exe"= UDP:C:\program files\dap\dap.exe:Download Accelerator Plus (DAP)
"UDP Query User{A7925F12-4FBA-4AD0-AE1C-7D5E8DE5EE7B}C:\\program files\\dap\\dap.exe"= TCP:C:\program files\dap\dap.exe:Download Accelerator Plus (DAP)
"{8857BA07-5BC0-42F1-81C0-A7110F01D4E8}"= Disabled:UDP:C:\Users\Jerry\AppData\Local\Temp\7zS 39C7.tmp\setup\HPZnui01.exe:hpznui01.exe
"{E9F06B63-6EBE-47E1-90B7-529A424210DD}"= Disabled:TCP:C:\Users\Jerry\AppData\Local\Temp\7zS 39C7.tmp\setup\HPZnui01.exe:hpznui01.exe
"{B12D6F13-5D4A-4A02-8B30-AC4C45DBF021}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{180E21B0-9BD8-4B81-8251-EC4C4A8B1255}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{DA12B740-9313-4890-A63A-5DB4BEE6FCBF}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{6FE6167B-6221-4AA2-9A18-7222CEC278C0}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{16A03729-FE09-4063-B04C-8ADF061F527D}"= Disabled:UDP:E:\setup\HPZnui01.exe:hpznui01.exe
"{5A9EDE39-AA77-4148-9EE0-5D1A995561AD}"= Disabled:TCP:E:\setup\HPZnui01.exe:hpznui01.exe
"{8D8D1FD5-D5CF-45D7-BE54-309CA748A723}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{B3786ACC-1085-47BD-9B22-5675F89CEB25}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{50D4F203-2792-46D6-A777-EFE32B713580}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{63178041-5ECB-4051-9FFF-B356EBCBC544}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{E691DA0E-C53C-4A3E-8498-F0620A2092E7}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{AE97CF54-AEA8-481C-B6EA-3E316F7FFED6}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{E5F2DA32-E9B1-4CE0-B9B3-E4E2CC2D733A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{1C839A55-434D-452F-80E6-2237343688D6}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{76168940-79B6-49D7-8442-7F5B607D7835}"= UDP:C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:TiVo Beacon Service
"{B99E6521-978D-489D-827F-88AD49E1FF3F}"= TCP:C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:TiVo Beacon Service
"{7E5B3C20-F078-4E4E-8761-81E7D32D1B6A}"= UDP:C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:TiVo Transfer Service
"{AB8245D8-837B-43EB-AC40-E819830CE82D}"= TCP:C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:TiVo Transfer Service
"{A2A6C97A-334C-4FD6-9B9B-2C35F4BFB63B}"= UDP:C:\Program Files\TiVo\Desktop\TiVoServer.exe:TiVo Server Service
"{79EE914A-D6F9-4BAD-AB27-477FDFF3176A}"= TCP:C:\Program Files\TiVo\Desktop\TiVoServer.exe:TiVo Server Service
"{2859DE36-57A2-4639-B2A5-73D54384B354}"= UDP:C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:TiVo Desktop User Interface
"{77A0CF9D-E290-4350-81CA-4B3B26FA6BDE}"= TCP:C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:TiVo Desktop User Interface
"{7B36CBD2-CC94-4FFB-A4A4-E4BB5B5CB08A}"= UDP:C:\Program Files\TiVo\Desktop\curl.exe:TiVo Curl Service
"{DE58D39A-AFAA-4E29-8C5A-1F74B4105583}"= TCP:C:\Program Files\TiVo\Desktop\curl.exe:TiVo Curl Service
"{015649E7-4FC0-4F1A-A7A1-4F4AD5FC18D0}"= Disabled:TCP:5353:LocalSubnet:LocalSubnet:mDNS-SD/Bonjour
"{09767AB7-353B-45AA-9B99-C6A43A8AFAAB}"= Disabled:UDP:7288:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7288
"{4B2ED509-1255-4BFA-B9B9-51B6DAD0C7D9}"= Disabled:UDP:7289:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7289
"{45C44B3F-A22E-4B57-A75B-8962818413FD}"= Disabled:UDP:7290:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7290
"{AC961F9B-D69E-4E50-98E6-B72A6CFD311B}"= Disabled:UDP:7291:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7291
"{0CCCDD01-A15A-469E-837D-F2FAAD48A90E}"= Disabled:UDP:7292:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7292
"{EAA2F0EB-EE9D-43EF-AAB1-AAEBF90BDA37}"= Disabled:UDP:7293:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7293
"{F7C67091-11EB-47A0-A374-B770AE8127B3}"= Disabled:UDP:7294:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7294
"{083A2C51-6994-4DF7-9D3F-390014DDBADB}"= Disabled:UDP:7295:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7295
"{84FD886D-4BDE-4B6B-A386-9552DB9DB784}"= Disabled:UDP:7296:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7296
"{DC4B0C98-7464-4996-88D6-9A60C2486BD2}"= Disabled:UDP:7297:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7297
"{4F0F4737-7D21-43C5-96B5-2DAD0339678E}"= UDP:C:\Program Files\PhraseExpress\phraseexpress.exe:PhraseExpres s
"{39B32B4F-CB72-4527-9E6E-928FE3EF43F4}"= TCP:C:\Program Files\PhraseExpress\phraseexpress.exe:PhraseExpres s
"{64DC6A9E-3D07-4548-92C3-6B8B079DB431}"= UDP:C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{DE24D65E-E6B4-49CA-9A64-855E42BD1951}"= TCP:C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{93750568-649A-4A05-93A9-C4F020A0185D}"= UDP:C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:VideoAccele ratorService
"{72A1F977-D253-414D-BAF9-307483503626}"= TCP:C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:VideoAccele ratorService
"{E1407D2F-C1E6-4DA1-91FE-B0E5C6C6BEEF}"= UDP:86:BroadCam Web Server
"{B42BE5E5-41A0-4DFC-9681-2E189AF37D83}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{B980C619-D275-47CC-B132-17FEC8B47C51}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsd efs\20081010.002\IDSvix86.sys [2008-09-12 270384]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]
R2 MBXmlRpc;Mediabee;C:\Program Files\Mediabee\src\py\dist\MediabeeService.exe [2006-07-21 19968]
R2 TivoBeacon2;TiVo Beacon;C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2008-04-04 868864]
R2 VideoAcceleratorService;VideoAcceleratorService;C: \PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-07-27 292472]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 182272]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMN DISV.SYS [2008-06-13 41008]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mo n.sys [2008-07-30 23888]
S3 DetectACNT;DetectACNT;C:\Windows\system32\FinePoin tLib\DetectACNT.sys [2002-11-21 51800]
S3 LVBulk;LVBulk Service;C:\Windows\system32\DRIVERS\LVBulk.sys [2002-02-01 10261]
S3 PAC7302;PAC7302 VGA USB Camera;C:\Windows\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\Windows\system32\DRIVERS\LV551A V.sys [2002-02-01 220055]
S3 WinPhlash;WinPhlash;C:\SwSetup\SP38173\SWinFlash\P HLASHNT.SYS [2006-09-06 31616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
rsmsvcs REG_MULTI_SZ ntmssvc

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-07-23 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Jerry.job
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 10:05]

2008-10-14 C:\Windows\Tasks\SpeedOptimizer Startup.job
- c:\progra~1\speedo~1\SPO.exe []

2008-10-14 C:\Windows\Tasks\User_Feed_Synchronization-{083146DB-8157-459E-A19D-B1E7E9E1C4F4}.job
- C:\Windows\system32\msfeedssync.exe [2008-08-22 06:05]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-~E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
BHO-{cfa0cec7-199f-5527-85db-7c85624cac53} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\test account\AppData\Roaming\Mozilla\Firefox\Profiles\n 2a7ctdl.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.com
FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.d ll
FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug. dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 18:05:56
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> p:\Windows\system32\msi.dll
-> p:\Windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\wlanext.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Mediabee\src\py\dist\mediabee.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\RacAgent.exe
.
************************************************** ************************
.
Completion time: 2008-10-14 18:20:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-14 22:19:50

Pre-Run: 5,890,793,472 bytes free
Post-Run: 5,796,491,264 bytes free

419 --- E O F --- 2008-10-11 10:57:45

[evilfantasy]

Download JavaRa

• Unzip the file and open the JavaRa.exe
• Click Remove Older Versions
• JavaRa will search for and remove any outdated version of Java and remove any that are found.
• Click Additional Tasks
• Place a check next to Remove Useless JRE Files and click Go
• Exit JavaRa
• Delete the JavaRa files from the Desktop

----------

Go to Add or Remove Programs and uninstall these programs:

Max Registry Cleaner
PhraseExpress v5.1.29
Search Settings 1.2
SpeedBit Video Accelerator

----------

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

KillAll::

Driver::
Boonty Games
Zumie Search Service

Folder::
C:\Users\All Users\WindowsSearch
C:\ProgramData\WindowsSearch
C:\Program Files\SmartShopper
C:\Program Files\PhraseExpress

File::
C:\Windows\st_affiliate.ini
C:\delete.bat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk 

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vc log bows face"=-
"SearchSettings"=-
"SpeedBitVideoAccelerator"=-
"RCAutoLiveUpdate"=-
"RCSystemTray"=-

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze