Logfile of HijackThis v1.99.1
Scan saved at 12:31:16 PM, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SSA\smc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\Program Files\Aruba Wireless Networks\ArubaService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\WINDOWS\system32\nfsclnt.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDCLient\tmcsvc.exe
C:\Program Files\iPass\iPassConnect\iPCAgent.exe
C:\PROGRA~1\LANDesk\LDCLient\issuser.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\LANDesk\LDCLient\xddclient.exe
C:\PROGRA~1\LANDesk\LDCLient\rcgui.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\LANDesk\LDCLient\softmon.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\WINDOWS\system32\PSXRUN.EXE
C:\WINDOWS\system32\psxss.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\SFU\usr\sbin\zzInterix
C:\SFU\usr\sbin\init
C:\SFU\usr\sbin\inetd
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Connected\CBSysTray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Documents and Settings\jhollett\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ticketing.corp.yahoo.com/callcenter...WETS=1196976644
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=socks.yahoo.com:1080
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {B285004D-6D02-4212-91FC-B8F47B68C254} - C:\WINDOWS\system32\xxywwxy.dll
O2 - BHO: (no name) - {D86C6259-49E7-4D41-B51E-0DBE86F72F36} - C:\WINDOWS\system32\pmnlk.dll
O2 - BHO: Avaya Web Dialer - {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} - C:\Program Files\Avaya\Avaya IP Agent\WebDialer.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDCLient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [pwreset] C:\Program Files\Avaya\Avaya IP Agent\Service Provider\pwreset.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
O4 - HKLM\..\Run: [SpyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe reminder
O4 - HKLM\..\Run: [e4436bc5] rundll32.exe "C:\WINDOWS\system32\mklcqybl.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1186628029890
O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - https://ticketing.corp.yahoo.com/callcenter...x_HI_Client.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ds.corp.yahoo.com
O17 - HKLM\Software\..\Telephony: DomainName = ds.corp.yahoo.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{28E58799-FDB7-49B5-A190-4A34FF457CA8}: NameServer = 192.168.0.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FA4D648-55B8-415F-8C64-9CF2A8B66805}: Domain = corp.yahoo.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FA4D648-55B8-415F-8C64-9CF2A8B66805}: NameServer = 216.145.50.3,216.145.50.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = corp.yahoo.com,ds.corp.yahoo.com,yahoo.com
O20 - AppInit_DLLs: secuload.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: xxywwxy - C:\WINDOWS\SYSTEM32\xxywwxy.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE
O23 - Service: Aruba VPN Service - Unknown owner - C:\Program Files\Aruba Wireless Networks\ArubaService.exe
O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iClarityQoSService - AVAYA Communication - C:\WINDOWS\system32\\QosServM.exe
O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\tmcsvc.exe
O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDCLient\issuser.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LANDesk® Extended device discovery service (LDXDD) - Unknown owner - C:\Program Files\LANDesk\LDCLient\xddclient.exe
O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\softmon.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe

Hello.staticnoise & Welcome

Please run an update with Ad-Aware! then run a Full System scan. And upload it's log-file. I also need you to remove/uninstall the Ver of Hijack-This you have now and install this one here. After doing so run a scan post the Hijack-This log-file.

Download HJTInstall.exe to your Desktop.

[list=4]Doubleclick HJTInstall.exe to install it.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch HijackThis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Save the log to a convenient location as you'll need to post it soon.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.[/list]


Gogo

Thank you for responding so fast. I have attached both the adaware log (adaware_log.txt) and the hijackthis log (hijackthis.log).

Thank you again for your help.

Hey.staticnoise

Please post the Hijack-This log-file so I may have a look at it. I have a hard time seeing them as Attachments.

Gogo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:44 PM, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SSA\smc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\Program Files\Aruba Wireless Networks\ArubaService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\WINDOWS\system32\nfsclnt.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\QosServM.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDCLient\tmcsvc.exe
C:\Program Files\iPass\iPassConnect\iPCAgent.exe
C:\PROGRA~1\LANDesk\LDCLient\issuser.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\LANDesk\LDCLient\xddclient.exe
C:\PROGRA~1\LANDesk\LDCLient\rcgui.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\LANDesk\LDCLient\softmon.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\WINDOWS\system32\PSXRUN.EXE
C:\WINDOWS\system32\psxss.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\SFU\usr\sbin\init
C:\SFU\usr\sbin\zzInterix
C:\SFU\usr\sbin\inetd
C:\WINDOWS\explorer.exe
C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ticketing.corp.yahoo.com/callcenter...WETS=1196976644
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=socks.yahoo.com:1080
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDCLient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [pwreset] C:\Program Files\Avaya\Avaya IP Agent\Service Provider\pwreset.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1186628029890
O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - https://ticketing.corp.yahoo.com/callcenter...x_HI_Client.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ds.corp.yahoo.com
O17 - HKLM\Software\..\Telephony: DomainName = ds.corp.yahoo.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{28E58799-FDB7-49B5-A190-4A34FF457CA8}: NameServer = 192.168.0.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FA4D648-55B8-415F-8C64-9CF2A8B66805}: Domain = corp.yahoo.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FA4D648-55B8-415F-8C64-9CF2A8B66805}: NameServer = 216.145.50.3,216.145.50.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = corp.yahoo.com,ds.corp.yahoo.com,yahoo.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE
O23 - Service: Aruba VPN Service - Unknown owner - C:\Program Files\Aruba Wireless Networks\ArubaService.exe
O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iClarityQoSService - AVAYA Communication - C:\WINDOWS\system32\\QosServM.exe
O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\tmcsvc.exe
O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDCLient\issuser.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LANDesk® Extended device discovery service (LDXDD) - Unknown owner - C:\Program Files\LANDesk\LDCLient\xddclient.exe
O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\softmon.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 10948 bytes

Hi.staticnoise

It looks like you disabled some items from running using Msconfig.?

Open notepad and copy and paste next bold in it:

regedit /e peek1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg"
regedit /e peek2.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder"
type peek1.txt >> startup.txt
type peek2.txt >> startup.txt
del peek*.txt
start notepad startup.txt

Save this as look.bat , choose to save as *all files and place it on your desktop.
This is how the batch must look after you created it: Click to view attachment
Doubleclick on look.bat and post the contents of it in your next reply together with a new hijackthislog.


Gogo

Thank youn again for your help. I have listed both the startup.txt and the new hijacklog below.

Thank you

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------



-------------------------------------------------------------------------------------------------------------------------------------------------------------------------


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Reader_sl"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APVXDWIN]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APVXDWIN"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Panda Security\\Panda Antivirus 2008\\APVXDWIN.EXE\" /s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpWirelessAssistant]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWAMain"
"hkey"="HKLM"
"command"="%ProgramFiles%\\Hewlett-Packard\\HP Wireless Assistant\\HPWAMain.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NI.UGA6P_0001_N122M2210]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winvsnet"
"hkey"="HKLM"
"command"="\"C:\\DOCUME~1\\jhollett\\LOCALS~1\\Temp\\winvsnet.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QlbCtrl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QlbCtrl"
"hkey"="HKLM"
"command"="%ProgramFiles%\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe /Start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SoundMAX]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="smax4"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\smax4.exe\" /tray"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SoundMAXPnP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="smax4pnp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TeaTimer"
"hkey"="HKCU"
"command"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WatchDog]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DVDCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YAHOOM~1"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"inimapping"="0"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 7.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\SnagIt 7.lnk"
"backup"="C:\\WINDOWS\\pss\\SnagIt 7.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\TECHSM~1\\SNAGIT~1\\SnagIt32.exe "
"item"="SnagIt 7"

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------



-------------------------------------------------------------------------------------------------------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:04:57 PM, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SSA\smc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\Program Files\Aruba Wireless Networks\ArubaService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\WINDOWS\system32\nfsclnt.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDCLient\tmcsvc.exe
C:\Program Files\iPass\iPassConnect\iPCAgent.exe
C:\PROGRA~1\LANDesk\LDCLient\issuser.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\LANDesk\LDCLient\xddclient.exe
C:\PROGRA~1\LANDesk\LDCLient\rcgui.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\LANDesk\LDCLient\softmon.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\WINDOWS\system32\PSXRUN.EXE
C:\WINDOWS\system32\psxss.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\SFU\usr\sbin\zzInterix
C:\SFU\usr\sbin\init
C:\SFU\usr\sbin\inetd
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Connected\CBSysTray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Pidgin\pidgin.exe
C:\DOCUME~1\jhollett\LOCALS~1\Temp\60exhmunml35dl.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ticketing.corp.yahoo.com/callcenter...WETS=1196976644
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=socks.yahoo.com:1080
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDCLient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [pwreset] C:\Program Files\Avaya\Avaya IP Agent\Service Provider\pwreset.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1186628029890
O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - https://ticketing.corp.yahoo.com/callcenter...x_HI_Client.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ds.corp.yahoo.com
O17 - HKLM\Software\..\Telephony: DomainName = ds.corp.yahoo.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{28E58799-FDB7-49B5-A190-4A34FF457CA8}: NameServer = 192.168.0.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FA4D648-55B8-415F-8C64-9CF2A8B66805}: Domain = corp.yahoo.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FA4D648-55B8-415F-8C64-9CF2A8B66805}: NameServer = 216.145.50.3,216.145.50.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = corp.yahoo.com,ds.corp.yahoo.com,yahoo.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE
O23 - Service: Aruba VPN Service - Unknown owner - C:\Program Files\Aruba Wireless Networks\ArubaService.exe
O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iClarityQoSService - AVAYA Communication - C:\WINDOWS\system32\\QosServM.exe
O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\tmcsvc.exe
O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDCLient\issuser.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LANDesk® Extended device discovery service (LDXDD) - Unknown owner - C:\Program Files\LANDesk\LDCLient\xddclient.exe
O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\softmon.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 12004 bytes

Hi.staticnoise

Please clean out your temp files.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

===========================

Download ComboFix from Here or Here to your Desktop.

[*]Double click combofix.exe and follow the prompts.
[*]When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall


Gogo

ComboFix 07-12-12.3 - jhollett 2007-12-11 16:38:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1252 [GMT -8:00]
Running from: C:\Documents and Settings\jhollett\Desktop\ComboFix(2).exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\bkR11
C:\WINDOWS\system32\gfdfqtqn.dll
C:\WINDOWS\system32\jjlrvrdg.dll
C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\klnmp.ini2
C:\WINDOWS\system32\lbyqclkm.ini
C:\WINDOWS\system32\mklcqybl.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\qvdfjjcy.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-12 to 2007-12-12 )))))))))))))))))))))))))))))))
.

2007-12-11 13:25 . 2007-12-11 13:25 <DIR> d-------- C:\VundoFix Backups
2007-12-10 16:04 . 2007-12-10 16:04 <DIR> d-------- C:\Deckard
2007-12-10 15:00 . 2007-11-28 13:06 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-10 12:40 . 2007-12-10 12:40 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\Tenebril
2007-12-10 12:39 . 2007-12-10 12:39 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-10 12:38 . 2007-12-10 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2007-12-10 12:37 . 2007-12-10 12:37 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2007-12-10 12:37 . 2005-10-12 23:10 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-12-10 12:17 . 2007-12-10 12:17 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-10 12:17 . 2007-12-10 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-07 16:28 . 2007-12-07 16:28 39,936 --a------ C:\WINDOWS\system32\xxywwxy.dll.vir
2007-12-06 09:21 . 2007-12-06 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-06 09:10 . 2007-12-06 09:10 <DIR> d-------- C:\Program Files\Sygate
2007-12-06 09:10 . 2006-07-12 11:19 81,080 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-12-06 09:10 . 2006-07-12 10:59 61,520 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-12-06 09:10 . 2006-07-12 11:02 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-12-06 09:10 . 2006-07-12 11:22 14,944 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-12-06 09:10 . 2006-07-12 11:22 14,944 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-12-06 09:10 . 2006-07-12 11:22 14,944 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-12-06 09:10 . 2006-07-12 11:22 14,944 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-12-05 15:21 . 2007-12-05 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2007-12-05 15:20 . 2007-12-06 09:03 <DIR> d-------- C:\Program Files\Panda Security
2007-12-05 15:20 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll
2007-12-05 12:20 . 2007-12-05 12:20 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-05 12:20 . 2007-12-05 12:20 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-05 12:11 . 2007-12-07 16:28 <DIR> d-------- C:\WINDOWS\system32\daSgo01
2007-12-05 11:59 . 2007-12-05 12:01 <DIR> d-------- C:\Program Files\SlimServer
2007-12-05 10:01 . 2007-12-05 10:01 <DIR> d-------- C:\Program Files\AnalogX
2007-12-05 07:56 . 2007-12-05 07:56 <DIR> d-------- C:\Program Files\YIT
2007-12-04 13:59 . 2007-12-04 13:59 32,768 --a------ C:\WINDOWS\system\smvss.exe
2007-12-04 08:38 . 2007-12-04 08:38 <DIR> d-------- C:\Dell
2007-12-03 16:33 . 2007-12-03 16:33 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\Songbird1
2007-12-03 16:33 . 2007-12-03 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2007-12-03 16:19 . 2007-12-11 13:31 <DIR> d-------- C:\Program Files\Synergy
2007-12-03 15:57 . 2007-12-03 15:59 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\uTorrent
2007-11-30 15:52 . 2007-11-30 15:52 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\Thunderbird
2007-11-30 13:55 . 2007-12-05 12:37 <DIR> d-------- C:\Program Files\FileZilla Client
2007-11-28 13:06 . 2007-12-10 16:05 <DIR> d-------- C:\Documents and Settings\jhollett\.housecall6.6
2007-11-27 14:55 . 2007-11-27 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Application DataTechSmith
2007-11-27 14:53 . 2007-11-27 14:53 <DIR> d-------- C:\Program Files\TechSmith
2007-11-27 14:53 . 2007-12-11 13:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-27 08:10 . 2007-11-27 08:10 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2007-11-26 12:37 . 2007-11-26 12:37 0 --a------ C:\WINDOWS\system32\(null)id.tmp
2007-11-17 00:48 . 2007-11-17 00:48 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\Apple Computer
2007-11-15 08:03 . 2007-08-20 02:04 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-15 08:03 . 2007-04-17 01:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-15 08:03 . 2007-03-07 21:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-15 08:03 . 2007-08-20 02:04 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-15 08:03 . 2007-08-20 02:04 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-15 08:03 . 2007-08-20 02:04 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-15 08:03 . 2007-08-20 02:04 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-15 08:03 . 2007-08-20 02:04 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-15 08:03 . 2007-08-17 02:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-14 14:56 . 2007-11-14 14:56 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-11-13 13:20 . 2007-12-06 15:43 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\FileZilla
2007-11-12 16:43 . 2007-11-12 16:43 <DIR> d-------- C:\WINDOWS\cluster
2007-11-12 16:43 . 2007-11-12 16:43 <DIR> d-------- C:\Program Files\CMAK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 00:41 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-12-12 00:31 --------- d-----w C:\Documents and Settings\jhollett\Application Data\.purple
2007-12-11 23:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\vulScan
2007-12-11 20:03 --------- d-----w C:\Program Files\Connected
2007-12-05 23:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-05 20:42 --------- d-----w C:\Program Files\WinSCP3
2007-12-05 20:41 --------- d-----w C:\Program Files\UltraMon
2007-12-05 20:41 --------- d-----w C:\Program Files\Pidgin
2007-12-05 20:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-05 20:36 --------- d-----w C:\Program Files\Aruba Wireless Networks
2007-12-04 00:37 --------- d-----w C:\Program Files\Yahoo! Inc
2007-11-20 22:41 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-13 16:17 --------- d-----w C:\Program Files\Yahoo!
2007-11-13 16:02 --------- d-----w C:\Documents and Settings\jhollett\Application Data\Yahoo!
2007-11-13 16:01 --------- d-----w C:\Program Files\FileZilla
2007-11-12 21:53 --------- d-----w C:\Documents and Settings\jhollett\Application Data\DameWare Development
2007-11-10 08:35 --------- d-----w C:\Documents and Settings\staticnoise\Application Data\uTorrent
2007-11-10 08:27 --------- d-----w C:\Program Files\uTorrent
2007-11-10 08:25 --------- d-----w C:\Documents and Settings\staticnoise\Application Data\Realtime Soft
2007-11-10 07:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Realtime Soft
2007-11-09 19:09 --------- d-----w C:\Program Files\Google
2007-11-09 19:05 --------- d-----w C:\Program Files\Common Files\Data Dynamics
2007-11-09 19:04 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-11-09 19:04 --------- d-----w C:\Program Files\LANDesk
2007-11-09 17:18 --------- d-----w C:\Program Files\DameWare Development
2007-11-08 19:36 --------- d-----w C:\Program Files\Common Files\Realtime Soft
2007-11-08 19:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Realtime Soft
2007-11-08 17:14 --------- d-----w C:\Documents and Settings\jhollett\Application Data\Realtime Soft
2007-11-08 00:07 --------- d-----w C:\Documents and Settings\jhollett\Application Data\Winamp
2007-11-07 16:43 --------- d-----w C:\Program Files\Winamp
2007-11-06 22:31 --------- d-----w C:\Program Files\Common Files\GTK
2007-11-06 18:59 --------- d-----w C:\Program Files\Java
2007-11-06 17:47 --------- d-----w C:\Documents and Settings\jhollett\Application Data\Avaya
2007-11-05 20:05 --------- d-----w C:\Documents and Settings\jhollet\Application Data\Instantbird
2007-11-05 19:32 --------- d-----w C:\Documents and Settings\jhollet\Application Data\Winamp
2007-11-05 18:22 --------- d-----w C:\Program Files\Avaya
2007-11-05 18:22 --------- d-----w C:\Documents and Settings\jhollet\Application Data\Avaya
2007-11-05 17:41 --------- d-----w C:\Documents and Settings\jhollet\Application Data\Thunderbird
2007-11-05 16:11 97,936 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-11-05 16:11 31,888 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-11-05 16:11 28,304 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-11-05 16:11 24,208 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-11-05 16:11 20 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2007-11-05 16:11 189,584 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-11-05 16:11 12,944 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-11-05 16:11 1,133 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-05-18 20:50]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-05-18 20:50]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-05-18 20:50]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 16:47]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-04-16 10:24]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-04-16 10:22]
"atchk"="C:\Program Files\Intel\AMT\atchk.exe" [2007-05-01 15:52]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 04:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 04:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:00]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 09:33]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-05-26 19:51]
"IntelAPMClient"="C:\Program Files\LANDesk\LDCLient\amclient.exe" [2006-12-04 06:38]
"SDClientMonitor"="C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe" [2006-11-01 07:06]
"pwreset"="C:\Program Files\Avaya\Avaya IP Agent\Service Provider\pwreset.exe" [2005-10-25 11:17]
"UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" [2006-10-12 21:27]
"devenv"="C:\WINDOWS\system\smvss.exe" [2007-12-04 13:59]
"SmcService"="C:\PROGRA~1\Sygate\SSA\smc.exe" [2006-07-12 11:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywwxy]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=\\ds\NETLOGON\gpo-scripts\GPOAddAdmin.bat

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 7.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk
backup=C:\WINDOWS\pss\SnagIt 7.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN]
C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UGA6P_0001_N122M2210]
C:\DOCUME~1\jhollett\LOCALS~1\Temp\winvsnet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\smax4.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-01-05 15:36 872448 --a------ C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2007-08-31 16:46 1460560 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2007-05-23 10:00 192512 --a------ C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##is-landesk#ldmain]
\Shell\AutoRun\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Snv-na-fs1#Anne]
\Shell\AutoRun\command - Z:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{601d89d1-92ce-11dc-ad74-001a6bb9b52b}]
\Shell\AutoRun\command - E:\Autorun.exe /run
\Shell\Shell00\Command - E:\Autorun.exe /run
\Shell\Shell01\Command - E:\Autorun.exe /action
\Shell\Shell02\Command - E:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{671c6ac2-452e-11dc-b2ed-806d6172696f}]
\Shell\AutoRun\command - D:\Programs\nu2menu\nu2menu.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-11 16:43:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-11 16:45:19 - machine was rebooted
.
2007-11-26 20:01:52 --- E O F ---

Hi.staticnoise

Next

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quote box below into it (but don't include the word: quote). Make sure to use NotePad and nothing else.



Save this as CFScript.txt, in the same location as ComboFix.exe

Click to view attachment

Refering to the picture above, drag CFScript into ComboFix.exe


When finished, it will produce a log for you at "C:\ComboFix.txt"


Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Then come back here with both the HijackThis log and ComboFix.txt


Gogo

Thanks again


ComboFix 07-12-12.3 - jhollett 2007-12-12 16:07:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1208 [GMT -8:00]
Running from: C:\Documents and Settings\jhollett\Desktop\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\jhollett\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\Help.ico
C:\WINDOWS\system32\Uninstall.ico
C:\WINDOWS\system32\xxywwxy.dll.vir
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\daSgo01
C:\WINDOWS\system32\Help.ico
C:\WINDOWS\system32\Uninstall.ico
C:\WINDOWS\system32\xxywwxy.dll.vir

.
((((((((((((((((((((((((( Files Created from 2007-11-13 to 2007-12-13 )))))))))))))))))))))))))))))))
.

2007-12-12 08:37 . 2007-12-12 16:08 <DIR> d-------- C:\Program Files\PeerGuardian2
2007-12-12 06:55 . 2007-12-12 06:55 90,112 --a------ C:\WINDOWS\system32\WOEM_3_2awoem.tmp
2007-12-11 13:25 . 2007-12-11 13:25 <DIR> d-------- C:\VundoFix Backups
2007-12-10 16:04 . 2007-12-10 16:04 <DIR> d-------- C:\Deckard
2007-12-10 15:00 . 2007-11-28 13:06 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-10 12:40 . 2007-12-10 12:40 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\Tenebril
2007-12-10 12:39 . 2007-12-10 12:39 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-10 12:38 . 2007-12-10 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2007-12-10 12:37 . 2007-12-10 12:37 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2007-12-10 12:37 . 2005-10-12 23:10 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-12-10 12:17 . 2007-12-10 12:17 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-10 12:17 . 2007-12-10 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-06 09:21 . 2007-12-06 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-06 09:10 . 2007-12-06 09:10 <DIR> d-------- C:\Program Files\Sygate
2007-12-06 09:10 . 2006-07-12 11:19 81,080 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-12-06 09:10 . 2006-07-12 10:59 61,520 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-12-06 09:10 . 2006-07-12 11:02 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-12-06 09:10 . 2006-07-12 11:22 14,944 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-12-06 09:10 . 2006-07-12 11:22 14,944 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-12-06 09:10 . 2006-07-12 11:22 14,944 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-12-06 09:10 . 2006-07-12 11:22 14,944 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-12-05 15:21 . 2007-12-05 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2007-12-05 15:20 . 2007-12-06 09:03 <DIR> d-------- C:\Program Files\Panda Security
2007-12-05 15:20 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll
2007-12-05 11:59 . 2007-12-05 12:01 <DIR> d-------- C:\Program Files\SlimServer
2007-12-05 10:01 . 2007-12-05 10:01 <DIR> d-------- C:\Program Files\AnalogX
2007-12-05 07:56 . 2007-12-05 07:56 <DIR> d-------- C:\Program Files\YIT
2007-12-04 13:59 . 2007-12-04 13:59 32,768 --a------ C:\WINDOWS\system\smvss.exe
2007-12-04 08:38 . 2007-12-04 08:38 <DIR> d-------- C:\Dell
2007-12-03 16:33 . 2007-12-03 16:33 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\Songbird1
2007-12-03 16:33 . 2007-12-03 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2007-12-03 16:19 . 2007-12-11 13:31 <DIR> d-------- C:\Program Files\Synergy
2007-12-03 15:57 . 2007-12-12 09:46 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\uTorrent
2007-11-30 15:52 . 2007-11-30 15:52 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\Thunderbird
2007-11-30 13:55 . 2007-12-05 12:37 <DIR> d-------- C:\Program Files\FileZilla Client
2007-11-28 13:06 . 2007-12-10 16:05 <DIR> d-------- C:\Documents and Settings\jhollett\.housecall6.6
2007-11-27 14:55 . 2007-11-27 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Application DataTechSmith
2007-11-27 14:53 . 2007-11-27 14:53 <DIR> d-------- C:\Program Files\TechSmith
2007-11-27 14:53 . 2007-12-11 13:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-27 08:10 . 2007-11-27 08:10 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2007-11-26 12:37 . 2007-11-26 12:37 0 --a------ C:\WINDOWS\system32\(null)id.tmp
2007-11-17 00:48 . 2007-11-17 00:48 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\Apple Computer
2007-11-15 08:03 . 2007-08-20 02:04 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-15 08:03 . 2007-04-17 01:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-15 08:03 . 2007-03-07 21:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-15 08:03 . 2007-08-20 02:04 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-15 08:03 . 2007-08-20 02:04 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-15 08:03 . 2007-08-20 02:04 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-15 08:03 . 2007-08-20 02:04 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-15 08:03 . 2007-08-20 02:04 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-15 08:03 . 2007-08-17 02:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-14 14:56 . 2007-11-14 14:56 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-11-13 13:20 . 2007-12-06 15:43 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\FileZilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-13 00:04 --------- d-----w C:\Documents and Settings\jhollett\Application Data\.purple
2007-12-12 23:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\vulScan
2007-12-12 20:02 --------- d-----w C:\Program Files\Connected
2007-12-12 14:55 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-12-05 23:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-05 20:42 --------- d-----w C:\Program Files\WinSCP3
2007-12-05 20:41 --------- d-----w C:\Program Files\UltraMon
2007-12-05 20:41 --------- d-----w C:\Program Files\Pidgin
2007-12-05 20:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-05 20:36 --------- d-----w C:\Program Files\Aruba Wireless Networks
2007-12-04 00:37 --------- d-----w C:\Program Files\Yahoo! Inc
2007-11-20 22:41 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-13 16:17 --------- d-----w C:\Program Files\Yahoo!
2007-11-13 16:02 --------- d-----w C:\Documents and Settings\jhollett\Application Data\Yahoo!
2007-11-13 16:01 --------- d-----w C:\Program Files\FileZilla
2007-11-13 00:43 --------- d-----w C:\Program Files\CMAK
2007-11-12 21:53 --------- d-----w C:\Documents and Settings\jhollett\Application Data\DameWare Development
2007-11-10 08:35 --------- d-----w C:\Documents and Settings\staticnoise\Application Data\uTorrent
2007-11-10 08:27 --------- d-----w C:\Program Files\uTorrent
2007-11-10 08:25 --------- d-----w C:\Documents and Settings\staticnoise\Application Data\Realtime Soft
2007-11-10 07:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Realtime Soft
2007-11-09 19:09 --------- d-----w C:\Program Files\Google
2007-11-09 19:05 --------- d-----w C:\Program Files\Common Files\Data Dynamics
2007-11-09 19:04 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-11-09 19:04 --------- d-----w C:\Program Files\LANDesk
2007-11-09 17:18 --------- d-----w C:\Program Files\DameWare Development
2007-11-08 19:36 --------- d-----w C:\Program Files\Common Files\Realtime Soft
2007-11-08 19:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Realtime Soft
2007-11-08 17:14 --------- d-----w C:\Documents and Settings\jhollett\Application Data\Realtime Soft
2007-11-08 00:07 --------- d-----w C:\Documents and Settings\jhollett\Application Data\Winamp
2007-11-07 16:43 --------- d-----w C:\Program Files\Winamp
2007-11-06 23:27 48,456 ----a-w C:\WINDOWS\system32\UninstallElectricSheep.exe
2007-11-06 22:31 --------- d-----w C:\Program Files\Common Files\GTK
2007-11-06 18:59 --------- d-----w C:\Program Files\Java
2007-11-06 17:47 --------- d-----w C:\Documents and Settings\jhollett\Application Data\Avaya
2007-11-05 20:05 --------- d-----w C:\Documents and Settings\jhollet\Application Data\Instantbird
2007-11-05 19:32 --------- d-----w C:\Documents and Settings\jhollet\Application Data\Winamp
2007-11-05 18:22 --------- d-----w C:\Program Files\Avaya
2007-11-05 18:22 --------- d-----w C:\Documents and Settings\jhollet\Application Data\Avaya
2007-11-05 17:41 --------- d-----w C:\Documents and Settings\jhollet\Application Data\Thunderbird
2007-11-05 16:11 97,936 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-11-05 16:11 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-11-05 16:11 31,888 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-11-05 16:11 28,304 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-11-05 16:11 24,208 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-11-05 16:11 20 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2007-11-05 16:11 189,584 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-11-05 16:11 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-11-05 16:11 12,944 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-11-05 16:11 1,133 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
.

((((((((((((((((((((((((((((( snapshot@2007-12-11_16.44.17.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-11 22:25:15 71,370 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-12 15:04:04 71,370 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-11 22:25:15 439,832 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-12 15:04:04 439,832 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-05-18 20:50]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-05-18 20:50]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-05-18 20:50]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 16:47]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-04-16 10:24]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-04-16 10:22]
"atchk"="C:\Program Files\Intel\AMT\atchk.exe" [2007-05-01 15:52]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 04:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 04:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:00]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 09:33]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-05-26 19:51]
"IntelAPMClient"="C:\Program Files\LANDesk\LDCLient\amclient.exe" [2006-12-04 06:38]
"SDClientMonitor"="C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe" [2006-11-01 07:06]
"pwreset"="C:\Program Files\Avaya\Avaya IP Agent\Service Provider\pwreset.exe" [2005-10-25 11:17]
"UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" [2006-10-12 21:27]
"devenv"="C:\WINDOWS\system\smvss.exe" [2007-12-04 13:59]
"SmcService"="C:\PROGRA~1\Sygate\SSA\smc.exe" [2006-07-12 11:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=\\ds\NETLOGON\gpo-scripts\GPOAddAdmin.bat

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 7.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk
backup=C:\WINDOWS\pss\SnagIt 7.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN]
C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\smax4.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-01-05 15:36 872448 --a------ C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2007-08-31 16:46 1460560 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2007-05-23 10:00 192512 --a------ C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE -quiet

R2 Aruba VPN Service;Aruba VPN Service;C:\Program Files\Aruba Wireless Networks\ArubaService.exe
R2 atchksrv;Intel® Active Management Technology System Status Service;C:\Program Files\Intel\AMT\atchksrv.exe
R2 CBA8;LANDesk® Management Agent;"C:\Program Files\LANDesk\Shared Files\residentagent.exe"
R2 Client for NFS;Client for NFS;C:\WINDOWS\system32\nfsclnt.exe
R2 iPCAgent;iPCAgent;C:\Program Files\iPass\iPassConnect\iPCAgent.exe
R2 LDXDD;LANDesk® Extended device discovery service;"C:\Program Files\LANDesk\LDCLient\xddclient.exe"
R2 LMS;Intel® Active Management Technology Local Management Service;C:\Program Files\Intel\AMT\LMS.exe
R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;C:\WINDOWS\system32\DRIVERS\mdc80211.sys
R2 Softmon;LANDesk® Software Monitoring Service;"C:\Program Files\LANDesk\LDCLient\softmon.exe"
R2 UltraMonUtility;UltraMon Utility Driver;\??\C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
R2 UNS;Intel® Active Management Technology User Notification Service;C:\Program Files\Intel\AMT\UNS.exe
R2 zzInterix;Interix Subsystem Startup;C:\WINDOWS\system32\PSXRUN.EXE
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
R3 ldblank;Screen Blanking driver for Remote Control;C:\WINDOWS\system32\DRIVERS\ldblank.sys
R3 ldmirror;ldmirror;C:\WINDOWS\system32\DRIVERS\ldmirror.sys
R3 mirrorflt;Mirror Filter Driver for Uninstall;C:\WINDOWS\system32\DRIVERS\mirrorflt.sys
R3 NfsRdr;NfsRdr;\??\C:\WINDOWS\system32\drivers\nfsrdr.sys
R3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
R3 Portmap;Portmap;\??\C:\WINDOWS\system32\drivers\portmap.sys
R3 PsxDrv;PsxDrv;\??\C:\WINDOWS\system32\drivers\PSXDRV.SYS
R3 rismc32;RICOH Smart Card Reader;C:\WINDOWS\system32\DRIVERS\rismc32.sys
R3 RpcXdr;RpcXdr;\??\C:\WINDOWS\system32\drivers\rpcxdr.sys
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys
R3 WOEM_3_2a;WinPcap Packet Driver (WOEM_3_2a);C:\WINDOWS\system32\drivers\WOEM_3_2a.sys
S3 magaService;Lan Discover Agent;C:\Program Files\Sygate\SSA\maga\maga.exe
S3 OracleClientCache80;OracleClientCache80;C:\orant\BIN\ONRSD80.EXE
S4 CronService;Windows Cron Service;C:\SFU\common\cron.exe
S4 Mapsvc;User Name Mapping;C:\SFU\Mapper\mapsvc.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##is-landesk#ldmain]
\Shell\AutoRun\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Snv-na-fs1#Anne]
\Shell\AutoRun\command - Z:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{601d89d1-92ce-11dc-ad74-001a6bb9b52b}]
\Shell\AutoRun\command - E:\Autorun.exe /run
\Shell\Shell00\Command - E:\Autorun.exe /run
\Shell\Shell01\Command - E:\Autorun.exe /action
\Shell\Shell02\Command - E:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{671c6ac2-452e-11dc-b2ed-806d6172696f}]
\Shell\AutoRun\command - D:\Programs\nu2menu\nu2menu.exe

*Newly Created Service* - IPFILTERDRIVER
*Newly Created Service* - PGFILTER
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 16:08:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-12 16:09:08
C:\ComboFix2.txt ... 2007-12-11 16:45
.
2007-11-26 20:01:52 --- E O F ---

----------------------------------------------------------


----------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:17, on 2007-12-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SSA\smc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\Program Files\Aruba Wireless Networks\ArubaService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\WINDOWS\system32\nfsclnt.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\QosServM.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDCLient\tmcsvc.exe
C:\Program Files\iPass\iPassConnect\iPCAgent.exe
C:\PROGRA~1\LANDesk\LDCLient\issuser.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\LANDesk\LDCLient\xddclient.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\PROGRA~1\LANDesk\LDCLient\rcgui.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\LANDesk\LDCLient\softmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\WINDOWS\system32\PSXRUN.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\psxss.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\SFU\usr\sbin\zzInterix
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\SFU\usr\sbin\init
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\SFU\usr\sbin\inetd
C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe
C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Connected\CBSysTray.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\LANDesk\LDCLient\LDIScn32.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\LANDesk\Shared Files\proxyhost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ticketing.corp.yahoo.com/callcenter...WETS=1196976644
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=socks.yahoo.com:1080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Avaya Web Dialer - {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} - C:\Program Files\Avaya\Avaya IP Agent\WebDialer.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDCLient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [pwreset] C:\Program Files\Avaya\Avaya IP Agent\Service Provider\pwreset.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1186628029890
O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - https://ticketing.corp.yahoo.com/callcenter...x_HI_Client.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ds.corp.yahoo.com
O17 - HKLM\Software\..\Telephony: DomainName = ds.corp.yahoo.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{28E58799-FDB7-49B5-A190-4A34FF457CA8}: NameServer = 192.168.0.23
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE
O23 - Service: Aruba VPN Service - Unknown owner - C:\Program Files\Aruba Wireless Networks\ArubaService.exe
O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iClarityQoSService - AVAYA Communication - C:\WINDOWS\system32\\QosServM.exe
O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\tmcsvc.exe
O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDCLient\issuser.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LANDesk® Extended device discovery service (LDXDD) - Unknown owner - C:\Program Files\LANDesk\LDCLient\xddclient.exe
O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\softmon.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 11799 bytes

Hi.staticnoise

Please do this for I just want to make sure about something here.

Please submit the following files for analysis.

Jotti File Submission:

[*]Please go to Jotti's malware scan
[*]Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

[*]C:\WINDOWS\system32\archlib.dll

[*]Click on the submit button
[*]Please post the results in your next reply.

Please note that if you are submitting more than one file they will have to be entered one at a time.


=========================

Please come back here with the scan results. Also may I have some feedback how is PC! going any better now.


Gogo

thank you so much for your help. My machine is running a lot better now.

Thank you!



File: archlib.dll
Status:
OK
MD5: b2cfe0aa4d83f78887d348fc39b57434
Packers detected:
-
Bit9 reports: No threat detected (more info)

Scanner results
Scan taken on 13 Dec 2007 15:40:19 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

Hey.staticnoise

Sorry about the delay here. Now how is the PC! doing better or the same. Give me, feedback here.

Gogo

PC is doing a lot better. Thank you so much for your help.

Jay

Hey.staticnoise

Then let's do some cleaning up here.

Start --> Run, and type Combofix /u in the box that appears. Click OK afterwards. Notice the space between the X and the /u It needs to be there.

The above procedure will:

* Delete the following:
o ComboFix and its associated files and folders.
o VundoFix backups, if present
o The C:\Deckard folder, if present
o The C:_OtMoveIt folder, if present
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

===========================

Clean out your Temporary Internet files.
Internet Explorer
Close Internet Explorer and close any instances of Windows Explorer.
Click Start -> Control Panel and then double-click Internet Options.
On the General tab, click Delete Files under Temporary Internet Files.
In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
Click OK.

---------------------

Firefox (In case you also have Firefox installed)
Open Firefox and go to Tools -> Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to close the Options window.
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.

===========================

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

===========================

Make your Internet Explorer more secure - This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
a. Change the Download signed ActiveX controls to Prompt
b. Change the Download unsigned ActiveX controls to Disable
c . Change the Initialize and script ActiveX controls not marked as safe to Disable
d. Change the Installation of desktop items to Prompt
e. Change the Launching programs and files in an IFRAME to Prompt
f. Change the Navigate sub-frames across different domains to Prompt
g. When all these settings have been made, click on the OK button.
h. If it prompts you as to whether or not you want to save the settings, press the Yes button.
5. Next press the Apply button and then the OK to exit the Internet Properties page.

===========================

Please report back to me, any problems you may or may not of had.

Gogo