Webuser Forums: Spyware has infected my computer and I need help to remove it.

Hi Brian. Well here is the latest information. After following your instructions
in your last reply. Once Combo fix stated that it was rebooting system / please wait...., it was stuck there for almost half an hour so I rebooted the system manually. After windows restarted, I got the new Combofix log and generated
new Hijackthis log. (QUESTION== When I draged the CFScript doc into Combofix, was it suppose
to start running? because your instruction stated I was to restart the computer after the
drag and drop)
Then I downloaded Malwarebytes. I ran Malware like you said, and
while it was running I got one popup stating "SYSTEM INTEGRITY SCAN WIZARD" and it
said warning computer may have errors in windows registry and file system. It gave me
the option to click next or cancel. I cancelled it and click OK to If I was sure I wanted
to exit setup. So after Malware finished scanning, it discovered 34 objects infected.
All were checked and when I selected "Remove" it started to remove and instantly the
computer rebooted itself. When windows restarted a microsoft windows message appered
saying system recovered from a serious error and ask if i wanted to send an error report
to microsoft.

I clicked the view button in the message boxand it stated the following:

Error signature
BCCode:5 BCP1 : 82080278 BCP2 : 823C8A00 BCP3 : 00000001
BCP4 : 81FE6C18 OSVer:5_1_2600 SP:2_0 Product: 256_1

I reviewed the techical info about the error report and it stated the following
files would be included in the report:

C:\DOCUME~1\WILLIA~1.HUD\LOCALS~1\Temp\WERa6c7.dir00\Mini041608-02.dmp
C:\DOCUME~1\WILLIA~1.HUD\LOCALS~1\Temp\WERa6c7.dir00\sysdata.xml

So I ran Malware again and the same thing happened and both times when the system restatred there was no Malware Log created.
So here are the Logs from Combofix and Hijackthis. Let me know what you think.
Thanks Brian.

=======================================================

ComboFix 08-04-14.2 - William A. Hudson 2008-04-16 15:11:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.316 [GMT -7:00]
Running from: C:\Documents and Settings\William A. Hudson\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\William A. Hudson\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\William A. Hudson\DesktopTrojan.Win32.BlackBird.PIF
C:\WINDOWS\.prj
C:\WINDOWS\dsktbwfe.dll
C:\WINDOWS\hookdllX.dll
C:\WINDOWS\iun6002.exe
C:\WINDOWS\nslbvxpgtkn.dll
C:\WINDOWS\ogxtsepr.dll
C:\WINDOWS\sgoblxtm.dll
C:\WINDOWS\spnkfwad.exe
C:\WINDOWS\system32\lwrkjolo.exe
C:\WINDOWS\system32\rjyltlvp.dll
C:\WINDOWS\system32\rsmjacyj.dll
C:\WINDOWS\system32\sloxafkp.exe
.
ADS - svchost.exe: deleted 68 bytes in 1 streams.
ADS - ntoskrnl.exe: deleted 68 bytes in 1 streams.
ADS - explorer.exe: deleted 132 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\.prj
C:\WINDOWS\dsktbwfe.dll
C:\WINDOWS\hookdllX.dll
C:\WINDOWS\iun6002.exe
C:\WINDOWS\nslbvxpgtkn.dll
C:\WINDOWS\ogxtsepr.dll
C:\WINDOWS\rs.txt
C:\WINDOWS\sgoblxtm.dll
C:\WINDOWS\spnkfwad.exe
C:\WINDOWS\system32\lwrkjolo.exe
C:\WINDOWS\system32\rjyltlvp.dll
C:\WINDOWS\system32\rsmjacyj.dll
C:\WINDOWS\system32\sloxafkp.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.

2008-04-16 04:29 . 2008-04-16 04:29 102,400 --a------ C:\WINDOWS\system32\tazwhyjk.exe
2008-04-16 03:20 . 2008-03-21 13:30 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-04-16 03:20 . 2008-03-21 13:30 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-04-15 18:55 . 2008-04-15 18:58 <DIR> d-------- C:\Program Files\Neomesh Image Converter
2008-04-15 18:45 . 2008-04-15 18:48 206 --a------ C:\WINDOWS\converter.INI
2008-04-15 18:43 . 2008-04-15 18:43 <DIR> d-------- C:\WINDOWS\Wallpaper
2008-04-15 10:38 . 2008-04-15 10:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-15 09:38 . 2008-04-15 09:38 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-14 16:11 . 2008-04-14 16:13 <DIR> d-------- C:\Program Files\Defender Pro
2008-04-14 12:59 . 2004-08-04 05:00 54,784 --a------ C:\WINDOWS\system32\msvcirt.dll.bk8
2008-04-14 04:12 . 2008-04-15 13:13 <DIR> d----c--- C:\Documents and Settings\William A. Hudson\Application Data\TmpRecentIcons
2008-04-14 03:47 . 2008-04-14 03:47 37 --a------ C:\WINDOWS\omniASsdk.dat
2008-04-14 03:46 . 2008-04-14 03:46 <DIR> d-------- C:\WINDOWS\AntiSpy
2008-04-14 03:13 . 2004-08-04 05:00 54,784 --a------ C:\WINDOWS\system32\msvcirt.dll.bk7
2008-04-14 03:08 . 2004-08-04 05:00 54,784 --a------ C:\WINDOWS\system32\msvcirt.dll.bk6
2008-04-14 03:04 . 1998-06-16 16:45 77,878 --a------ C:\WINDOWS\system32\msvcirt.dll.bk5
2008-04-14 02:57 . 2004-08-04 05:00 54,784 --a------ C:\WINDOWS\system32\msvcirt.dll.bk4
2008-04-14 02:54 . 2004-08-04 05:00 54,784 --a------ C:\WINDOWS\system32\msvcirt.dll.bk3
2008-04-14 02:53 . 1998-06-16 16:45 77,878 --a------ C:\WINDOWS\system32\msvcirt.dll.bk2
2008-04-14 02:37 . 2008-04-14 02:37 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ehsfahad
2008-04-14 02:21 . 2008-04-15 18:51 <DIR> d-------- C:\Program Files\ImageConverter Plus
2008-04-13 21:30 . 2008-04-16 04:23 <DIR> d----c--- C:\VideoFiles
2008-04-13 21:18 . 2008-04-13 21:18 <DIR> d-------- C:\Program Files\AliveMedia
2008-04-13 21:18 . 2002-05-23 20:40 110,080 --a------ C:\WINDOWS\system32\nLame.dll
2008-04-13 21:18 . 2001-06-23 21:20 23,040 --a------ C:\WINDOWS\system32\auth.dll
2008-04-13 21:12 . 2008-04-16 11:19 <DIR> d----c--- C:\DVDMovie
2008-04-13 21:06 . 2008-04-13 21:21 67 --a------ C:\WINDOWS\AoADVDRipper.INI
2008-04-13 21:05 . 2008-04-13 21:05 3,082 --a------ C:\WINDOWS\system32\affv9553p6now.sys
2008-04-13 20:51 . 2008-04-13 20:51 <DIR> d----c--- C:\Documents and Settings\William A. Hudson\Application Data\dvdcss
2008-04-13 20:28 . 2002-07-17 16:22 4,455 --a------ C:\WINDOWS\system\WINASPI.DLL
2008-04-13 20:28 . 2002-07-17 16:22 3,535 --a------ C:\WINDOWS\system\WOWPOST.EXE
2008-04-13 19:34 . 2008-04-13 19:45 <DIR> d----c--- C:\iSofterOutput
2008-04-13 19:31 . 2008-04-13 19:31 <DIR> d-------- C:\Program Files\iSofter
2008-04-13 19:31 . 2002-07-17 08:53 16,877 --a------ C:\WINDOWS\system32\drivers\aspi32.sys
2008-04-10 06:28 . 2008-04-11 11:35 <DIR> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-04-10 06:28 . 2008-04-14 03:02 <DIR> d----c--- C:\Documents and Settings\William A. Hudson\Application Data\Audacity
2008-04-09 23:38 . 2008-04-09 23:38 <DIR> d-------- C:\Program Files\MyPodcast Recorder
2008-04-09 18:23 . 2008-04-16 01:50 <DIR> d-------- C:\Program Files\Audacity
2008-04-09 00:05 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-08 23:55 . 2008-04-08 23:55 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-08 16:21 . 2008-04-08 16:21 66 --a------ C:\WINDOWS\system32\IPCROTIDE.SYS
2008-04-08 16:20 . 2008-04-08 16:21 79 --a------ C:\WINDOWS\iPC.ini
2008-04-08 11:16 . 2008-04-16 01:51 <DIR> d-------- C:\Program Files\PageBreeze
2008-04-08 11:16 . 2005-01-24 12:39 503,808 --a------ C:\WINDOWS\system32\ChilkatFTPx.dll
2008-04-08 11:16 . 1998-06-24 00:00 203,576 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-04-08 11:16 . 1998-06-18 00:00 102,912 --a------ C:\WINDOWS\system32\Vb6stkit.dll
2008-04-08 11:16 . 1999-05-15 00:24 97,280 --a------ C:\WINDOWS\system32\vspell32.ocx
2008-04-08 11:16 . 1998-11-18 11:40 89,600 --a------ C:\WINDOWS\system32\Leocx32.ocx
2008-04-08 11:16 . 1998-11-22 14:23 84,992 --a------ C:\WINDOWS\system32\Ledit32.dll
2008-04-08 11:16 . 1997-02-24 17:44 70,656 --a------ C:\WINDOWS\system32\vspell32.dll
2008-04-06 16:19 . 2008-04-14 18:30 <DIR> d-------- C:\Program Files\Celtx
2008-04-06 16:19 . 2008-04-06 16:19 <DIR> d----c--- C:\Documents and Settings\William A. Hudson\Application Data\Greyfirst
2008-04-01 20:04 . 2008-04-01 20:04 <DIR> d-------- C:\Program Files\Lexmark_7100 Series
2008-04-01 20:03 . 2008-04-01 20:11 11,916 --a------ C:\WINDOWS\system32\LexFiles.ulf
2008-04-01 20:01 . 2005-01-20 10:36 1,478 -ra------ C:\WINDOWS\system32\lxbx.loc
2008-04-01 20:00 . 2004-11-09 07:27 65,536 --a------ C:\WINDOWS\system32\lxbxcfg.dll
2008-04-01 19:50 . 2008-04-01 19:50 <DIR> d----c--- C:\Documents and Settings\William A. Hudson\Application Data\7100Series
2008-04-01 19:43 . 2008-04-01 19:43 <DIR> d----c--- C:\Documents and Settings\William A. Hudson\WINDOWS
2008-04-01 19:35 . 2008-04-01 20:03 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\7100Series
2008-04-01 19:34 . 2008-04-01 20:11 <DIR> d-------- C:\Program Files\Lexmark 7100 Series
2008-04-01 13:51 . 2008-04-05 17:34 <DIR> d----c--- C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-04-01 13:51 . 2008-04-13 21:21 <DIR> d----c--- C:\Temp
2008-03-31 17:09 . 2008-03-31 17:09 <DIR> d-------- C:\WINDOWS\system32\New Folder
2008-03-31 17:02 . 2004-08-04 05:00 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2008-03-31 17:02 . 2004-08-04 05:00 138,752 --a--c--- C:\WINDOWS\system32\dllcache\sndvol32.exe
2008-03-31 14:25 . 2008-03-31 14:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 14:25 . 2008-03-31 14:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 14:25 . 2008-03-31 14:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 14:25 . 2008-03-31 14:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 14:25 . 2008-03-31 14:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2008-03-31 14:25 . 2008-03-31 14:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-31 00:39 . 2008-03-31 00:39 <DIR> d-------- C:\Program Files\detest5
2008-03-31 00:39 . 2002-12-30 00:39 114 --------- C:\WINDOWS\de04ch5.dat
2008-03-30 15:52 . 2008-03-30 15:52 <DIR> d-------- C:\WINDOWS\Sun
2008-03-30 15:50 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-30 15:49 . 2008-03-30 15:50 <DIR> d-------- C:\Program Files\Java
2008-03-27 02:28 . 2008-03-27 02:28 <DIR> d----c--- C:\Documents and Settings\William A. Hudson\Profiles
2008-03-24 12:45 . 2008-03-24 12:45 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-03-21 13:30 . 2008-03-21 13:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 13:30 . 2008-03-21 13:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-03-21 13:30 . 2008-03-21 13:30 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-03-21 13:30 . 2008-03-21 13:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-03-21 13:30 . 2008-03-21 13:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 11:28 --------- d-----w C:\Program Files\Apple Software Update
2008-04-16 10:43 --------- dc----w C:\Documents and Settings\William A. Hudson\Application Data\DivX
2008-04-16 10:20 --------- d-----w C:\Program Files\DivX
2008-04-16 09:22 --------- d-----w C:\Program Files\Common Files\Real
2008-04-16 09:03 --------- d-----w C:\Program Files\Yahoo!
2008-04-16 09:03 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\YAHOO
2008-04-14 02:22 --------- dc----w C:\Documents and Settings\William A. Hudson\Application Data\Apple Computer
2008-04-14 02:20 --------- d-----w C:\Program Files\QuickTime
2008-04-06 19:02 --------- d-----w C:\Program Files\Lx_cats
2008-04-02 03:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-02 00:16 382 ----a-w C:\Program Files\Shortcut to Program Files.lnk
2008-03-23 23:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-03-15 17:29 --------- d-----w C:\Program Files\Google
2008-03-14 20:14 --------- dc----w C:\Documents and Settings\William A. Hudson\Application Data\Amazon
2008-03-14 20:11 --------- d-----w C:\Program Files\Amazon
2008-03-14 18:28 --------- dc----w C:\Documents and Settings\Administrator\Application Data\7100Series
2008-03-14 18:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Napster
2008-03-14 18:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\BVRP Software
2008-03-14 18:25 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2008-03-14 18:24 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-14 18:22 --------- d-----w C:\Program Files\EPSON
2008-03-14 18:21 --------- d-----w C:\Program Files\OfficeUpdate11
2008-03-13 04:39 --------- d-----w C:\Program Files\Unlocker
2008-03-10 18:50 --------- d-----w C:\Program Files\iTunes
2008-03-10 18:49 --------- d-----w C:\Program Files\iPod
2008-03-10 18:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-03-10 18:48 --------- d-----w C:\Program Files\Bonjour
2008-03-10 18:45 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-10 18:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-03-08 11:04 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-07 02:27 --------- dc----w C:\Documents and Settings\William A. Hudson\Application Data\Desktopicon
2008-03-07 00:04 --------- dc----w C:\Documents and Settings\William A. Hudson\Application Data\Media Player Classic
2008-03-06 23:35 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-06 23:25 --------- d-----w C:\Program Files\Decoder
2008-03-06 23:14 --------- d-----w C:\Program Files\AVSMedia
2008-03-06 01:04 --------- dc----w C:\Documents and Settings\William A. Hudson\Application Data\MySpace
2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-08-12 04:13 92,064 -c--a-w C:\Documents and Settings\Administrator.LIBERTY-F82BA2D\mqdmmdm.sys
2007-08-12 04:13 9,232 -c--a-w C:\Documents and Settings\Administrator.LIBERTY-F82BA2D\mqdmmdfl.sys
2007-08-12 04:13 79,328 -c--a-w C:\Documents and Settings\Administrator.LIBERTY-F82BA2D\mqdmserd.sys
2007-08-12 04:13 66,656 -c--a-w C:\Documents and Settings\Administrator.LIBERTY-F82BA2D\mqdmbus.sys
2007-08-12 04:13 6,208 -c--a-w C:\Documents and Settings\Administrator.LIBERTY-F82BA2D\mqdmcmnt.sys
2007-08-12 04:13 5,936 -c--a-w C:\Documents and Settings\Administrator.LIBERTY-F82BA2D\mqdmwhnt.sys
2007-08-12 04:13 4,048 -c--a-w C:\Documents and Settings\Administrator.LIBERTY-F82BA2D\mqdmcr.sys
2007-08-12 04:13 25,600 -c--a-w C:\Documents and Settings\Administrator.LIBERTY-F82BA2D\usbsermptxp.sys
2007-08-12 04:13 22,768 -c--a-w C:\Documents and Settings\Administrator.LIBERTY-F82BA2D\usbsermpt.sys
2005-12-15 19:03 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2000-01-01 08:39 271 --sh--w C:\Program Files\desktop.ini
2000-01-01 08:39 21,952 ---ha-w C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((( snapshot@2008-04-15_18.17.52.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-16 01:05:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-16 22:28:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-03-06 01:22:34 22,752 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spcustom.dll
+ 2007-03-06 01:22:36 14,048 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst.exe
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-03-06 01:22:59 716,000 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\update.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\updspapi.dll
+ 2007-08-14 01:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-08-14 01:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-08-14 01:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-08-14 01:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-08-14 01:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-08-14 01:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-08-14 01:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-08-14 01:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-08-14 01:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-08-14 00:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-02-12 23:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dat
+ 2007-07-11 19:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-08-14 01:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-08-14 01:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-08-14 01:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-08-14 01:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-08-14 01:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-08-14 01:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-08-14 01:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-08-14 01:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-08-14 01:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-08-14 01:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-08-14 01:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-08-14 01:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-08-14 01:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-08-14 01:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2007-08-14 01:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:22:31 22,752 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spcustom.dll
+ 2007-03-06 01:22:33 14,048 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst.exe
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-03-06 01:22:56 716,000 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\update.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\updspapi.dll
+ 2007-08-14 01:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-08-14 01:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-08-14 01:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-08-14 01:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
+ 2008-04-16 02:21:02 27,136 ----a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe
- 2007-08-14 01:39:00 123,904 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2003-06-25 16:45:42 208,896 ------w C:\WINDOWS\system32\cnvshell.dll
+ 2008-03-21 20:28:20 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
- 2007-08-14 01:39:00 123,904 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 13:06:20 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2007-08-14 01:35:46 346,624 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-08-14 01:35:38 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-14 01:54:10 131,584 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 13:06:21 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-08-14 01:39:06 54,784 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-08-14 01:39:26 152,064 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-08-14 01:39:54 229,376 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-08-14 00:56:54 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-08-14 01:39:50 382,976 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-08-14 01:39:10 43,008 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 13:06:24 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-08-14 01:43:56 622,080 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-02-29 08:55:46 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-14 01:54:10 27,136 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-08-14 01:54:12 3,578,368 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-02 01:36:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-14 01:54:10 475,648 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-08-14 01:44:26 192,000 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 13:06:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-08-14 01:54:10 670,720 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 13:06:29 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-08-14 01:44:06 101,376 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 13:06:29 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-08-14 01:36:12 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-08-14 01:44:30 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 13:06:29 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2007-08-14 01:54:10 1,162,240 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-08-14 01:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2007-07-12 23:31:54 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2007-08-14 01:54:10 231,424 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 13:06:30 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-08-14 01:54:10 818,688 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 13:06:31 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2007-11-30 07:28:24 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
+ 2008-03-21 20:28:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
+ 2008-03-21 20:28:50 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
- 2007-02-06 22:06:32 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
+ 2008-03-21 20:28:50 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
+ 2008-03-21 20:28:52 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
- 2007-02-06 22:06:32 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
+ 2008-03-21 20:28:50 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
+ 2008-03-21 20:28:50 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
- 2007-02-06 22:06:32 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
+ 2008-03-21 20:28:50 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
- 2007-02-06 22:06:32 200,704 ----a-w C:\WINDOWS\system32\dtu100.dll
+ 2008-03-21 20:28:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
- 2007-08-14 01:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-08-14 01:35:38 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-08-14 01:54:10 131,584 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-08-14 01:36:26 61,952 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-08-14 01:39:06 54,784 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-08-14 01:39:26 152,064 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-08-14 01:39:54 229,376 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-08-14 00:56:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-02-12 23:10:12 2,451,312 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
- 2007-07-11 19:27:48 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-08-14 01:39:50 382,976 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-08-14 01:54:10 6,049,280 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-08-14 01:39:10 43,008 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-08-14 01:34:04 266,752 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-08-14 01:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-14 01:54:10 27,136 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-08-14 01:54:10 458,752 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-08-14 01:54:10 50,688 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-08-14 01:54:12 3,578,368 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-02 01:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-14 01:54:10 475,648 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-08-14 01:44:26 192,000 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-08-14 01:54:10 670,720 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-08-14 01:44:06 101,376 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2007-08-14 01:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-21 20:30:04 66,296 ------w C:\WINDOWS\system32\pxcpya64.exe
+ 2008-03-21 20:30:06 72,440 ------w C:\WINDOWS\system32\pxhpinst.exe
+ 2008-03-21 20:30:04 64,760 ------w C:\WINDOWS\system32\pxinsa64.exe
- 2007-08-14 01:44:30 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-08-14 01:54:10 1,162,240 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-08-14 01:54:10 231,424 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2007-08-14 01:54:10 818,688 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-14 14:09 171448]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"qhopxoqs"="C:\WINDOWS\system32\tazwhyjk.exe" [2008-04-16 04:29 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-02-29 22:10 15872]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-10 11:40 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"LXBXCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [2004-11-02 08:08 69632]
"lxbxmon.exe"="C:\Program Files\Lexmark 7100 Series\lxbxmon.exe" [2005-01-18 02:43 196608]
"FaxCenterServer4_in_1"="C:\Program Files\Lexmark 7100 Series\fm3032.exe" [2004-12-06 11:53 286720]
"EzPrint"="C:\Program Files\Lexmark 7100 Series\ezprint.exe" [2004-09-17 06:24 61440]
"Sound Card Driver"="C:\My Games\LIBERTY-F82BA2D\svchost.exe" [ ]
"LaunchAntiSpy"="C:\Program Files\DefenderPro AntiSpy\TSAntiSpy.exe" [ ]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 1.9.118.lnk - C:\Program Files\OpenOffice.org 1.9.118\program\quickstart.exe [2005-06-21 21:39:12 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDUmjj]
efcDUmjj.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 atirage;atirage;C:\WINDOWS\system32\DRIVERS\atiragem.sys [2001-08-17 05:48]
R3 GigNIC;NDIS5.1 Miniport Driver for Belkin Gigabit Desktop Card;C:\WINDOWS\system32\DRIVERS\GigNIC.sys [2004-03-19 18:21]
S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-17 06:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Setup.EXE

.
Contents of the 'Scheduled Tasks' folder
"2008-04-16 02:21:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-16 09:11:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-04-16 18:39:34 C:\WINDOWS\Tasks\User_Feed_Synchronization-{5E604979-BAC1-4C79-A317-3DFE3269BA83}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 15:29:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-04-16 15:36:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-16 22:35:51
ComboFix2.txt 2008-04-16 01:20:16

Pre-Run: 3,034,460,160 bytes free
Post-Run: 3,435,372,544 bytes free
.
2008-04-16 10:02:37 --- E O F ---

===============================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:47 PM, on 4/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\tazwhyjk.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 7100 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [Sound Card Driver] C:\My Games\LIBERTY-F82BA2D\svchost.exe
O4 - HKLM\..\Run: [LaunchAntiSpy] C:\Program Files\DefenderPro AntiSpy\TSAntiSpy.exe /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [qhopxoqs] C:\WINDOWS\system32\tazwhyjk.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll (file missing)
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1204853167340
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/...ows-i586-jc.cab
O20 - Winlogon Notify: efcDUmjj - efcDUmjj.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe

--
End of file - 6418 bytes

Post Extras