Webuser Forums: can't access control panel, my computer and folders on start menu

Hi there Bricat,

Thanks for the help below you'll find the ComboFix file followed by the HJT file. Please let me know what to do next. Is it safe to do a system restore?

Cheers

ComboFix 08-06-03.4 - patrick walker 2008-06-05 9:46:02.2 - NTFSx86
Running from: C:\Documents and Settings\patrick walker\My Documents\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\patrick walker\err.log
C:\WINDOWS\system32\__c002F110.dat
.
---- Previous Run -------
.
C:\Program Files\Insider
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\outlook
C:\Program Files\Router
C:\Program Files\scurit~1
C:\Program Files\Temporary
C:\WINDOWS\BM9b8b3fe7.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\crosof~1.net
C:\WINDOWS\Fonts\'
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\advpsedc.dll
C:\WINDOWS\system32\afbjytlt.ini
C:\WINDOWS\SYSTEM32\AGQYxyay.ini
C:\WINDOWS\SYSTEM32\AGQYxyay.ini2
C:\WINDOWS\system32\ahdixjhf.ini
C:\WINDOWS\system32\aivrobsd.ini
C:\WINDOWS\system32\amkotyhh.ini
C:\WINDOWS\system32\app.exe
C:\WINDOWS\system32\aqmbevsj.ini
C:\WINDOWS\system32\aqtwjgyf.dll
C:\WINDOWS\system32\atyskiya.ini
C:\WINDOWS\system32\auedkcvs.ini
C:\WINDOWS\system32\awtsqro.dll
C:\WINDOWS\system32\baarrkro.ini
C:\WINDOWS\system32\bbftqvxf.ini
C:\WINDOWS\system32\bfpyqvky.ini
C:\WINDOWS\SYSTEM32\bhjspkmk.ini
C:\WINDOWS\system32\bjvrquas.ini
C:\WINDOWS\system32\blhfnvqb.dll
C:\WINDOWS\system32\boloijno.ini
C:\WINDOWS\system32\bosstmum.ini
C:\WINDOWS\system32\bqtkqnag.ini
C:\WINDOWS\system32\brtsdaes.dll
C:\WINDOWS\SYSTEM32\btuutdoj.ini
C:\WINDOWS\SYSTEM32\btuutdoj.ini2
C:\WINDOWS\system32\bvfpdrmx.ini
C:\WINDOWS\system32\byxwtss.dll
C:\WINDOWS\system32\cduypbyx.dll
C:\WINDOWS\system32\cfomibgt.ini
C:\WINDOWS\system32\cgnvtokl.ini
C:\WINDOWS\system32\cgwasvds.ini
C:\WINDOWS\system32\cjcogykq.ini
C:\WINDOWS\system32\ckeyungc.ini
C:\WINDOWS\system32\ckwxhbkq.ini
C:\WINDOWS\system32\clhpmuwd.dll
C:\WINDOWS\SYSTEM32\csigcehr.ini
C:\WINDOWS\system32\ctrgthjw.dll
C:\WINDOWS\system32\cttlwcmp.ini
C:\WINDOWS\system32\cusdtfuk.ini
C:\WINDOWS\system32\cvdpgcyv.ini
C:\WINDOWS\system32\cxhnicxp.ini
C:\WINDOWS\system32\cxwppciy.dll
C:\WINDOWS\system32\dapjtrkt.dll
C:\WINDOWS\system32\datkcvfa.ini
C:\WINDOWS\system32\ddukhlqu.dll
C:\WINDOWS\system32\dduumguy.ini
C:\WINDOWS\SYSTEM32\dexdadkw.ini
C:\WINDOWS\system32\dlvpmybn.ini
C:\WINDOWS\system32\doptxaef.ini
C:\WINDOWS\system32\doqohkwm.dll
C:\WINDOWS\system32\dqnhrmtt.ini
C:\WINDOWS\system32\dqvycbqg.ini
C:\WINDOWS\SYSTEM32\drfgtxaw.ini
C:\WINDOWS\system32\dvsnihtn.dll
C:\WINDOWS\system32\dwumphlc.ini
C:\WINDOWS\system32\edhuaiwh.ini
C:\WINDOWS\system32\eerjjtvp.ini
C:\WINDOWS\system32\ehaxiwkd.ini
C:\WINDOWS\SYSTEM32\eimdfkit.ini
C:\WINDOWS\system32\endwfurd.ini
C:\WINDOWS\system32\etwvsjqw.ini
C:\WINDOWS\system32\eviyomet.ini
C:\WINDOWS\system32\fakequub.dll
C:\WINDOWS\system32\fcdvuynv.ini
C:\WINDOWS\system32\fcxnwcli.ini
C:\WINDOWS\system32\feinndpi.ini
C:\WINDOWS\system32\fgfbusto.dll
C:\WINDOWS\system32\fgtcvypo.dll
C:\WINDOWS\system32\fhvwbkdk.ini
C:\WINDOWS\system32\fnylsclq.ini
C:\WINDOWS\system32\frkkcglj.ini
C:\WINDOWS\system32\froomvul.ini
C:\WINDOWS\system32\fspwqqrw.dll
C:\WINDOWS\system32\gagjjfmm.ini
C:\WINDOWS\system32\gcnhkoyx.dll
C:\WINDOWS\system32\gdtntbnr.ini
C:\WINDOWS\system32\geqyncco.ini
C:\WINDOWS\system32\gfsgurlw.dll
C:\WINDOWS\system32\ggbcckmt.dll
C:\WINDOWS\system32\ghdnfrvf.ini
C:\WINDOWS\system32\giscwnke.ini
C:\WINDOWS\system32\glnalpmx.ini
C:\WINDOWS\system32\gmgdoibv.ini
C:\WINDOWS\system32\gmtyouls.dll
C:\WINDOWS\system32\gnvcvkav.dll
C:\WINDOWS\system32\goifcteq.ini
C:\WINDOWS\system32\gpnbtoth.ini
C:\WINDOWS\system32\gppcsurf.ini
C:\WINDOWS\system32\gpxyqwwa.ini
C:\WINDOWS\system32\gtgufudn.ini
C:\WINDOWS\system32\haqtrqgh.ini
C:\WINDOWS\system32\hbytqfqk.dll
C:\WINDOWS\system32\hcgtoygc.ini
C:\WINDOWS\system32\hdpyvoia.dll
C:\WINDOWS\system32\heujnfby.ini
C:\WINDOWS\system32\hhfbywmp.dll
C:\WINDOWS\system32\hmistnnw.ini
C:\WINDOWS\system32\hnvgswry.ini
C:\WINDOWS\system32\hqajlork.ini
C:\WINDOWS\system32\htamlmvv.ini
C:\WINDOWS\system32\hvgswmls.ini
C:\WINDOWS\system32\hvyfdhmr.ini
C:\WINDOWS\system32\hwdgautf.ini
C:\WINDOWS\system32\hxedjisq.ini
C:\WINDOWS\system32\hyrbeqou.ini
C:\WINDOWS\system32\ibwcotnd.ini
C:\WINDOWS\system32\ibxgobhl.ini
C:\WINDOWS\system32\iebxgofu.ini
C:\WINDOWS\system32\ijmtfnfi.ini
C:\WINDOWS\system32\ijrqygpn.ini
C:\WINDOWS\system32\ikhaqutm.ini
C:\WINDOWS\system32\install.exe
C:\WINDOWS\system32\itmvmgsi.ini
C:\WINDOWS\system32\iuaypsus.ini
C:\WINDOWS\system32\ivyrrtsp.ini
C:\WINDOWS\system32\ixhbikmm.ini
C:\WINDOWS\system32\iydqpkib.ini
C:\WINDOWS\system32\jdvulard.dll
C:\WINDOWS\system32\jebaqwoh.ini
C:\WINDOWS\system32\jeluixor.ini
C:\WINDOWS\system32\jilsymnf.ini
C:\WINDOWS\system32\jisvbxdf.dll
C:\WINDOWS\system32\jpmqpjsx.ini
C:\WINDOWS\system32\jpotpikc.dll
C:\WINDOWS\system32\jqeogiyh.ini
C:\WINDOWS\system32\jsjfmxhu.ini
C:\WINDOWS\system32\jsvfojmy.ini
C:\WINDOWS\system32\kaeknkwe.ini
C:\WINDOWS\system32\kdtcxafk.ini
C:\WINDOWS\system32\khfdbyy.dll
C:\WINDOWS\system32\kiawisbd.ini
C:\WINDOWS\system32\kjqcgemg.ini
C:\WINDOWS\system32\kkvvjqxp.ini
C:\WINDOWS\system32\klelgmeh.dll
C:\WINDOWS\system32\kmkpsjhb.dll
C:\WINDOWS\system32\knuflggl.dll
C:\WINDOWS\system32\kptgtjlv.ini
C:\WINDOWS\system32\kqfqtybh.ini
C:\WINDOWS\system32\krmwnuby.dll
C:\WINDOWS\system32\krwvvcue.ini
C:\WINDOWS\system32\kvqwdtki.ini
C:\WINDOWS\system32\lalxxvjv.dll
C:\WINDOWS\system32\lcltwkuf.ini
C:\WINDOWS\system32\lcugmsgm.ini
C:\WINDOWS\system32\lcwrigqq.ini
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\lditccip.ini
C:\WINDOWS\SYSTEM32\ldtymvtl.ini
C:\WINDOWS\SYSTEM32\lfbxlphw.ini
C:\WINDOWS\system32\ljjgeef.dll
C:\WINDOWS\system32\ljwhmbwg.ini
C:\WINDOWS\system32\lkaducju.dll
C:\WINDOWS\system32\lkljrwga.dll
C:\WINDOWS\system32\lnoeyfrd.dll
C:\WINDOWS\system32\lpgfudoc.ini
C:\WINDOWS\system32\lrjaowwx.ini
C:\WINDOWS\system32\lrrelpri.ini
C:\WINDOWS\system32\lsjorehn.dll
C:\WINDOWS\system32\lwoujlxr.ini
C:\WINDOWS\system32\lxtpjmvi.ini
C:\WINDOWS\system32\mabvdvcp.ini
C:\WINDOWS\system32\mafxgegd.dll
C:\WINDOWS\SYSTEM32\mcnnyloy.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mcsucejv.ini
C:\WINDOWS\system32\mkbownqn.ini
C:\WINDOWS\system32\mkootwjb.ini
C:\WINDOWS\system32\mlavqttv.ini
C:\WINDOWS\system32\mmkibhxi.dll
C:\WINDOWS\SYSTEM32\mpsYIRqr.ini2
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mtnccedl.dll
C:\WINDOWS\system32\mvmnuaxa.ini
C:\WINDOWS\SYSTEM32\mwkhoqod.ini
C:\WINDOWS\system32\nachfkxp.ini
C:\WINDOWS\system32\nasvvmnk.ini
C:\WINDOWS\SYSTEM32\nbuqgquw.ini
C:\WINDOWS\system32\ncnlvbbh.ini
C:\WINDOWS\system32\ncqjwhuv.ini
C:\WINDOWS\system32\nfsyqyab.dll
C:\WINDOWS\system32\ngfldxhd.ini
C:\WINDOWS\system32\nGpxx18
C:\WINDOWS\SYSTEM32\nherojsl.ini
C:\WINDOWS\system32\njrhygwj.dll
C:\WINDOWS\system32\nknrmvxy.ini
C:\WINDOWS\system32\nmnwwcsk.ini
C:\WINDOWS\system32\noxubeyh.ini
C:\WINDOWS\system32\npgyqrji.dll
C:\WINDOWS\system32\nppwiliw.dll
C:\WINDOWS\system32\nqejvksv.ini
C:\WINDOWS\system32\nqnwobkm.dll
C:\WINDOWS\system32\nsghhktn.ini
C:\WINDOWS\system32\nvkfmkyq.dll
C:\WINDOWS\system32\occnyqeg.dll
C:\WINDOWS\system32\odhtkykq.ini
C:\WINDOWS\system32\ogdyseci.ini
C:\WINDOWS\system32\ogfpynnf.ini
C:\WINDOWS\system32\oglqkpin.ini
C:\WINDOWS\SYSTEM32\ojbbsdfw.ini
C:\WINDOWS\system32\olxddaxt.ini
C:\WINDOWS\system32\ombfmcat.ini
C:\WINDOWS\system32\onycdyoc.ini
C:\WINDOWS\system32\opnMFWpN.dll
C:\WINDOWS\system32\orkftocc.ini
C:\WINDOWS\system32\orkrraab.dll
C:\WINDOWS\system32\ortjerlc.ini
C:\WINDOWS\system32\otcgittd.dll
C:\WINDOWS\system32\oupcughl.ini
C:\WINDOWS\system32\ovctmyxh.ini
C:\WINDOWS\system32\owwrvrjw.ini
C:\WINDOWS\system32\oxgjalvu.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pakhetcm.ini
C:\WINDOWS\system32\pfwdmypa.ini
C:\WINDOWS\system32\pgnyxwaj.dll
C:\WINDOWS\system32\pgoyxifc.ini
C:\WINDOWS\system32\pgylygkg.ini
C:\WINDOWS\system32\pltteggr.ini
C:\WINDOWS\system32\pmcwlttc.dll
C:\WINDOWS\SYSTEM32\pmwybfhh.ini
C:\WINDOWS\system32\prycixgf.ini
C:\WINDOWS\system32\pwlpfsto.ini
C:\WINDOWS\system32\pxkfhcan.dll
C:\WINDOWS\system32\pxoljebd.ini
C:\WINDOWS\system32\qblewdts.ini
C:\WINDOWS\system32\qfdblqkf.ini
C:\WINDOWS\system32\qgbhswus.ini
C:\WINDOWS\system32\qjthbmcn.ini
C:\WINDOWS\system32\qjyhtxag.ini
C:\WINDOWS\system32\qkepijxs.ini
C:\WINDOWS\system32\qklojvni.ini
C:\WINDOWS\system32\qomkhhg.dll
C:\WINDOWS\system32\qowcyumm.ini
C:\WINDOWS\system32\qwowtaue.ini
C:\WINDOWS\system32\ratnpfqr.dll
C:\WINDOWS\system32\rfpxqslh.ini
C:\WINDOWS\system32\rhecgisc.dll
C:\WINDOWS\system32\rkevydap.ini
C:\WINDOWS\system32\rljfaguj.ini
C:\WINDOWS\system32\rlwaxwuv.dll
C:\WINDOWS\system32\rnptdoyv.dll
C:\WINDOWS\system32\rqbdnynh.ini
C:\WINDOWS\system32\ruhflequ.dll
C:\WINDOWS\system32\rurdoqvd.ini
C:\WINDOWS\system32\sbjbxuqe.dll
C:\WINDOWS\system32\sdfeesju.dll
C:\WINDOWS\system32\sgbeeksk.ini
C:\WINDOWS\system32\shatadgg.ini
C:\WINDOWS\system32\sjhjsiri.ini
C:\WINDOWS\system32\sjjyisfj.ini
C:\WINDOWS\system32\slqtrkyj.ini
C:\WINDOWS\system32\smonhooa.dll
C:\WINDOWS\system32\soswhsvi.ini
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\syaekmri.ini
C:\WINDOWS\system32\symdqaqb.ini
C:\WINDOWS\system32\syspmllm.ini
C:\WINDOWS\system32\tcdtyjrf.dll
C:\WINDOWS\system32\tehrhjqn.ini
C:\WINDOWS\system32\tffhfqrt.ini
C:\WINDOWS\system32\tgmtujve.dll
C:\WINDOWS\system32\tgwxfkch.ini
C:\WINDOWS\system32\tikfdmie.dll
C:\WINDOWS\system32\tkapedtx.ini
C:\WINDOWS\system32\tknpwdtt.dll
C:\WINDOWS\system32\tmkccbgg.ini
C:\WINDOWS\system32\tmkldyql.dll
C:\WINDOWS\system32\trfxbmet.ini
C:\WINDOWS\system32\trxhmsme.ini
C:\WINDOWS\system32\ttujenwn.ini
C:\WINDOWS\system32\tujrqroa.ini
C:\WINDOWS\system32\tvtnlawd.ini
C:\WINDOWS\system32\ubujfqbw.ini
C:\WINDOWS\system32\ucuenwgu.ini
C:\WINDOWS\system32\ueepjnit.dll
C:\WINDOWS\system32\uetnfllp.ini
C:\WINDOWS\system32\uiedbkdt.dll
C:\WINDOWS\SYSTEM32\ujcudakl.ini
C:\WINDOWS\SYSTEM32\ujseefds.ini
C:\WINDOWS\system32\ukgiaanw.ini
C:\WINDOWS\system32\ushnpsvg.ini
C:\WINDOWS\system32\uwvlrkxc.ini
C:\WINDOWS\system32\vdveihel.ini
C:\WINDOWS\system32\vffrnrqy.dll
C:\WINDOWS\system32\vgrorhqw.ini
C:\WINDOWS\system32\vljtgtpk.dll
C:\WINDOWS\system32\vlxilgfb.ini
C:\WINDOWS\system32\vmrsptmg.ini
C:\WINDOWS\system32\vpmwtlsr.ini
C:\WINDOWS\system32\vqvhthyx.ini
C:\WINDOWS\system32\vreufpls.ini
C:\WINDOWS\system32\vrkjdfns.ini
C:\WINDOWS\SYSTEM32\vufmshgy.ini
C:\WINDOWS\SYSTEM32\vuwxawlr.ini
C:\WINDOWS\system32\vvuxxfer.ini
C:\WINDOWS\system32\wawilohw.ini
C:\WINDOWS\system32\wbrtivbs.ini
C:\WINDOWS\system32\wfdsbbjo.dll
C:\WINDOWS\system32\wflpmncf.ini
C:\WINDOWS\system32\wgwdofof.ini
C:\WINDOWS\system32\wholiwaw.dll
C:\WINDOWS\system32\whplxbfl.dll
C:\WINDOWS\system32\wimhijpx.ini
C:\WINDOWS\system32\wjabyoeh.dll
C:\WINDOWS\system32\wjgfwvuf.ini
C:\WINDOWS\system32\wkcikjyf.ini
C:\WINDOWS\system32\wkdadxed.dll
C:\WINDOWS\system32\wkgfoiaw.ini
C:\WINDOWS\system32\wmrufcxq.ini
C:\WINDOWS\system32\wofkcuaq.dll
C:\WINDOWS\system32\wuhihwnp.ini
C:\WINDOWS\system32\wuqgqubn.dll
C:\WINDOWS\system32\xadyptdv.ini
C:\WINDOWS\system32\xbnaxkyx.dll
C:\WINDOWS\system32\xcpswfto.dll
C:\WINDOWS\system32\xcqonxxu.dll
C:\WINDOWS\system32\xmpeaphq.ini
C:\WINDOWS\system32\xpjihmiw.dll
C:\WINDOWS\system32\xrgfhhut.ini
C:\WINDOWS\system32\xrgloege.ini
C:\WINDOWS\system32\xscmqleb.ini
C:\WINDOWS\system32\xtjhucmp.ini
C:\WINDOWS\system32\xuuhjlqy.ini
C:\WINDOWS\system32\xuyudjrc.dll
C:\WINDOWS\system32\xvbwipme.ini
C:\WINDOWS\system32\xwwoajrl.dll
C:\WINDOWS\system32\xxnnshyp.dll
C:\WINDOWS\system32\xxwfgvig.ini
C:\WINDOWS\system32\xykxanbx.ini
C:\WINDOWS\system32\yayvstu.dll
C:\WINDOWS\system32\yayxYQGA.dll
C:\WINDOWS\system32\ybqgucpj.dll
C:\WINDOWS\system32\ybunwmrk.ini
C:\WINDOWS\system32\ycybcyia.ini
C:\WINDOWS\system32\yghsmfuv.dll
C:\WINDOWS\system32\yhqvafur.ini
C:\WINDOWS\system32\yiyxbjga.ini
C:\WINDOWS\system32\ynowsagt.ini
C:\WINDOWS\system32\ynxughdi.ini
C:\WINDOWS\system32\yolynncm.dll
C:\WINDOWS\system32\ysagtxki.ini
C:\WINDOWS\system32\yvnyqvci.ini
C:\WINDOWS\system32\yyxdioso.ini
C:\WINDOWS\winhelp.ini
C:\winlogon.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Legacy_NETWORK_MONITOR
-------\Service_Iprip

((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))
.

2008-06-04 23:05 . 2008-06-04 23:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-04 22:19 . 2008-06-04 22:49 <DIR> d-------- C:\fixwareout
2008-06-04 21:22 . 2008-06-04 21:22 5,460 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-06-04 17:49 . 2008-06-04 17:49 <DIR> d-------- C:\Documents and Settings\patrick walker\Application Data\TmpRecentIcons
2008-06-04 17:23 . 2008-06-04 17:23 <DIR> d-------- C:\Documents and Settings\patrick walker\Application Data\Flock
2008-06-04 17:11 . 2008-06-05 07:47 <DIR> d-------- C:\Program Files\Flock
2008-06-04 16:18 . 2008-06-03 23:52 163,840 --a------ C:\WINDOWS\esbq.exe
2008-06-04 13:20 . 2008-06-04 13:20 <DIR> d-------- C:\Program Files\Xenu
2008-05-31 14:23 . 2008-05-31 14:23 <DIR> d-------- C:\Program Files\The Learning Company
2008-05-31 14:23 . 2002-05-08 21:09 274,432 --a------ C:\WINDOWS\TLCUninstall.exe
2008-05-31 14:21 . 2008-05-31 14:21 0 --a------ C:\WINDOWS\SETUP32.INI
2008-05-30 14:17 . 2008-05-30 14:17 <DIR> d-------- C:\Program Files\Notepad++
2008-05-30 14:17 . 2008-05-30 14:19 <DIR> d-------- C:\Documents and Settings\patrick walker\Application Data\Notepad++
2008-05-29 18:24 . 2008-05-29 18:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-29 18:24 . 2008-05-29 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-05-29 18:23 . 2008-05-29 18:23 <DIR> d-------- C:\Program Files\Logitech
2008-05-27 19:41 . 2008-05-27 19:41 51,355 --a------ C:\WINDOWS\SYSTEM32\muzika.xm
2008-05-27 09:30 . 2008-05-28 17:41 <DIR> d-------- C:\Downloads
2008-05-27 09:30 . 2008-05-27 09:40 <DIR> d-------- C:\Documents and Settings\patrick walker\Application Data\GetRightToGo
2008-05-25 13:54 . 2008-05-25 13:54 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-05-25 13:52 . 2008-05-25 14:02 <DIR> d-------- C:\Program Files\Avi2Dvd
2008-05-24 13:35 . 2008-05-24 13:35 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-05-24 13:01 . 2008-05-24 13:01 <DIR> d-------- C:\Documents and Settings\patrick walker\System
2008-05-24 11:35 . 2008-05-24 11:41 <DIR> d-------- C:\Documents and Settings\patrick walker\Application Data\SmartDraw
2008-05-24 11:27 . 2008-05-24 11:35 <DIR> d-------- C:\Program Files\SmartDraw 2008
2008-05-24 02:04 . 2008-05-28 16:31 <DIR> d-------- C:\Program Files\MagicISO
2008-05-22 16:08 . 2008-05-22 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-05-22 14:40 . 2008-05-22 14:40 <DIR> d-------- C:\Program Files\uTorrent
2008-05-22 14:40 . 2008-05-28 20:27 <DIR> d-------- C:\Documents and Settings\patrick walker\Application Data\uTorrent
2008-05-16 19:32 . 2005-03-17 17:44 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Sonic
2008-05-16 19:32 . 2008-05-28 16:33 <DIR> d-------- C:\Documents and Settings\Guest
2008-05-16 09:17 . 2008-05-16 09:17 <DIR> d-------- C:\Program Files\Google Video
2008-05-13 18:16 . 2008-05-13 18:16 <DIR> d-------- C:\Program Files\TechSmith
2008-05-13 18:16 . 2008-05-13 18:16 <DIR> d-------- C:\Program Files\Common Files\TechSmith Shared
2008-05-12 12:47 . 2008-05-12 12:47 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-05-12 12:45 . 2002-07-17 09:06 999,424 --a------ C:\WINDOWS\SYSTEM32\SPR32X30.ocx
2008-05-12 12:45 . 2002-07-17 09:06 737,280 --a------ C:\WINDOWS\SYSTEM32\spr32d30.dll
2008-05-12 12:45 . 2003-10-03 05:27 17,986 --a------ C:\WINDOWS\SYSTEM32\Smartvsd.vxd
2008-05-12 12:18 . 2008-05-12 12:52 <DIR> d-------- C:\WINDOWS\Intuit
2008-05-09 08:25 . 2008-05-09 08:25 <DIR> d-------- C:\Program Files\PayPal Payment Request Wizard
2008-05-06 08:46 . 2008-05-06 12:41 <DIR> d-------- C:\Program Files\SpeedPPC Campaign Builder
2008-05-05 17:05 . 2008-05-05 17:05 <DIR> d-------- C:\Program Files\Programmer's Notepad
2008-05-05 17:05 . 2008-05-05 17:05 <DIR> d-------- C:\Documents and Settings\patrick walker\Application Data\Echo Software
2008-05-05 11:00 . 2008-05-05 11:00 <DIR> d-------- C:\Documents and Settings\patrick walker\Application Data\Flickr
2008-05-05 10:58 . 2008-06-03 11:11 <DIR> d-------- C:\Program Files\Flickr Uploadr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 08:49 --------- d-----w C:\Program Files\ContextAdvisor
2008-05-29 06:24 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-05-29 06:22 --------- d-----w C:\Program Files\Labtec
2008-05-28 04:31 --------- d-----w C:\Documents and Settings\patrick walker\Application Data\BitTorrent
2008-05-28 04:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-05-27 08:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm
2008-05-26 22:18 --------- d-----w C:\Program Files\Security Task Manager
2008-05-26 22:18 --------- d-----w C:\Program Files\Nvu
2008-05-26 22:18 --------- d-----w C:\Documents and Settings\patrick walker\Application Data\MP3Rocket
2008-05-26 22:18 --------- d-----w C:\Documents and Settings\patrick walker\Application Data\LimeWire
2008-05-26 22:18 --------- d-----w C:\Documents and Settings\patrick walker\Application Data\IBP
2008-05-26 21:40 --------- d-----w C:\Program Files\G-Lock Software
2008-05-24 01:35 --------- d-----w C:\Program Files\Common Files\Real
2008-05-22 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-22 21:27 --------- d-----w C:\Program Files\Intuit
2008-05-12 01:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit
2008-05-12 00:50 --------- d-----w C:\Program Files\Common Files\Intuit
2008-05-12 00:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-11 09:01 --------- d-----w C:\Program Files\Microsoft Works
2008-05-11 08:29 --------- d-----w C:\Program Files\Microsoft Small Business
2008-05-02 15:02 --------- d-----w C:\Program Files\Windows Live
2008-04-30 01:01 --------- d-----w C:\Program Files\QuickTime
2008-04-30 00:45 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-30 00:21 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-29 23:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-28 08:14 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Windows Desktop Search
2008-04-28 08:13 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Nero
2008-04-28 08:13 --------- d-----w C:\Documents and Settings\Patrick\Application Data\McAfee.com Personal Firewall
2008-04-28 08:13 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Grisoft
2008-04-27 23:27 --------- d-----w C:\Program Files\Common Files\Labtec
2008-04-27 19:21 --------- d-----w C:\Program Files\DivX
2008-04-24 04:50 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-21 21:12 --------- d-----w C:\Program Files\Sophtware
2008-04-20 21:34 --------- d-----w C:\Program Files\CommentKahuna
2008-04-18 20:46 --------- d-----w C:\Program Files\Apple Software Update
2008-04-17 20:50 --------- d-----w C:\Program Files\iTunes
2008-04-17 20:48 --------- d-----w C:\Program Files\iPod
2008-04-17 05:21 --------- d-----w C:\Documents and Settings\patrick walker\Application Data\Nvu
2008-04-17 02:51 --------- d-----w C:\Program Files\Siber Systems
2008-04-16 21:27 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-04-15 03:39 --------- d-----w C:\Documents and Settings\patrick walker\Application Data\SmartFTP
2008-04-15 03:38 --------- d-----w C:\Program Files\SmartFTP Client
2008-04-15 03:37 --------- d-----w C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-04-13 23:50 --------- d-----w C:\Program Files\WinAce
2008-03-27 23:38 836 -c--a-w C:\Documents and Settings\patrick walker\Application Data\ViewerApp.dat
2007-12-13 01:25 417,792 ----a-w C:\Program Files\Video.exe
2007-12-13 01:25 25,214 ----a-w C:\Program Files\B.ico
2007-12-13 01:25 25,214 ----a-w C:\Program Files\A.ico
2007-12-13 01:25 218,600 -c--a-w C:\Program Files\c.zip
2007-12-13 01:25 217,700 -c--a-w C:\Program Files\b.zip
2007-12-13 01:25 217,700 ----a-w C:\Program Files\a.zip
2007-11-25 18:30 8,055 -c--a-w C:\Documents and Settings\patrick walker\x.dat
2007-11-25 18:30 40,960 ----a-w C:\Documents and Settings\patrick walker\f.exe
2007-11-25 18:30 1,033,911 -c--a-w C:\Documents and Settings\patrick walker\z.dat
2007-07-13 21:43 417,792 ----a-w C:\Program Files\Setup.exe
2007-07-01 01:16 2 ----a-w C:\Documents and Settings\patrick walker\Application Data\xxx.exe
2005-08-03 08:19 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
2005-05-25 08:40 56 --sh--r C:\WINDOWS\SYSTEM32\D84AE38AE0.sys
2005-05-25 08:40 1,682 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15E7287C-4AAF-4EE4-82A4-6C94708C48B3}]
2008-02-28 13:54 217088 --a------ C:\Program Files\Outlook Express\bidanisu777444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42143F72-96BF-4403-B3BA-2D2134EB33A0}]
C:\Program Files\Windows NT\lavunabi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87E68009-29A8-D669-F7C2-B31D08635C50}]
2007-12-31 08:48 1019904 --a------ C:\Program Files\ContextAdvisor\ContextAdvisor-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5D95663-2C2F-4A70-A83C-266B035F492F}]
C:\Program Files\MSN Gaming Zone\hoketo4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1B61448-B276-446F-9008-54DAFD75364F}]
C:\WINDOWS\system32\jodtuutb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F41154F1-5B52-4FBB-856C-EC3E75047485}]
C:\Program Files\MSN Gaming Zone\hoketo83122.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 13:18 202024]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 12:39 1289000]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-04-17 14:51 160592]
"Google Update"="C:\Documents and Settings\patrick walker\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" [2008-04-18 15:38 51184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-12 00:15 290816]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 16:52 339968]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 00:12 221184]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 20:54 57344]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 17:29 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 11:05 212992]
"SpySpotter System Defender"="C:\Program Files\SpySpotter3\Defender.exe" [ ]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 16:00 1005096]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24 54840]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 14:15 139264]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 15:55 180224]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-24 11:26 217088]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 21:25 6731312]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 13:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 07:51 1836328]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-20 15:46 1838592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360]

C:\Documents and Settings\patrick walker\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54 98632]
YouTube Uploader.lnk - C:\Documents and Settings\patrick walker\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-11-09 13:33:08 71152]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 18:50:52 53248]
Outlook Plugin.lnk - C:\Program Files\PayPal Payment Request Wizard\Outlook Wizard\OEHook.exe [2008-05-09 08:25:35 888987]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-11-02 14:04:16 151552]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-02-28 01:00:46 972064]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvt]
C:\WINDOWS\system32\awvvt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifghhh]
iifghhh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfcbcd]
khfcbcd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Real\\RealPlayer\\trueplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\WINDOWS\system32\lalbxmub.exe"= C:\WINDOWS\system32\lal
"C:\WINDOWS\system32\bnckjofq.exe"= C:\WINDOWS\system32\bnc
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\IBP 10\\IBP.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"8888:TCP"= 8888:TCP:limewire
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 sonypvl3;sonypvl3;C:\WINDOWS\system32\drivers\sonypvl3.sys [2004-09-22 10:55]
R1 sonypvf3;sonypvf3;C:\WINDOWS\system32\drivers\sonypvf3.sys [2004-11-15 12:55]
R1 sonypvt3;sonypvt3;C:\WINDOWS\system32\drivers\sonypvt3.sys [2004-12-06 13:26]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
S1 sonypvd3;Sony DVD Handycam;C:\WINDOWS\system32\DRIVERS\sonypvd3.sys [2004-12-07 14:00]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-04 09:00]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 09:00]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-04 09:00]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 09:00]
S3 USB28xxBGA;USB 2860 Device;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2005-09-06 20:11]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2005-12-21 21:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.
Contents of the 'Scheduled Tasks' folder
"2008-06-04 20:58:32 C:\WINDOWS\Tasks\ANZ McAfee.com Scan for Viruses - My Computer (COSWORTH-patrick walker).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-05-30 01:52:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-04 20:57:30 C:\WINDOWS\Tasks\SDMsgUpdate (SD).job"
- C:\Program Files\SmartDraw 2008\Messages\SDNotify.exeW-PSD -V906 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X
"2008-06-04 19:02:36 C:\WINDOWS\Tasks\User_Feed_Synchronization-{AAD4BFA1-371D-4A5C-9F0A-711C5A0F72C7}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 10:00:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2008-06-05 10:22:53
ComboFix-quarantined-files.txt 2008-06-04 22:21:37

Pre-Run: 29,541,412,864 bytes free
Post-Run: 29,523,460,096 bytes free

622 --- E O F --- 2008-05-28 08:31:10

Here's the HJT file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14, on 5/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Documents and Settings\patrick walker\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PayPal Payment Request Wizard\Outlook Wizard\OEHook.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Documents and Settings\patrick walker\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Flock\flock\uninstall\helper.exe
C:\PROGRA~1\FLOCK\FLOCK\FLOCK.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {15E7287C-4AAF-4EE4-82A4-6C94708C48B3} - C:\Program Files\Outlook Express\bidanisu777444.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: 0 - {42143F72-96BF-4403-B3BA-2D2134EB33A0} - C:\Program Files\Windows NT\lavunabi.dll (file missing)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ContextAdvisor - {87E68009-29A8-D669-F7C2-B31D08635C50} - C:\Program Files\ContextAdvisor\ContextAdvisor-2.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B5D95663-2C2F-4A70-A83C-266B035F492F} - C:\Program Files\MSN Gaming Zone\hoketo4444.dll (file missing)
O2 - BHO: (no name) - {C1B61448-B276-446F-9008-54DAFD75364F} - C:\WINDOWS\system32\jodtuutb.dll (file missing)
O2 - BHO: (no name) - {F41154F1-5B52-4FBB-856C-EC3E75047485} - C:\Program Files\MSN Gaming Zone\hoketo83122.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\patrick walker\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\patrick walker\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Outlook Plugin.lnk = C:\Program Files\PayPal Payment Request Wizard\Outlook Wizard\OEHook.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\patrick walker\Start Menu\Programs\my im\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1196886881484
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c5/v21.084/qboax10.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://www.mngt.waikato.ac.nz/myweb/papers/filemgr/filemgr/filearea/XUpload.ocx
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: awvvt - C:\WINDOWS\system32\awvvt.dll (file missing)
O20 - Winlogon Notify: iifghhh - iifghhh.dll (file missing)
O20 - Winlogon Notify: khfcbcd - khfcbcd.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

--
End of file - 17291 bytes

Post Extras