Neewbie KIndly asking for Help

Hi and welcome to the Daniweb forums :).

==========

http://www.daniweb.com/forums/thread83821.html

==

Could you click Start>Settings>Control Panel>Add or Remove Programs and uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done. If not listed there, run the Lop Remover from:
http://66.220.17.157/help.html

==

Post a new hijackthis log from the updated hijackthis version, running from a permanent folder.

I did not find the above mentioned but I did find a Fbrowsing Advisor with no support sites etc actually it said rarely used but yet it has todays date?? I hope thats it and I will follow the rest of your instructions.. If I didnt say it before awesome of you for your help!! as I noticed many views llolol and no advice .. okay off to finsih !!!

New HJT log

Logfile of HijackThis v1.99.1
Scan saved at 2:41:07 PM, on 4/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\AOL\1165269803\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system\wcdvtray.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
c:\program files\common files\aol\1165269803\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1165269803\ee\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Documents and Settings\HP_Administrator\Desktop\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4910555f-d0b5-4ac5-9cab-309f5fd2b031} - C:\WINDOWS\system32\wwvleyt.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {71B3C100-4FD1-4019-A54D-0817EC24A987} - C:\Program Files\Movie Maker\sazemaz4444.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {76880005-92FE-4C25-BAE1-922339D74EFA} - C:\Program Files\Movie Maker\sazemaz83122.dll (file missing)
O2 - BHO: (no name) - {9867759B-01A9-4372-8916-84B16224B3FC} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - C:\WINDOWS\system32\iifedaa.dll (file missing)
O2 - BHO: (no name) - {EA7268C7-9F6F-4788-8003-F29BB591AC53} - C:\WINDOWS\system32\mllmn.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1165269803\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0683FC48-7E08-488F-9FCD-4AE58EA14CF6} (PlayLinc(tm) Class) - http://beta.playlinc.com/activex/PlayLincManager.ocx
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Slingo Deluxe\Images\stg_drm.ocx
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - http://www.infospace.com/mypoints.main/tbar/mypointsSetup.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Slingo Deluxe\Images\armhelper.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5234/mcfscan.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: iifedaa - iifedaa.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

http://www.daniweb.com/forums/thread83821.html

Post a new hijackthis log from the updated hijackthis version, running from a permanent folder.

You still need to do the above.

Download
SDFix
and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the
following :

• Restart your computer
• After hearing your computer beep once during startup, but before the
  Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

• In Safe Mode, right click the SDFix.zip folder and choose Extract
  All,
• Open the extracted folder and double click RunThis.bat to
  start the script.
• Type Y to begin the script.
• It will remove the Trojan Services then make some repairs to the
  registry and prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• Your system will take longer that normal to restart as the fixtool
  will be running and removing files.
• When the desktop loads the Fixtool will complete the removal and
  display Finished, then press any key to end the script and load
  your desktop icons.
• Finally open the SDFix folder on your desktop and copy and paste the
  contents of the results file Report.txt back onto the forum with
  a new HijackThis log

sorry double post

Alrighty... I had some trouble getting the computer to boot safe mode ( Mup.exe) But after taking care of that.. it went smooth sailing for whatever reason i have bad luck with spyware, trojans and the like and I really was'nt sure which programs to use.. and here are the logs I ran. BTW I truly appreciate all the help you have given me ...I f i had not said so already...

[b]SDFix: Version 1.176 [/b]
Run by HP_Administrator on Tue 04/29/2008 at 07:39 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\HP_ADM~1\Desktop\SDFix\SDFix

[b]Checking Services [/b]:

[b]Name [/b]: 
core

[b]Path [/b]:
system32\drivers\core.sys 

core - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper 

Rebooting


[b]Checking Files [/b]: 

Trojan Files Found:

C:\X.DAT - Deleted
C:\Z.DAT - Deleted
C:\PROGRA~1\MESSEN~1\WOLUGO~1 - Deleted
C:\Documents and Settings\HP_Administrator\Application Data\Deskbar_{AD441F54-82E7-4edf-B7BD-7950C6804132}\local.xml - Deleted
C:\Documents and Settings\HP_Administrator\Application Data\Deskbar_{AD441F54-82E7-4edf-B7BD-7950C6804132}\log.txt - Deleted
C:\Documents and Settings\HP_Administrator\Application Data\Deskbar_{AD441F54-82E7-4edf-B7BD-7950C6804132}\version.ini - Deleted
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tem981.tmp.exe - Deleted
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tem985.tmp.exe - Deleted
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tem989.tmp.exe - Deleted
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\temA59.tmp.exe - Deleted
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\temA5D.tmp.exe - Deleted
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\temA61.tmp.exe - Deleted
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\temA64.tmp.exe - Deleted
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\temA68.tmp.exe - Deleted
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\temA6C.tmp.exe - Deleted
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\temA6D.tmp.exe - Deleted
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\upd14.tmp.exe - Deleted
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\updA78.tmp.exe - Deleted
C:\Temp\1cb\syscheck.log - Deleted
C:\Temp\bkR11\ftCa.log - Deleted
C:\Program Files\dbar\basis.xml - Deleted
C:\Program Files\dbar\channel.tmpl - Deleted
C:\Program Files\dbar\content.tmpl - Deleted
C:\Program Files\dbar\date.tmpl - Deleted
C:\Program Files\dbar\dbaruninst.exe - Deleted
C:\Program Files\dbar\deskbar.crc - Deleted
C:\Program Files\dbar\deskbar.dll - Deleted
C:\Program Files\dbar\deskbar.inf - Deleted
C:\Program Files\dbar\edit_rss.tmpl - Deleted
C:\Program Files\dbar\local.xml - Deleted
C:\Program Files\dbar\nav1.bmp - Deleted
C:\Program Files\dbar\nav2.bmp - Deleted
C:\Program Files\dbar\new_alert.tmpl - Deleted
C:\Program Files\dbar\version.ini - Deleted
C:\Program Files\dbar\version.txt - Deleted
C:\Program Files\winvi\version.ini - Deleted
C:\Program Files\winvi\wupda.exe - Deleted
C:\Program Files\winvi\dsktp\AC_RunActiveContent.js - Deleted
C:\Program Files\winvi\dsktp\desktop.html - Deleted
C:\Program Files\winvi\dsktp\internetDetection.swf - Deleted
C:\Program Files\winvi\dsktp\settings.sol - Deleted
C:\Program Files\winvi\icons\bufferthis.ico - Deleted
C:\Program Files\winvi\icons\flashfunpages.ico - Deleted
C:\Program Files\winvi\icons\funnies.ico - Deleted
C:\Program Files\winvi\icons\funnyfunpages.ico - Deleted
C:\Program Files\winvi\icons\goodcleanvideos.ico - Deleted
C:\Program Files\winvi\icons\newfunpages.ico - Deleted
C:\Program Files\winvi\icons\positivethoughts.ico - Deleted
C:\Program Files\winvi\icons\removespyware.ico - Deleted
C:\Program Files\winvi\icons\thissiterocks.ico - Deleted
C:\Program Files\winvi\temp\version.ini - Deleted
C:\n.bat - Deleted
C:\WINDOWS\system32\drivers\core.cache(2).dsk - Deleted
C:\Program Files\outlook\p.zip  - Deleted
C:\Program Files\outlook\v.tmp  - Deleted
C:\Program Files\Setup.exe  - Deleted
C:\x.dat  - Deleted
C:\z.dat  - Deleted
C:\WINDOWS\system32\cmd.com  - Deleted
C:\WINDOWS\system32\drivers\core.cache.dsk  - Deleted
C:\WINDOWS\system32\netstat.com  - Deleted
C:\WINDOWS\system32\pac.txt  - Deleted
C:\WINDOWS\system32\ping.com  - Deleted
C:\WINDOWS\system32\taskkill.com  - Deleted
C:\WINDOWS\system32\tasklist.com  - Deleted
C:\WINDOWS\system32\tracert.com  - Deleted
C:\WINDOWS\system32\drivers\core.sys  - Deleted
C:\WINDOWS\Fonts\*.zip - 1 File(s)         54,701 bytes - Deleted
C:\WINDOWS\Fonts\'\*.zip - 12406 File(s)        499,300 bytes - Deleted

x.dat and z.dat data copied to \SDFix\Data.txt


Folder C:\Documents and Settings\HP_Administrator\Application Data\Deskbar_{AD441F54-82E7-4edf-B7BD-7950C6804132} - Removed
Folder C:\Program Files\dbar - Removed
Folder C:\Program Files\winvi - Removed
Folder C:\Temp\1cb - Removed
Folder C:\Temp\bkR11 - Removed
Folder C:\Temp\tn3 - Removed
Folder C:\WINDOWS\Fonts\' - Removed
Folder C:\WINDOWS\system32\daSgo05 - Removed


Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-04-29 07:56:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\1165269803\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1165269803\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft  Fax Console"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Common Files\\AOL\\1165269803\\EE\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1165269803\\EE\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\iTunes\\iTunesHelper.exe"="C:\\Program Files\\iTunes\\iTunesHelper.exe:*:Enabled:iTunesHelper"
"C:\\Program Files\\America Online 9.0\\aol.exe"="C:\\Program Files\\America Online 9.0\\aol.exe:*:Enabled:America Online 9.0"
"C:\\WINDOWS\\system32\\ujxmfrrn.exe"="C:\\WINDOWS\\system32\\ujx"
"C:\\WINDOWS\\system32\\ukxldram.exe"="C:\\WINDOWS\\system32\\ukx"
"C:\\WINDOWS\\system32\\tkpwdhrg.exe"="C:\\WINDOWS\\system32\\tkp"
"C:\\WINDOWS\\system32\\rhciqvip.exe"="C:\\WINDOWS\\system32\\rhc"
"C:\\WINDOWS\\system32\\ljqjavac.exe"="C:\\WINDOWS\\system32\\ljq"
"C:\\WINDOWS\\system32\\qgkarkuv.exe"="C:\\WINDOWS\\system32\\qgk"
"C:\\WINDOWS\\system32\\flejcfqn.exe"="C:\\WINDOWS\\system32\\fle"
"C:\\WINDOWS\\system32\\wjqpghow.exe"="C:\\WINDOWS\\system32\\wjq"
"C:\\WINDOWS\\system32\\odmbjmgb.exe"="C:\\WINDOWS\\system32\\odm"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\jaydnyrl.exe"="C:\\WINDOWS\\system32\\jay"
"C:\\Program Files\\Rhapsody\\rhapsody.exe"="C:\\Program Files\\Rhapsody\\rhapsody.exe:*:Enabled:Rhapsody Media Player"
"C:\\WINDOWS\\system32\\hwfycrjl.exe"="C:\\WINDOWS\\system32\\hwf"
"C:\\WINDOWS\\system32\\aylhuwgu.exe"="C:\\WINDOWS\\system32\\ayl"
"C:\\WINDOWS\\system32\\ehxbukdp.exe"="C:\\WINDOWS\\system32\\ehx"
"C:\\WINDOWS\\system32\\kqsruutx.exe"="C:\\WINDOWS\\system32\\kqs"
"C:\\WINDOWS\\system32\\PLWS.exe"="C:\\WINDOWS\\system32\\PLWS.exe:*:Enabled:PLWS"
"C:\\WINDOWS\\system32\\scefeuqc.exe"="C:\\WINDOWS\\system32\\sce"
"C:\\WINDOWS\\system32\\olmfpfat.exe"="C:\\WINDOWS\\system32\\olm"
"C:\\WINDOWS\\system32\\hnnhpyxl.exe"="C:\\WINDOWS\\system32\\hnn"
"C:\\WINDOWS\\system32\\rtcmpems.exe"="C:\\WINDOWS\\system32\\rtc"
"C:\\WINDOWS\\system32\\tfhdmusa.exe"="C:\\WINDOWS\\system32\\tfh"
"C:\\Program Files\\Rhapsody\\WiseUpd2.exe"="C:\\Program Files\\Rhapsody\\WiseUpd2.exe:*:Enabled:Check For Rhapsody Update"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Disabled:Skype"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\BitDownload\\BitDownload.exe"="C:\\Program Files\\BitDownload\\BitDownload.exe:*:Enabled:Warez3"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[b]Remaining Files [/b]:


File Backups: - C:\DOCUME~1\HP_ADM~1\Desktop\SDFix\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon  4 Dec 2006           211 A.SHR --- "C:\BOOT.BAK"
Thu 28 Jul 2005        54,872 A..H. --- "C:\Program Files\America Online 9.0\AOLphx.exe"
Thu 28 Jul 2005        31,832 A..H. --- "C:\Program Files\America Online 9.0\rbm.exe"
Sun 26 Jun 2005       616,448 A.SHR --- "C:\Program Files\Replay Converter\cygwin1.dll"
Wed 22 Jun 2005        45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
Mon  9 Dec 2002       102,437 A..HR --- "C:\Program Files\Replay Converter\drv13260.dll"
Mon  9 Dec 2002       176,165 A..HR --- "C:\Program Files\Replay Converter\drv23260.dll"
Mon  9 Dec 2002       208,935 A..HR --- "C:\Program Files\Replay Converter\drv33260.dll"
Mon  9 Dec 2002       217,127 A..HR --- "C:\Program Files\Replay Converter\drv43260.dll"
Sun  9 Jun 2002        40,448 A..HR --- "C:\Program Files\Replay Converter\dspr3260.dll"
Sat  3 Nov 2001       225,280 A..HR --- "C:\Program Files\Replay Converter\ivvideo.dll"
Tue 10 Apr 2001       225,280 A..HR --- "C:\Program Files\Replay Converter\qtmlClient.dll"
Fri 20 Feb 2004       232,960 A..HR --- "C:\Program Files\Replay Converter\raac.dll"
Sun  9 Jun 2002       525,824 A..HR --- "C:\Program Files\Replay Converter\rnco3260.dll"
Mon  9 Dec 2002       245,805 A..HR --- "C:\Program Files\Replay Converter\rnlt3260.dll"
Mon  9 Dec 2002        45,093 A..HR --- "C:\Program Files\Replay Converter\rv103260.dll"
Mon  9 Dec 2002        98,341 A..HR --- "C:\Program Files\Replay Converter\rv203260.dll"
Mon  9 Dec 2002        94,247 A..HR --- "C:\Program Files\Replay Converter\rv303260.dll"
Mon  9 Dec 2002        90,151 A..HR --- "C:\Program Files\Replay Converter\rv403260.dll"
Sun  9 Jun 2002        49,152 A..HR --- "C:\Program Files\Replay Converter\tokr3260.dll"
Sun 23 Dec 2007            22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Fri  9 Mar 2007        27,648 A.SH. --- "C:\WINDOWS\system32\AVSredirect.dll"
Thu 22 Nov 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun 18 Sep 2005       788,568 A..H. --- "C:\Program Files\Online Services\Canada\KOL\client.exe"
Wed 17 Aug 2005    13,459,528 A..H. --- "C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\nsb-install-8-0.exe"
Wed 17 Aug 2005       233,472 A..H. --- "C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\webutil8.exe"
Wed 17 Aug 2005       389,120 A..H. --- "C:\Program Files\Online Services\NetscapeOnline\Netscape Tech\WinsockFix.exe"
Fri 21 Mar 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT28B.tmp"
Fri 21 Mar 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT1F8.tmp"
Fri 21 Mar 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT313.tmp"
Sun  2 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT771.tmp"
Fri 21 Mar 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT2AB.tmp"
Fri 21 Mar 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT336.tmp"
Fri 21 Mar 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT262.tmp"
Thu 13 Mar 2008         2,105 ...HR --- "C:\Documents and Settings\HP_Administrator\Application Data\SecuROM\UserData\securom_v7_01.bak"
Wed 14 Dec 2005       200,704 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\ACST4.DLL"
Tue 22 Nov 2005        81,920 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\AOLFIREWALLMGR.DLL"
Tue 22 Nov 2005        73,728 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\AOLINSTALLERFW.DLL"
Wed 14 Dec 2005        88,064 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90\INSTPH.DLL"
Wed 14 Dec 2005       200,704 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\ACST4.DLL"
Tue 22 Nov 2005        81,920 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\AOLFIREWALLMGR.DLL"
Tue 22 Nov 2005        73,728 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\AOLINSTALLERFW.DLL"
Wed 14 Dec 2005        88,064 A..H. --- "C:\Program Files\Online Services\Aol\United States\AOL90E\INSTPH.DLL"
Tue 29 Apr 2008         5,946 A.SH. --- "C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE4.tmp"
Sun 18 Sep 2005        77,824 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\acs\AcsInstN.dll"
Sun 18 Sep 2005     6,961,146 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\acs\acsnet.zip"
Sun 18 Sep 2005     3,058,888 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\acs\acssetup.exe"
Sun 18 Sep 2005       307,289 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\asp\aspcheck.dll"
Sun 18 Sep 2005     7,083,361 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\asp\aspsetup.exe"
Wed 21 Sep 2005     1,960,296 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\autoit\autoit-v3.zip"
Sun 18 Sep 2005       550,488 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\deskbar\deskbr.exe"
Sun 18 Sep 2005       553,984 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\flash\FlashAX.exe"
Sun 18 Sep 2005     2,242,759 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\fw\nisale.exe"
Sun 18 Sep 2005        24,064 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\fw\NISChk.dll"
Sun 18 Sep 2005        57,344 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\ocp\ocpchk.dll"
Sun 18 Sep 2005       748,728 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\ocp\ocpinst.exe"
Sun 18 Sep 2005     7,515,304 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\qt\qt.exe"
Sun 18 Sep 2005        86,016 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\qt\QTInsInf.dll"
Sun 18 Sep 2005        45,056 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\RealChk.dll"
Sun 18 Sep 2005     5,111,296 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\RealPl8.EXE"
Sun 18 Sep 2005     4,378,673 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\real_upd.exe"
Sun 18 Sep 2005       360,448 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\rp\rp9codec.exe"
Sun 18 Sep 2005        40,960 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\sysinfo\SiNdInst.dll"
Sun 18 Sep 2005       473,736 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\sysinfo\SinfInst.exe"
Sun 18 Sep 2005        12,288 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tb\tbinst.dll"
Sun 18 Sep 2005       516,032 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tb\tbsetup.exe"
Sun 18 Sep 2005       597,080 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\toolbar\toolbr.exe"
Sun 18 Sep 2005       590,688 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tpspd\TSsetup.exe"
Sun 18 Sep 2005        57,344 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\tpspd\tsverchk.dll"
Sun 18 Sep 2005        49,152 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\vwpt\AOLVPChk.dll"
Sun 18 Sep 2005        61,440 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\vwpt\VPPrePop.exe"
Sun 18 Sep 2005     3,858,056 A..H. --- "C:\Program Files\Online Services\Canada\KOL\comps\vwpt\Vwpt.exe"
Sun 27 Jan 2008         6,002 A.SH. --- "C:\Documents and Settings\All Users\Documents\My Music\Recorded TV\TempRec\TempSBE\SBE3.tmp"

[b]Finished![/b]





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:42 AM, on 4/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system\wcdvtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1165269803\ee\AOLSoftware.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\common files\aol\1165269803\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1165269803\ee\aolsoftware.exe
c:\program files\common files\aol\1165269803\ee\anotify.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Temporary Directory 2 for HiJackThisv2.02.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.yahoo.com/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop[/url]
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4910555f-d0b5-4ac5-9cab-309f5fd2b031} - C:\WINDOWS\system32\wwvleyt.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {71B3C100-4FD1-4019-A54D-0817EC24A987} - C:\Program Files\Movie Maker\sazemaz4444.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {76880005-92FE-4C25-BAE1-922339D74EFA} - C:\Program Files\Movie Maker\sazemaz83122.dll (file missing)
O2 - BHO: (no name) - {9867759B-01A9-4372-8916-84B16224B3FC} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - C:\WINDOWS\system32\iifedaa.dll (file missing)
O2 - BHO: (no name) - {EA7268C7-9F6F-4788-8003-F29BB591AC53} - C:\WINDOWS\system32\mllmn.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1165269803\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BM258d2c07] Rundll32.exe "C:\WINDOWS\system32\nabcgmxx.dll",s
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [26be1f9b] rundll32.exe "C:\WINDOWS\system32\bwgwcmss.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HyperIM] C:\Program Files\HyperIM\HyperIM.exe -min
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0\AOL.EXE" -b (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0\AOL.EXE" -b (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0683FC48-7E08-488F-9FCD-4AE58EA14CF6} (PlayLinc(tm) Class) - [url]http://beta.playlinc.com/activex/PlayLincManager.ocx[/url]
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Slingo Deluxe\Images\stg_drm.ocx
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - [url]http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab[/url]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - [url]http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab[/url]
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - [url]http://www.infospace.com/mypoints.main/tbar/mypointsSetup.exe[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url]http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab[/url]
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Slingo Deluxe\Images\armhelper.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [url]http://zone.msn.com/bingame/popcaploader_v10.cab[/url]
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - [url]http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5234/mcfscan.cab[/url]
O20 - Winlogon Notify: iifedaa - iifedaa.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)

--
End of file - 15513 bytes

You are running hijackthis directly from the zip file. Please unzip it to a permanent folder before running it again.

Still have some nasties on board.

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

ok I should also not one pop up at all : )

here is the Combo Fix log

ComboFix 08-04-26.3 - HP_Administrator 2008-04-30 16:24:27.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2396 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ContextTool
C:\Program Files\ContextTool\ContextHelper.dat
C:\Program Files\outlook
C:\Temp\tpBe12
C:\Temp\tpBe12\etFr.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\IA
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\abc2
C:\WINDOWS\system32\abc2\bmbrpl2.exe
C:\WINDOWS\system32\amwlnidw.ini
C:\WINDOWS\system32\anfmsund.ini
C:\WINDOWS\system32\avlxidls.ini
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\budioxwd.ini
C:\WINDOWS\system32\cnjcppcy.ini
C:\WINDOWS\system32\edakbjnx.ini
C:\WINDOWS\system32\ex1
C:\WINDOWS\system32\fksgwnkh.ini
C:\WINDOWS\system32\gdsxfqrs.ini
C:\WINDOWS\system32\gzmrot-uninst.exe
C:\WINDOWS\system32\ipd1
C:\WINDOWS\system32\ivciedqc.ini
C:\WINDOWS\system32\jjllm.ini
C:\WINDOWS\system32\jjllm.ini2
C:\WINDOWS\system32\khweydbl.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oc9
C:\WINDOWS\system32\ojhtywgh.ini
C:\WINDOWS\system32\qfoufkgu.ini
C:\WINDOWS\system32\shel9
C:\WINDOWS\system32\ssmcwgwb.ini
C:\WINDOWS\system32\tsngkaqt.ini
C:\WINDOWS\system32\ttmlfmhq.ini
C:\WINDOWS\system32\tubqyqmi.ini
C:\WINDOWS\system32\ufcvugpk.ini
C:\WINDOWS\system32\uhdvrqmn.ini
C:\WINDOWS\system32\uswqbtwc.ini
C:\WINDOWS\system32\utfcyahf.ini
C:\WINDOWS\system32\wjcrlmeg.ini
C:\WINDOWS\system32\xdemlwdn.ini
D:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2008-03-28 to 2008-04-30  )))))))))))))))))))))))))))))))
.

2008-04-29 07:54 . 2008-04-29 07:54 664 --a------   C:\WINDOWS\system32\d3d9caps.dat
2008-04-29 07:29 . 2008-04-29 07:29 <DIR>    d--------   C:\WINDOWS\ERUNT
2008-04-28 23:06 . 2008-04-28 23:07 4   --a------   C:\WINDOWS\system32\[u]0[/u]0F67B
2008-04-28 16:22 . 2004-08-04 00:56 116,224 --a------   C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-04-28 16:22 . 2001-08-17 22:37 99,865  --a------   C:\WINDOWS\system32\dllcache\xlog.exe
2008-04-28 16:22 . 2001-08-17 22:37 27,648  --a------   C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-04-28 16:22 . 2001-08-17 22:36 23,040  --a------   C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-04-28 16:22 . 2004-08-03 22:29 19,455  --a------   C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-04-28 16:22 . 2001-08-17 22:36 17,408  --a------   C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-04-28 16:22 . 2001-08-17 12:11 16,970  --a------   C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-04-28 16:22 . 2004-08-03 22:29 12,063  --a------   C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-04-28 16:22 . 2004-08-04 00:56 8,192   --a------   C:\WINDOWS\system32\dllcache\wshirda.dll
2008-04-28 16:22 . 2001-08-17 22:37 4,608   --a------   C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-04-28 16:20 . 2001-08-17 13:28 794,654 --a------   C:\WINDOWS\system32\dllcache\usr1801.sys
2008-04-28 16:19 . 2001-08-17 22:36 525,568 --a------   C:\WINDOWS\system32\dllcache\tridxp.dll
2008-04-28 16:18 . 2001-08-17 12:18 285,760 --a------   C:\WINDOWS\system32\dllcache\stlnata.sys
2008-04-28 16:17 . 2001-08-17 14:56 147,200 --a------   C:\WINDOWS\system32\dllcache\smidispb.dll
2008-04-28 16:16 . 2004-08-03 22:41 404,990 --a------   C:\WINDOWS\system32\dllcache\slntamr.sys
2008-04-28 16:15 . 2001-08-17 22:36 495,616 --a------   C:\WINDOWS\system32\dllcache\sblfx.dll
2008-04-28 16:14 . 2001-08-17 13:28 899,146 --a------   C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-04-28 16:13 . 2004-08-04 00:56 259,328 --a------   C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-04-28 16:12 . 2001-08-17 14:05 351,616 --a------   C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-04-28 16:11 . 2004-08-03 22:41 180,360 --a------   C:\WINDOWS\system32\dllcache\ntmtlfax.sys
2008-04-28 16:10 . 2004-08-04 00:56 1,737,856   --a------   C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-04-28 16:09 . 2001-08-17 13:28 802,683 --a------   C:\WINDOWS\system32\dllcache\ltsm.sys
2008-04-28 16:08 . 2001-08-17 22:36 372,824 --a------   C:\WINDOWS\system32\dllcache\iconf32.dll
2008-04-28 16:07 . 2004-08-03 22:41 1,041,536   --a------   C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2008-04-28 16:06 . 2001-08-17 14:56 1,733,120   --a------   C:\WINDOWS\system32\dllcache\g400d.dll
2008-04-28 16:05 . 2001-08-17 12:17 629,952 --a------   C:\WINDOWS\system32\dllcache\eqn.sys
2008-04-28 16:04 . 2001-08-17 12:14 952,007 --a------   C:\WINDOWS\system32\dllcache\diwan.sys
2008-04-28 16:03 . 2001-08-17 12:13 980,034 --a------   C:\WINDOWS\system32\dllcache\cicap.sys
2008-04-28 16:02 . 2004-08-04 00:56 1,888,992   --a------   C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-04-28 16:01 . 2001-08-17 13:28 762,780 --a------   C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-04-28 15:54 . 2001-08-17 14:56 66,048  --a------   C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-04-28 14:55 . 2008-04-28 14:55 <DIR>    d--hs----   C:\found.000
2008-04-27 14:25 . 2008-04-27 14:25 <DIR>    d--------   C:\Program Files\AXIS WIPE
2008-04-25 08:13 . 2008-04-30 16:33 54,156  --ah-----   C:\WINDOWS\QTFont.qfn
2008-04-25 08:13 . 2008-04-25 08:13 1,409   --a------   C:\WINDOWS\QTFont.for
2008-04-25 07:58 . 2008-04-25 07:58 <DIR>    d--------   C:\Program Files\The Weather Channel FW
2008-04-14 23:01 . 2008-04-14 23:04 <DIR>    d--------   C:\Program Files\PokerStars.NET
2008-04-14 19:13 . 2008-04-14 19:13 256 --a------   C:\Documents and Settings\HP_Administrator\pool.bin
2008-04-14 18:23 . 2008-04-14 18:23 203,776 --a------   C:\WINDOWS\system32\clrviddc.dll
2008-04-10 21:08 . 2008-04-25 08:20 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\part dead amok eggs
2008-04-10 21:03 . 2008-03-27 16:03 372,736 --a------   C:\WINDOWS\system32\MtRepair2.exe
2008-04-10 21:03 . 2008-03-27 16:03 372,736 --a------   C:\WINDOWS\system32\MtRepair1.exe
2008-04-10 21:02 . 2008-03-27 14:45 385,024 --a------   C:\WINDOWS\system32\WinNB54.dll
2008-04-10 20:45 . 2008-04-10 20:45 <DIR>    d--------   C:\Program Files\Siber Systems
2008-04-10 20:45 . 2008-04-10 20:45 <DIR>    d--------   C:\Documents and Settings\HP_Administrator\Application Data\GoodSync
2008-04-10 15:56 . 2008-04-10 18:32 <DIR>    d--------   C:\Program Files\mypoints
2008-04-10 15:56 . 2008-04-25 14:35 <DIR>    d--------   C:\Documents and Settings\HP_Administrator\Application Data\mypoints
2008-04-09 19:05 . 2008-04-09 19:11 <DIR>    d--------   C:\Program Files\Microsoft SQL Server
2008-04-09 18:54 . 2008-04-10 16:00 <DIR>    d--------   C:\Program Files\blinkx BroadbandTV
2008-04-09 18:31 . 2008-04-09 18:31 <DIR>    d--------   C:\Program Files\Common Files\xing shared
2008-04-08 19:24 . 2008-04-08 19:24 <DIR>    d--------   C:\Documents and Settings\HP_Administrator\Application Data\vlc
2008-04-08 19:23 . 2008-04-08 19:23 <DIR>    d--------   C:\Program Files\VideoLAN
2008-04-06 20:00 . 2008-04-06 20:00 96,577  --a------   C:\WINDOWS\hpqins16.dat
2008-04-06 19:56 . 2007-03-04 07:55 1,936,528   --a------   C:\WINDOWS\system32\ltmm15.dll
2008-04-06 19:55 . 2008-04-06 19:56 <DIR>    d--------   C:\Program Files\Replay Converter
2008-04-06 19:55 . 2008-04-06 19:55 <DIR>    d--------   C:\Documents and Settings\HP_Administrator\Application Data\GetRightToGo
2008-04-06 19:55 . 2008-04-06 19:55 737,280 --a------   C:\WINDOWS\iun6002.exe
2008-04-06 19:55 . 2007-03-04 07:55 135,168 --a------   C:\WINDOWS\system32\DSKernel2.dll
2008-03-29 20:41 . 2008-03-29 20:41 <DIR>    d--------   C:\WINDOWS\Replay Media Catcher
2008-03-29 20:41 . 2008-04-06 20:00 <DIR>    d--------   C:\Program Files\Replay Media Catcher
2008-03-28 23:37 . 2008-03-28 23:37 90,112  --a------   C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344  --a------   C:\WINDOWS\system32\QuickTime.qts
2008-03-20 14:42 . 2008-04-09 19:09 <DIR>    d--------   C:\Program Files\Microsoft.NET
2008-03-20 14:40 . 2008-03-20 14:40 <DIR>    dr-h-----   C:\MSOCache
2008-03-20 13:58 . 2008-04-10 18:18 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-20 13:43 . 2008-03-20 13:43 <DIR>    d--------   C:\Program Files\Mogul User Guide
2008-03-20 13:43 . 2005-10-20 21:47 30,592  ---------   C:\WINDOWS\system32\drivers\rndismpx.sys
2008-03-20 13:43 . 2005-10-20 21:47 30,592  --a------   C:\WINDOWS\system32\dllcache\rndismpx.sys
2008-03-20 13:43 . 2005-10-20 21:47 12,800  ---------   C:\WINDOWS\system32\drivers\usb8023x.sys
2008-03-20 13:43 . 2005-10-20 21:47 12,800  --a------   C:\WINDOWS\system32\dllcache\usb8023x.sys
2008-03-13 18:03 . 2008-03-13 18:03 <DIR>    d--------   C:\Program Files\Microsoft Silverlight
2008-03-10 20:03 . 2008-03-10 20:03 <DIR>    d--------   C:\Documents and Settings\HP_Administrator\Application Data\funkitron
2008-03-09 19:15 . 2008-04-06 21:58 <DIR>    d--------   C:\Documents and Settings\HP_Administrator\dwhelper
2008-03-08 20:14 . 2008-03-08 20:14 1,167   --a------   C:\WINDOWS\mozver.dat
2008-03-08 20:00 . 2008-03-08 20:00 <DIR>    d--------   C:\Documents and Settings\HP_Administrator\Application Data\Talkback
2008-03-07 18:16 . 2008-03-07 18:16 <DIR>    d--------   C:\Program Files\Akamai
2008-03-07 18:16 . 2008-03-07 18:16 <DIR>    d--------   C:\Documents and Settings\HP_Administrator\Application Data\Download Manager
2008-03-06 03:35 . 2008-04-10 21:02 <DIR>    d--------   C:\Program Files\FBrowserAdvisor
2008-03-06 03:35 . 2006-04-15 00:05 9,952   --a------   C:\regxpcom.exe
2008-03-04 22:38 . 2008-03-04 22:38 <DIR>    d--------   C:\Documents and Settings\HP_Administrator\Application Data\QQ Games Plugin
2008-03-04 22:37 . 2008-03-04 22:37 <DIR>    d--------   C:\Program Files\Tencent
2008-03-04 22:36 . 2008-03-04 22:36 <DIR>    d--------   C:\Program Files\AOL Search

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 02:26    ---------   d-----w C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-04-28 19:02    ---------   d-----w C:\Program Files\Winamp Remote
2008-04-24 18:34    ---------   d-----w C:\Program Files\QuickTime
2008-04-24 18:30    ---------   d-----w C:\Program Files\Apple Software Update
2008-04-23 22:28    8,734   ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2008-04-16 22:11    ---------   d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-04-11 00:26    ---------   d-----w C:\Program Files\America Online 9.0
2008-04-09 22:31    ---------   d-----w C:\Program Files\Common Files\Real
2008-03-26 11:41    ---------   d-----w C:\Program Files\Java
2008-03-23 16:41    ---------   d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-20 18:43    ---------   d-----w C:\Program Files\Microsoft Works
2008-03-20 17:43    ---------   d-----w C:\Program Files\Microsoft ActiveSync
2008-03-05 02:37    ---------   d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-03-05 02:37    ---------   d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-05 02:36    ---------   d-----w C:\Program Files\Viewpoint
2008-02-29 00:20    ---------   d-----w C:\Program Files\Common Files\Adobe
2008-02-28 05:00    ---------   d-----w C:\Documents and Settings\HP_Administrator\Application Data\Yahoo!
2008-02-12 01:21    32  ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-10-26 16:42    183,712 ----a-w C:\Program Files\drmwizard.exe
2007-10-26 02:39    300,159 ----a-w C:\Program Files\Winamp_Essentials.exe
2007-10-26 02:21    595 ----a-w C:\Program Files\HyperIM 2.13 [Aug 6 2007].torrent
2007-10-26 02:12    1,315,846   ----a-w C:\Program Files\minilyrics.exe
2007-10-25 20:41    1,166,340   ----a-w C:\Program Files\MiniLyrics3.exe
2007-10-25 20:33    1,164,398   ----a-w C:\Program Files\LyricFX_2.exe
2007-10-25 20:29    8,454,584   ----a-w C:\Program Files\winamp55_full_emusic-7plus_en-us.exe
2007-07-21 02:51    182,131,744 ----a-w C:\Program Files\Nero-7.10.1.0_eng_trial_wch.exe
2006-12-31 05:59    1,944,940   ----a-w C:\Program Files\HTDDW660.pdf
2006-12-27 05:58    3,148,680   ----a-w C:\Program Files\sp26468.exe
2007-12-23 04:10    22  --sha-w C:\WINDOWS\SMINST\HPCD.sys
2007-03-09 07:12    27,648  --sha-w C:\WINDOWS\system32\AVSredirect.dll
2007-12-19 01:55    6,904   --sha-w C:\WINDOWS\system32\nmllm.ini2
2007-12-29 16:55    518,615 --sha-w C:\WINDOWS\system32\pstwa.ini2
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4910555f-d0b5-4ac5-9cab-309f5fd2b031}]
2007-12-15 16:10    171520  --a------   C:\WINDOWS\system32\wwvleyt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2008-01-03 12:27    111968  --a------   C:\Program Files\AOL Search\AOLSearch.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71B3C100-4FD1-4019-A54D-0817EC24A987}]
            C:\Program Files\Movie Maker\sazemaz4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76880005-92FE-4C25-BAE1-922339D74EFA}]
            C:\Program Files\Movie Maker\sazemaz83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9867759B-01A9-4372-8916-84B16224B3FC}]
            C:\WINDOWS\system32\mlljj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-CEC4-75A487FD6484}]
2007-10-02 16:31    1909248 --a------   C:\PROGRA~1\mypoints\mypoints.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA7268C7-9F6F-4788-8003-F29BB591AC53}]
            C:\WINDOWS\system32\mllmn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= "C:\PROGRA~1\mypoints\mypoints.dll" [2007-10-02 16:31 1909248]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= C:\PROGRA~1\mypoints\mypoints.dll [2007-10-02 16:31 1909248]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-28 17:28 50776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 18:34 249856]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-09 18:30 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16:05 16239616 C:\WINDOWS\RTHDCPL.EXE]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 18:14 237568]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-04-09 18:30 214560]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"PCDrProfiler"="" []
"OWCWebCamDV"="C:\WINDOWS\system\wcdvtray.exe" [2004-05-20 08:59 1056768]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [ ]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"HostManager"="C:\Program Files\Common Files\AOL\1165269803\ee\AOLSoftware.exe" [2006-09-25 20:52 50736]
"ftutil2"="ftutil2.dll" [2004-06-07 10:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 16:56 64512]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 05:05 90112]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"BM258d2c07"="C:\WINDOWS\system32\nabcgmxx.dll" [ ]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50 71216]
"AOLAspSunset2"="C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"26be1f9b"="C:\WINDOWS\system32\bwgwcmss.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="C:\PROGRA~1\AMERIC~1.0\AOL.exe" [2005-07-28 17:28 50776]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-08-19 17:55:11 27136]
PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-08-19 17:55:11 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifedaa]
iifedaa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\PROGRA~1\REPLAY~2\iac25_32.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^IMVU.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\IMVU.lnk
backup=C:\WINDOWS\pss\IMVU.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--a--c--- 2005-08-02 19:19 77312 C:\WINDOWS\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2005-07-28 17:28 50776 C:\Program Files\America Online 9.0\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
--a------ 2007-12-20 08:10 715888 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HyperIM]
C:\Program Files\HyperIM\HyperIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-09-19 21:48 455968 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-03-31 21:54 507904 C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"msfwsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1165269803\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Common Files\\AOL\\1165269803\\EE\\aolsoftware.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\iTunes\\iTunesHelper.exe"=
"C:\\Program Files\\America Online 9.0\\aol.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Rhapsody\\rhapsody.exe"=
"C:\\Program Files\\Rhapsody\\WiseUpd2.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R2 WebCamDV;WebCamDV DV to Webcam Converter;C:\WINDOWS\system32\DRIVERS\WebCamDV.sys [2004-05-11 06:27]
S3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;C:\WINDOWS\system32\drivers\wcdvaud.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2b12cf2-38af-11dc-a280-00038a000015}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 19:57:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-06-03 08:02:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exef/remind /LaunchPoint reminder /App C:\Program Files\Hewlett-Packard\Easy Internet signup\StartEIS.aml
"2008-04-25 07:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-04-30 16:33:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\America Online 9.0\waol.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Common Files\AOL\1165269803\EE\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\America Online 9.0\shellmon.exe
.
**************************************************************************
.
Completion time: 2008-04-30 16:44:38 - machine was rebooted [HP_Administrator]
ComboFix-quarantined-files.txt  2008-04-30 20:44:22

Pre-Run: 263,225,376,768 bytes free
Post-Run: 264,191,250,432 bytes free

406 --- E O F ---   2008-04-11 05:56:28

here is the HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:48:58 PM, on 4/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system\wcdvtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1165269803\ee\AOLSoftware.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\America Online 9.0\waol.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\aol\1165269803\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1165269803\ee\aolsoftware.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.yahoo.com/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop[/url]
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4910555f-d0b5-4ac5-9cab-309f5fd2b031} - C:\WINDOWS\system32\wwvleyt.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {71B3C100-4FD1-4019-A54D-0817EC24A987} - C:\Program Files\Movie Maker\sazemaz4444.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {76880005-92FE-4C25-BAE1-922339D74EFA} - C:\Program Files\Movie Maker\sazemaz83122.dll (file missing)
O2 - BHO: (no name) - {9867759B-01A9-4372-8916-84B16224B3FC} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: (no name) - {EA7268C7-9F6F-4788-8003-F29BB591AC53} - C:\WINDOWS\system32\mllmn.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1165269803\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BM258d2c07] Rundll32.exe "C:\WINDOWS\system32\nabcgmxx.dll",s
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [26be1f9b] rundll32.exe "C:\WINDOWS\system32\bwgwcmss.dll",b
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0\AOL.EXE" -b (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0\AOL.EXE" -b (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0683FC48-7E08-488F-9FCD-4AE58EA14CF6} (PlayLinc(tm) Class) - [url]http://beta.playlinc.com/activex/PlayLincManager.ocx[/url]
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Slingo Deluxe\Images\stg_drm.ocx
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - [url]http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab[/url]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - [url]http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab[/url]
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - [url]http://www.infospace.com/mypoints.main/tbar/mypointsSetup.exe[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url]http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab[/url]
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Slingo Deluxe\Images\armhelper.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [url]http://zone.msn.com/bingame/popcaploader_v10.cab[/url]
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - [url]http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5234/mcfscan.cab[/url]
O20 - Winlogon Notify: iifedaa - iifedaa.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13636 bytes

Viewpoint Manager is considered to be foistware, rather than malware, since it is installed without users approval, but doesn't spy or do anything "bad". Please read this article: http://www.clickz.com/news/article.php/3561546
I suggest that you remove the program. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
Viewpoint
Viewpoint Manager
Viewpoint Media Player

====

A. Please RUN HijackThis Click the SCAN button to produce a log.
Place a check mark beside each one of the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop

O2 - BHO: (no name) - {4910555f-d0b5-4ac5-9cab-309f5fd2b031} - C:\WINDOWS\system32\wwvleyt.dll
O2 - BHO: (no name) - {71B3C100-4FD1-4019-A54D-0817EC24A987} - C:\Program Files\Movie Maker\sazemaz4444.dll (file missing)
O2 - BHO: (no name) - {76880005-92FE-4C25-BAE1-922339D74EFA} - C:\Program Files\Movie Maker\sazemaz83122.dll (file missing)
O2 - BHO: (no name) - {9867759B-01A9-4372-8916-84B16224B3FC} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: (no name) - {EA7268C7-9F6F-4788-8003-F29BB591AC53} - C:\WINDOWS\system32\mllmn.dll (file missing)

O4 - HKLM\..\Run: [BM258d2c07] Rundll32.exe "C:\WINDOWS\system32\nabcgmxx.dll",s
O4 - HKLM\..\Run: [26be1f9b] rundll32.exe "C:\WINDOWS\system32\bwgwcmss.dll",b

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O20 - Winlogon Notify: iifedaa - iifedaa.dll (file missing)
Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.
B. 1. Please open Notepad Click Start , then Run
Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\WINDOWS\system32\wwvleyt.dll
C:\WINDOWS\system32\bwgwcmss.dll
C:\WINDOWS\system32\nabcgmxx.dll
Folder::
C:\Program Files\AXIS WIPE
C:\Documents and Settings\All Users\Application Data\part dead amok eggs

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), pleasere-enable all the programs that were disabled during the running of ComboFix then post the following reports/logs into your next reply:Combofix.txt
A new HijackThis log.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

ok I should also not one pop up at all : )

here is the Combo Fix log
(SNIP)

So Sorry... about not replying sooner i had to leave for an family emergency: (
I did delete all the things you did ask but I did not other then download run the last step which i you had posted , which was jsut for my computer.. should i follow those steps at this time ? and continue... or do i need to run another HJT log?

No worries. You need to follow the steps from my last post and post both logs back here.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:50 AM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system\wcdvtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1165269803\ee\AOLSoftware.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\America Online 9.0\waol.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\program files\common files\aol\1165269803\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1165269803\ee\aolsoftware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.yahoo.com/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {76880005-92FE-4C25-BAE1-922339D74EFA} - C:\Program Files\Movie Maker\sazemaz83122.dll (file missing)
O2 - BHO: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1165269803\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0\AOL.EXE" -b (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0\AOL.EXE" -b (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0683FC48-7E08-488F-9FCD-4AE58EA14CF6} (PlayLinc(tm) Class) - [url]http://beta.playlinc.com/activex/PlayLincManager.ocx[/url]
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Slingo Deluxe\Images\stg_drm.ocx
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - [url]http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab[/url]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - [url]http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab[/url]
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - [url]http://www.infospace.com/mypoints.main/tbar/mypointsSetup.exe[/url]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url]http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab[/url]
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Slingo Deluxe\Images\armhelper.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [url]http://zone.msn.com/bingame/popcaploader_v10.cab[/url]
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - [url]http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5234/mcfscan.cab[/url]
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12214 bytes

ComboFix 08-04-26.3 - HP_Administrator 2008-05-06 11:32:13.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2600 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt
 * Created a new restore point

FILE ::
C:\WINDOWS\system32\bwgwcmss.dll
C:\WINDOWS\system32\nabcgmxx.dll
C:\WINDOWS\system32\wwvleyt.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\part dead amok eggs
C:\Program Files\AXIS WIPE

.
(((((((((((((((((((((((((   Files Created from 2008-04-06 to 2008-05-06  )))))))))))))))))))))))))))))))
.

2008-05-01 16:05 . 2008-05-01 16:05 <DIR>    d--------   C:\Documents and Settings\NetworkService\Application Data\Yahoo!
2008-05-01 16:05 . 2008-05-01 16:05 <DIR>    d--------   C:\Documents and Settings\NetworkService\Application Data\MYPOINTS
2008-04-30 22:35 . 2008-04-30 22:35 <DIR>    d--------   C:\Documents and Settings\HP_Administrator\Application Data\Viewpoint
2008-04-30 22:35 . 2008-04-30 22:35 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-29 07:54 . 2008-04-29 07:54 664 --a------   C:\WINDOWS\system32\d3d9caps.dat
2008-04-29 07:29 . 2008-04-29 07:29 <DIR>    d--------   C:\WINDOWS\ERUNT
2008-04-28 23:06 . 2008-05-01 19:51 4   --a------   C:\WINDOWS\system32\[u]0[/u]0F67B
2008-04-28 16:22 . 2004-08-04 00:56 116,224 --a------   C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-04-28 16:22 . 2001-08-17 22:37 99,865  --a------   C:\WINDOWS\system32\dllcache\xlog.exe
2008-04-28 16:22 . 2001-08-17 22:37 27,648  --a------   C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-04-28 16:22 . 2001-08-17 22:36 23,040  --a------   C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-04-28 16:22 . 2004-08-03 22:29 19,455  --a------   C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-04-28 16:22 . 2001-08-17 22:36 17,408  --a------   C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-04-28 16:22 . 2001-08-17 12:11 16,970  --a------   C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-04-28 16:22 . 2004-08-03 22:29 12,063  --a------   C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-04-28 16:22 . 2004-08-04 00:56 8,192   --a------   C:\WINDOWS\system32\dllcache\wshirda.dll
2008-04-28 16:22 . 2001-08-17 22:37 4,608   --a------   C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-04-28 16:20 . 2001-08-17 13:28 794,654 --a------   C:\WINDOWS\system32\dllcache\usr1801.sys
2008-04-28 16:19 . 2001-08-17 22:36 525,568 --a------   C:\WINDOWS\system32\dllcache\tridxp.dll
2008-04-28 16:18 . 2001-08-17 12:18 285,760 --a------   C:\WINDOWS\system32\dllcache\stlnata.sys
2008-04-28 16:17 . 2001-08-17 14:56 147,200 --a------   C:\WINDOWS\system32\dllcache\smidispb.dll
2008-04-28 16:16 . 2004-08-03 22:41 404,990 --a------   C:\WINDOWS\system32\dllcache\slntamr.sys
2008-04-28 16:15 . 2001-08-17 22:36 495,616 --a------   C:\WINDOWS\system32\dllcache\sblfx.dll
2008-04-28 16:14 . 2001-08-17 13:28 899,146 --a------   C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-04-28 16:13 . 2004-08-04 00:56 259,328 --a------   C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-04-28 16:12 . 2001-08-17 14:05 351,616 --a------   C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-04-28 16:11 . 2004-08-03 22:41 180,360 --a------   C:\WINDOWS\system32\dllcache\ntmtlfax.sys
2008-04-28 16:10 . 2004-08-04 00:56 1,737,856   --a------   C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-04-28 16:09 . 2001-08-17 13:28 802,683 --a------   C:\WINDOWS\system32\dllcache\ltsm.sys
2008-04-28 16:08 . 2001-08-17 22:36 372,824 --a------   C:\WINDOWS\system32\dllcache\iconf32.dll
2008-04-28 16:07 . 2004-08-03 22:41 1,041,536   --a------   C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2008-04-28 16:06 . 2001-08-17 14:56 1,733,120   --a------   C:\WINDOWS\system32\dllcache\g400d.dll
2008-04-28 16:05 . 2001-08-17 12:17 629,952 --a------   C:\WINDOWS\system32\dllcache\eqn.sys
2008-04-28 16:04 . 2001-08-17 12:14 952,007 --a------   C:\WINDOWS\system32\dllcache\diwan.sys
2008-04-28 16:03 . 2001-08-17 12:13 980,034 --a------   C:\WINDOWS\system32\dllcache\cicap.sys
2008-04-28 16:02 . 2004-08-04 00:56 1,888,992   --a------   C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-04-28 16:01 . 2001-08-17 13:28 762,780 --a------   C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-04-28 15:54 . 2001-08-17 14:56 66,048  --a------   C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-04-28 14:55 . 2008-04-28 14:55 <DIR>    d--hs----   C:\found.000
2008-04-25 08:13 . 2008-05-06 11:37 54,156  --ah-----   C:\WINDOWS\QTFont.qfn
2008-04-25 08:13 . 2008-04-25 08:13 1,409   --a------   C:\WINDOWS\QTFont.for
2008-04-25 07:58 . 2008-04-25 07:58 <DIR>    d--------   C:\Program Files\The Weather Channel FW
2008-04-14 23:01 . 2008-04-14 23:04 <DIR>    d--------   C:\Program Files\PokerStars.NET
2008-04-14 19:13 . 2008-04-14 19:13 256 --a------   C:\Documents and Settings\HP_Administrator\pool.bin
2008-04-14 18:23 . 2008-04-14 18:23 203,776 --a------   C:\WINDOWS\system32\clrviddc.dll
2008-04-10 21:03 . 2008-03-27 16:03 372,736 --a------   C:\WINDOWS\system32\MtRepair2.exe
2008-04-10 21:03 . 2008-03-27 16:03 372,736 --a------   C:\WINDOWS\system32\MtRepair1.exe
2008-04-10 21:02 . 2008-03-27 14:45 385,024 --a------   C:\WINDOWS\system32\WinNB54.dll
2008-04-10 20:45 . 2008-04-10 20:45 <DIR>    d--------   C:\Program Files\Siber Systems
2008-04-10 20:45 . 2008-04-10 20:45 <DIR>    d--------   C:\Documents and Settings\HP_Administrator\Application Data\GoodSync
2008-04-10 15:56 . 2008-04-10 18:32 <DIR>    d--------   C:\Program Files\mypoints
2008-04-10 15:56 . 2008-04-25 14:35 <DIR>    d--------   C:\Documents and Settings\HP_Administrator\Application Data\mypoints
2008-04-09 19:05 . 2008-04-09 19:11 <DIR>    d--------   C:\Program Files\Microsoft SQL Server
2008-04-09 18:54 . 2008-04-10 16:00 <DIR>    d--------   C:\Program Files\blinkx BroadbandTV
2008-04-09 18:31 . 2008-04-09 18:31 <DIR>    d--------   C:\Program Files\Common Files\xing shared
2008-04-08 19:24 . 2008-04-08 19:24 <DIR>    d--------   C:\Documents and Settings\HP_Administrator\Application Data\vlc
2008-04-08 19:23 . 2008-04-08 19:23 <DIR>    d--------   C:\Program Files\VideoLAN
2008-04-06 20:00 . 2008-04-06 20:00 96,577  --a------   C:\WINDOWS\hpqins16.dat
2008-04-06 19:56 . 2007-03-04 07:55 1,936,528   --a------   C:\WINDOWS\system32\ltmm15.dll
2008-04-06 19:55 . 2008-04-06 19:56 <DIR>    d--------   C:\Program Files\Replay Converter
2008-04-06 19:55 . 2008-04-06 19:55 <DIR>    d--------   C:\Documents and Settings\HP_Administrator\Application Data\GetRightToGo
2008-04-06 19:55 . 2008-04-06 19:55 737,280 --a------   C:\WINDOWS\iun6002.exe
2008-04-06 19:55 . 2007-03-04 07:55 135,168 --a------   C:\WINDOWS\system32\DSKernel2.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 02:23    ---------   d-----w C:\Program Files\Viewpoint
2008-04-29 02:26    ---------   d-----w C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-04-28 19:02    ---------   d-----w C:\Program Files\Winamp Remote
2008-04-24 18:34    ---------   d-----w C:\Program Files\QuickTime
2008-04-24 18:30    ---------   d-----w C:\Program Files\Apple Software Update
2008-04-23 22:28    8,734   ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2008-04-16 22:11    ---------   d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-04-11 01:02    ---------   d-----w C:\Program Files\FBrowserAdvisor
2008-04-11 00:26    ---------   d-----w C:\Program Files\America Online 9.0
2008-04-10 22:18    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-09 23:09    ---------   d-----w C:\Program Files\Microsoft.NET
2008-04-09 22:31    ---------   d-----w C:\Program Files\Common Files\Real
2008-04-07 00:00    ---------   d-----w C:\Program Files\Replay Media Catcher
2008-03-26 11:41    ---------   d-----w C:\Program Files\Java
2008-03-23 16:41    ---------   d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-20 18:43    ---------   d-----w C:\Program Files\Microsoft Works
2008-03-20 17:43    ---------   d-----w C:\Program Files\Mogul User Guide
2008-03-20 17:43    ---------   d-----w C:\Program Files\Microsoft ActiveSync
2008-03-13 22:03    ---------   d-----w C:\Program Files\Microsoft Silverlight
2008-03-11 00:03    ---------   d-----w C:\Documents and Settings\HP_Administrator\Application Data\funkitron
2008-03-09 00:00    ---------   d-----w C:\Documents and Settings\HP_Administrator\Application Data\Talkback
2008-03-07 22:16    ---------   d-----w C:\Program Files\Akamai
2008-03-07 22:16    ---------   d-----w C:\Documents and Settings\HP_Administrator\Application Data\Download Manager
2008-02-12 01:21    32  ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-10-26 16:42    183,712 ----a-w C:\Program Files\drmwizard.exe
2007-10-26 02:39    300,159 ----a-w C:\Program Files\Winamp_Essentials.exe
2007-10-26 02:21    595 ----a-w C:\Program Files\HyperIM 2.13 [Aug 6 2007].torrent
2007-10-26 02:12    1,315,846   ----a-w C:\Program Files\minilyrics.exe
2007-10-25 20:41    1,166,340   ----a-w C:\Program Files\MiniLyrics3.exe
2007-10-25 20:33    1,164,398   ----a-w C:\Program Files\LyricFX_2.exe
2007-10-25 20:29    8,454,584   ----a-w C:\Program Files\winamp55_full_emusic-7plus_en-us.exe
2007-07-21 02:51    182,131,744 ----a-w C:\Program Files\Nero-7.10.1.0_eng_trial_wch.exe
2006-12-31 05:59    1,944,940   ----a-w C:\Program Files\HTDDW660.pdf
2006-12-27 05:58    3,148,680   ----a-w C:\Program Files\sp26468.exe
2007-12-23 04:10    22  --sha-w C:\WINDOWS\SMINST\HPCD.sys
2007-03-09 07:12    27,648  --sha-w C:\WINDOWS\system32\AVSredirect.dll
2007-12-19 01:55    6,904   --sha-w C:\WINDOWS\system32\nmllm.ini2
2007-12-29 16:55    518,615 --sha-w C:\WINDOWS\system32\pstwa.ini2
.

(((((((((((((((((((((((((((((   snapshot@2008-04-30_16.44.07.73   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-30 20:33:15   2,048   --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-06 15:37:21   2,048   --s-a-w C:\WINDOWS\bootstat.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2008-01-03 12:27    111968  --a------   C:\Program Files\AOL Search\AOLSearch.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76880005-92FE-4C25-BAE1-922339D74EFA}]
            C:\Program Files\Movie Maker\sazemaz83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-CEC4-75A487FD6484}]
2007-10-02 16:31    1909248 --a------   C:\PROGRA~1\mypoints\mypoints.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= "C:\PROGRA~1\mypoints\mypoints.dll" [2007-10-02 16:31 1909248]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= C:\PROGRA~1\mypoints\mypoints.dll [2007-10-02 16:31 1909248]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-28 17:28 50776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 18:34 249856]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-09 18:30 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16:05 16239616 C:\WINDOWS\RTHDCPL.EXE]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 18:14 237568]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-04-09 18:30 214560]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"PCDrProfiler"="" []
"OWCWebCamDV"="C:\WINDOWS\system\wcdvtray.exe" [2004-05-20 08:59 1056768]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [ ]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"HostManager"="C:\Program Files\Common Files\AOL\1165269803\ee\AOLSoftware.exe" [2006-09-25 20:52 50736]
"ftutil2"="ftutil2.dll" [2004-06-07 10:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 16:56 64512]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 05:05 90112]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50 71216]
"AOLAspSunset2"="C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="C:\PROGRA~1\AMERIC~1.0\AOL.exe" [2005-07-28 17:28 50776]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-08-19 17:55:11 27136]
PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-08-19 17:55:11 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\PROGRA~1\REPLAY~2\iac25_32.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^IMVU.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\IMVU.lnk
backup=C:\WINDOWS\pss\IMVU.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--a--c--- 2005-08-02 19:19 77312 C:\WINDOWS\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2005-07-28 17:28 50776 C:\Program Files\America Online 9.0\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
--a------ 2007-12-20 08:10 715888 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HyperIM]
C:\Program Files\HyperIM\HyperIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-09-19 21:48 455968 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-03-31 21:54 507904 C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"msfwsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1165269803\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Common Files\\AOL\\1165269803\\EE\\aolsoftware.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\iTunes\\iTunesHelper.exe"=
"C:\\Program Files\\America Online 9.0\\aol.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Rhapsody\\WiseUpd2.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 WebCamDV;WebCamDV DV to Webcam Converter;C:\WINDOWS\system32\DRIVERS\WebCamDV.sys [2004-05-11 06:27]
S3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;C:\WINDOWS\system32\drivers\wcdvaud.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2b12cf2-38af-11dc-a280-00038a000015}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-05-01 19:57:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-06-03 08:02:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exef/remind /LaunchPoint reminder /App C:\Program Files\Hewlett-Packard\Easy Internet signup\StartEIS.aml
"2008-05-06 07:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-05-06 11:37:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\America Online 9.0\waol.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Common Files\AOL\1165269803\EE\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\hp\KBD\kbd.exe
.
**************************************************************************
.
Completion time: 2008-05-06 11:48:39 - machine was rebooted
ComboFix-quarantined-files.txt  2008-05-06 15:48:25
ComboFix2.txt  2008-04-30 20:44:38

Pre-Run: 263,891,177,472 bytes free
Post-Run: 264,060,575,744 bytes free

348 --- E O F ---   2008-04-11 05:56:28

My apologies for the late reply. I never got the email notification :(.

Scan with HijackThis and then place a check next to all the following, if present:

O2 - BHO: (no name) - {76880005-92FE-4C25-BAE1-922339D74EFA} - C:\Program Files\Movie Maker\sazemaz83122.dll (file missing)

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)

Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.Once the files are downloaded click on Next
Click on Scan Settings and configure as follows: Scan using the following Anti-Virus database:Extended

Scan Options:Scan Archives
Scan Mail Bases


Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on:Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.