Need help with my Computer Freezing

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

" * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Double click on ComboFix.exe & follow the prompts.

• As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• 
  
  
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log for further review.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

* Additional information on A/V control HERE. * ComboFix is not intended for use with servers.

Hi Bugbatter is my ComboFix Log:

ComboFix 09-07-25.06 - Derek Calice 07/26/2009 11:41.1.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.573 [GMT -5:00]
Running from: c:\documents and settings\Derek Calice\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-1670889527
c:\documents and settings\Derek Calice\Application Data\wiaserva.log
C:\egtau.exe
C:\eughafh.exe
C:\iilhoh.exe
C:\jatpma.exe
C:\khkha.exe
C:\kpepb.exe
C:\mpktnpah.exe
c:\program files\Common Files\smbols~1
c:\temp\17o7
c:\temp\17o7\tmpTF.log
c:\temp\tn3
c:\windows\010112010146118114.dat
c:\windows\0101120101464849.dat
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Installer\5fc6c.msi
c:\windows\kb913800.exe
c:\windows\system32\ayfftwvn.ini
c:\windows\system32\bszip.dll
c:\windows\system32\curity~1
c:\windows\system32\ehvagkgg.ini
c:\windows\system32\HPXHQWFe.ini
c:\windows\system32\ikRAdcdd.ini
c:\windows\system32\qtwFffii.ini
c:\windows\system32\smpi1
c:\windows\system32\wbem\proquota.exe
C:\xcrashdump.dat

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CORE

(((((((((((((((((((((((((   Files Created from 2009-06-26 to 2009-07-26  )))))))))))))))))))))))))))))))
.

2009-07-26 16:47 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-24 00:12 . 2009-06-29 04:20 2653070 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe
2009-07-24 00:12 . 2009-07-24 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-07-24 00:12 . 2009-07-24 00:12 -------- d-----w- c:\program files\Uniblue
2009-07-24 00:10 . 2006-12-01 22:26 57856 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\Windows\winsxs\7z1v718o.6n8\mfcm80u.dll
2009-07-19 17:25 . 2009-07-19 17:31 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-19 16:46 . 2009-07-19 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-07-19 16:45 . 2009-07-19 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-19 16:42 . 2009-07-19 16:42 -------- d-----w- c:\documents and settings\Derek Calice\Application Data\AVG8
2009-07-19 06:33 . 2009-07-24 00:12 -------- d-----w- c:\documents and settings\Derek Calice\Application Data\Uniblue
2009-07-19 06:32 . 2009-06-29 04:55 2568250 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\Uniblue RegistryBooster.exe
2009-07-19 06:23 . 2008-08-26 16:48 99624 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\7390E4F0\6383BC9B\StartRegistryBooster.exe
2009-07-19 06:23 . 2008-08-26 16:48 757760 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\2B86F085\6383BC9B\UBVarRB.dll
2009-07-19 06:23 . 2008-08-26 16:48 6676480 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\4E45A1A4\6383BC9B\RegistryBooster.dll
2009-07-19 06:23 . 2008-08-26 16:48 497496 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\AF01B0B\6383BC9B\XceedZip.dll
2009-07-19 06:23 . 2008-08-26 16:48 413696 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\52CD59C9\6383BC9B\update.dll
2009-07-19 06:23 . 2008-08-26 16:48 2019624 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\7CE1607E\6383BC9B\RegistryBooster.exe
2009-07-19 06:23 . 2008-08-26 16:48 111912 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\65B92A91\6383BC9B\KillRBProcess.exe
2009-07-19 06:22 . 2009-07-19 06:32 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-07-19 05:34 . 2009-07-19 05:34 -------- d-----w- c:\program files\Trend Micro
2009-07-19 05:15 . 2009-07-19 05:15 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-07-19 05:14 . 2009-07-21 21:57 -------- d-----w- c:\program files\RegCure
2009-07-19 01:10 . 2009-07-22 22:16 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-19 00:42 . 2007-08-02 03:47 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-07-18 19:44 . 2009-07-18 19:44 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-18 14:16 . 2009-07-18 21:39 -------- d-----w- c:\program files\iTunes(3)
2009-07-17 01:51 . 2009-07-19 00:16 -------- d-----w- c:\program files\iTunes
2009-07-17 01:45 . 2009-07-17 01:45 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-14 21:51 . 2009-07-14 21:51 491008 ----a-w- c:\documents and settings\Derek Calice\Application Data\lsas.exe
2009-07-05 13:31 . 2004-08-10 10:00 5632 ----a-w- c:\windows\system32\kbdusa.dll
2009-07-05 13:31 . 2004-08-10 10:00 5632 ----a-w- c:\windows\system32\dllcache\kbdusa.dll
2009-07-05 13:31 . 2004-08-10 10:00 6144 ----a-w- c:\windows\system32\ftlx041e.dll
2009-07-05 13:31 . 2004-08-10 10:00 6144 ----a-w- c:\windows\system32\dllcache\ftlx041e.dll
2009-07-05 00:37 . 2009-07-09 20:51 192 ----a-w- c:\windows\567788.bat

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-26 16:18 . 2008-11-12 05:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-24 00:16 . 2005-11-03 22:56 -------- d-----w- c:\documents and settings\Derek Calice\Application Data\Azureus
2009-07-24 00:12 . 2009-07-24 00:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-07-23 04:03 . 2008-09-29 22:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-23 04:03 . 2007-05-17 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-19 00:16 . 2007-08-07 07:07 -------- d-----w- c:\program files\Common Files\Apple
2009-07-17 01:51 . 2005-12-04 15:43 -------- d-----w- c:\program files\iPod
2009-07-17 01:26 . 2007-05-22 21:52 -------- d-----w- c:\documents and settings\Derek Calice\Application Data\LimeWire
2009-07-12 22:32 . 2005-11-03 04:46 -------- d-----w- c:\program files\Lx_cats
2009-07-04 21:00 . 2006-04-22 18:30 -------- d-----w- c:\program files\Ares
2009-07-02 01:15 . 2005-11-03 22:52 -------- d-----w- c:\program files\Azureus
2009-06-26 04:50 . 2005-10-29 06:11 93512 -c--a-w- c:\documents and settings\Derek Calice\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-25 22:27 . 2009-06-25 22:27 488960 ----a-w- c:\documents and settings\Derek Calice\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv302-0811070-0-main.dll
2009-06-25 22:27 . 2009-06-25 22:27 319488 ----a-w- c:\documents and settings\Derek Calice\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
2009-06-24 05:14 . 2009-06-21 22:30 8673792 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2009-06-24 05:13 . 2009-06-24 05:13 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2009-06-24 05:01 . 2009-06-24 05:01 -------- d-----w- c:\program files\MSBuild
2009-06-24 05:01 . 2009-06-24 05:01 -------- d-----w- c:\program files\Reference Assemblies
2009-06-21 23:30 . 2009-06-21 22:30 -------- d-----w- c:\program files\Linksys
2009-06-21 23:00 . 2009-06-21 23:00 -------- d-----w- c:\program files\Pure Networks
2009-06-21 22:59 . 2009-06-21 22:59 -------- d-----w- c:\program files\WebEx
2009-06-21 22:35 . 2009-06-21 22:35 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-21 22:35 . 2009-06-21 22:35 -------- d-----w- c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster
2009-06-21 22:35 . 2005-10-26 13:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-21 22:33 . 2009-06-21 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2009-06-16 14:36 . 2004-08-19 20:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-19 20:49 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-08 04:27 . 2006-04-14 02:31 -------- d-----w- c:\program files\QuickTime
2009-06-08 04:23 . 2007-08-06 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-03 19:09 . 2004-08-19 20:49 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 18:36 . 2009-03-18 02:06 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 18:36 . 2007-08-07 07:07 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-13 05:15 . 2004-08-19 20:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 01:25 . 2009-01-12 02:07 10684866 ----a-w- c:\documents and settings\Derek Calice\Application Data\Azureus\plugins\azump\mplayer.exe
2009-05-07 15:32 . 2004-08-19 20:49 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 19:59 . 2009-05-04 19:59 2648 --sh--w- c:\windows\system32\witupibi.dll
2009-05-04 19:59 . 2009-05-04 19:59 2648 --sh--w- c:\windows\system32\tolonebu.dll
2009-05-04 07:59 . 2009-05-04 07:59 2648 --sh--w- c:\windows\system32\yumapapa.dll
2009-05-04 07:59 . 2009-05-04 07:59 2648 --sh--w- c:\windows\system32\wezufeva.dll
2009-05-04 07:59 . 2009-05-04 07:59 2642 --sh--w- c:\windows\system32\moyizolu.dll
2009-05-03 19:58 . 2009-05-03 19:58 2648 --sh--w- c:\windows\system32\nilajezu.dll
2009-05-03 19:58 . 2009-05-03 19:58 2648 --sh--w- c:\windows\system32\koveseye.dll
2009-05-03 19:58 . 2009-05-03 19:58 2641 --sh--w- c:\windows\system32\tidadosa.dll
2009-05-03 07:58 . 2009-05-03 07:58 2648 --sh--w- c:\windows\system32\wazomotu.dll
2009-05-03 07:58 . 2009-05-03 07:58 2642 --sh--w- c:\windows\system32\nujorohu.dll
2009-05-03 07:58 . 2009-05-03 07:58 2648 --sh--w- c:\windows\system32\joneyoyi.dll
2009-05-02 19:59 . 2009-05-02 19:59 2648 --sh--w- c:\windows\system32\sufamoku.dll
2009-05-02 19:59 . 2009-05-02 19:59 2648 --sh--w- c:\windows\system32\sabifabo.dll
2009-05-02 19:59 . 2009-05-02 19:59 2648 --sh--w- c:\windows\system32\lewubobe.exe
2008-11-12 02:50 . 2008-11-12 02:50 12537 -c--a-w- c:\program files\Common Files\pivemad._sy
2003-06-09 07:58 . 2005-11-04 11:48 1210 -c--a-w- c:\program files\changelog
2003-06-09 07:55 . 2005-11-04 11:48 1096342 -c--a-w- c:\program files\credits.exe
2003-06-09 07:48 . 2005-11-04 11:48 686080 -c--a-w- c:\program files\vcdgear.exe
2005-07-14 18:31 . 2006-05-24 16:37 27648 --sha-w- c:\windows\system32\AVSredirect.dll
2005-06-22 05:37 . 2006-05-24 17:37 45568 --sha-r- c:\windows\system32\cygz.dll
2009-04-21 16:39 . 2005-10-29 13:30 104 --sh--r- c:\windows\system32\F4F8169F3D.sys
2009-04-21 16:39 . 2005-10-29 13:30 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-02-21 192512]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-01-20 299008]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-12-19 180269]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-12-14 467240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

c:\documents and settings\Derek Calice\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0c:\docume~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.exe \??\c:\docume~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.dat

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\KAV\\kis7.0\\english\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

S0 klick;klick;c:\windows\system32\Drivers\klick.sys --> c:\windows\system32\Drivers\klick.sys [?]
S0 klin;klin;c:\windows\system32\Drivers\klin.sys --> c:\windows\system32\Drivers\klin.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/21/2009 3:34 PM 38496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ    QWAVE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-07 13:18]

2009-07-26 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-07-26 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-07-23 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
.
- - - - ORPHANS REMOVED - - - -

BHO-{120DBFC6-9D80-4B34-9DE9-B029BBF0BE24} - (no file)
BHO-{A0369B3C-55DF-0875-FD4D-7FA291CA4B97} - (no file)
BHO-{AC547E2F-BC8E-45C4-BFD7-A22F8712DC7C} - (no file)
BHO-{b447ca80-0edf-4542-a62b-6c365a458a7f} - (no file)
BHO-{DCE17CB4-8005-4C77-BF51-2940464C4EF7} - (no file)
Notify-efcCULCs - efcCULCs.dll
Notify-qoMeCTmM - qoMeCTmM.dll
Notify-tuvSkhfc - tuvSkhfc.dll

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cox.net/
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: musicmatch.com\online
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://www3.authentium.com/cssrelease/bin/wizard.exe
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-26 11:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3772)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\ehome\RMSvc.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
c:\windows\ehome\McrdSvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\lxcccoms.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-26 11:56 - machine was rebooted
ComboFix-quarantined-files.txt  2009-07-26 16:56

Pre-Run: 66,061,717,504 bytes free
Post-Run: 66,465,001,472 bytes free

263 --- E O F --- 2009-07-19 00:20

And here is the new HiJackThis Log:

Scan saved at 12:07:28 PM, on 7/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authentium.com/cssrelease/bin/wizard.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

I suspect that it was those P2P's that got you into trouble. :emotion-3:

I am reviewing your logs. In the meantime, you can help me by addressing the following:

* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly.

* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE.

* If you are using any P2P (file sharing) programs, please remove them before we continue cleaning your computer.  The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list HERE.    

* Please print or copy all further instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. It is understood by the trained analysts that once a helper replies to a log, he continues working with you until the issue is resolved.

* During the course of our cleanup please do not do any additional online work or surfing until we have verified that your system is clean.

* We may be using some additional specialized tools during the rest of our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.

I will need to see some additional information about what is happening in your machine.

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool.
• Click Yes at the prompt for Optional Scan.
• When done, DDS will open two (2) logs

• 1. DDS.txt
  2. Attach.txt

• Save both reports to your desktop.
• Copy/paste both logs to your reply on the forum.
• Close the program window, and delete the program from your desktop.

• Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.

  Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log at the top of this board to start a new forum topic.

   

BugBatter, here are the DDS Logs:

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/29/2005 12:40:07 AM
System Uptime: 7/26/2009 2:21:38 PM (0 hours ago)

Motherboard: Dell Inc.           |  | 0RD203
Processor:               Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 144 GiB total, 61.909 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1335: 5/21/2009 6:57:27 AM - System Checkpoint
RP1336: 5/22/2009 7:31:19 AM - System Checkpoint
RP1337: 5/23/2009 8:31:18 AM - System Checkpoint
RP1338: 5/24/2009 9:31:19 AM - System Checkpoint
RP1339: 5/25/2009 10:31:20 AM - System Checkpoint
RP1340: 5/26/2009 10:50:17 AM - System Checkpoint
RP1341: 5/27/2009 11:31:22 AM - System Checkpoint
RP1342: 5/28/2009 12:00:30 PM - System Checkpoint
RP1343: 5/29/2009 12:53:33 PM - System Checkpoint
RP1344: 5/30/2009 1:53:32 PM - System Checkpoint
RP1345: 5/31/2009 2:53:33 PM - System Checkpoint
RP1346: 6/1/2009 3:53:34 PM - System Checkpoint
RP1347: 6/2/2009 5:02:29 PM - System Checkpoint
RP1348: 6/3/2009 6:38:53 PM - System Checkpoint
RP1349: 6/4/2009 6:55:22 PM - System Checkpoint
RP1350: 6/5/2009 7:07:20 PM - System Checkpoint
RP1351: 6/6/2009 8:24:23 PM - System Checkpoint
RP1352: 6/7/2009 9:55:53 PM - System Checkpoint
RP1353: 6/7/2009 10:54:40 PM - Software Distribution Service 3.0
RP1354: 6/8/2009 11:31:15 PM - System Checkpoint
RP1355: 6/9/2009 11:44:58 PM - System Checkpoint
RP1356: 6/10/2009 11:56:01 PM - System Checkpoint
RP1357: 6/12/2009 12:31:19 AM - System Checkpoint
RP1358: 6/12/2009 3:00:39 AM - Software Distribution Service 3.0
RP1359: 6/13/2009 3:17:25 AM - System Checkpoint
RP1360: 6/14/2009 4:17:24 AM - System Checkpoint
RP1361: 6/15/2009 5:17:23 AM - System Checkpoint
RP1362: 6/16/2009 6:17:24 AM - System Checkpoint
RP1363: 6/17/2009 7:17:27 AM - System Checkpoint
RP1364: 6/18/2009 7:26:34 AM - System Checkpoint
RP1365: 6/19/2009 8:17:30 AM - System Checkpoint
RP1366: 6/20/2009 8:19:21 AM - System Checkpoint
RP1367: 6/21/2009 9:24:25 AM - System Checkpoint
RP1368: 6/21/2009 5:35:17 PM - Installed Linksys Wireless-G PCI Network Adapter with SpeedBoost
RP1369: 6/22/2009 8:24:46 PM - System Checkpoint
RP1370: 6/23/2009 8:28:26 PM - System Checkpoint
RP1371: 6/23/2009 11:53:03 PM - Software Distribution Service 3.0
RP1372: 6/24/2009 12:16:15 AM - Installed Cisco Network Magic
RP1373: 6/24/2009 12:32:28 AM - Printer Driver Microsoft XPS Document Writer Installed
RP1374: 6/24/2009 3:00:29 AM - Software Distribution Service 3.0
RP1375: 6/25/2009 3:21:11 AM - System Checkpoint
RP1376: 6/26/2009 4:21:14 AM - System Checkpoint
RP1377: 6/27/2009 4:35:33 AM - System Checkpoint
RP1378: 6/28/2009 4:36:02 AM - System Checkpoint
RP1379: 6/29/2009 5:26:23 AM - System Checkpoint
RP1380: 6/30/2009 5:53:12 AM - System Checkpoint
RP1381: 7/1/2009 6:36:10 AM - System Checkpoint
RP1382: 7/2/2009 7:28:23 AM - System Checkpoint
RP1383: 7/3/2009 8:28:22 AM - System Checkpoint
RP1384: 7/4/2009 9:07:30 AM - System Checkpoint
RP1385: 7/5/2009 11:45:19 AM - System Checkpoint
RP1386: 7/6/2009 12:12:04 PM - System Checkpoint
RP1387: 7/7/2009 1:12:03 PM - System Checkpoint
RP1388: 7/8/2009 2:12:07 PM - System Checkpoint
RP1389: 7/9/2009 5:18:26 PM - System Checkpoint
RP1390: 7/10/2009 6:52:39 PM - System Checkpoint
RP1391: 7/11/2009 7:09:12 PM - System Checkpoint
RP1392: 7/12/2009 9:38:57 PM - System Checkpoint
RP1393: 7/14/2009 12:19:47 AM - System Checkpoint
RP1394: 7/15/2009 2:29:56 AM - System Checkpoint
RP1395: 7/15/2009 3:00:33 AM - Software Distribution Service 3.0
RP1396: 7/16/2009 3:16:07 AM - System Checkpoint
RP1397: 7/17/2009 3:58:37 AM - System Checkpoint
RP1398: 7/18/2009 7:15:05 AM - Restore Operation
RP1399: 7/18/2009 8:17:05 AM - Removed Kaspersky Internet Security 2009.
RP1400: 7/18/2009 8:17:13 AM - Removed Kaspersky Internet Security 2009.
RP1401: 7/18/2009 8:28:47 AM - Installed Kaspersky Internet Security 2009.
RP1402: 7/18/2009 8:45:08 AM - Removed Kaspersky Internet Security 2009.
RP1403: 7/18/2009 8:45:15 AM - Removed Kaspersky Internet Security 2009.
RP1404: 7/18/2009 9:09:07 AM - Restore Operation
RP1405: 7/18/2009 2:39:35 PM - Restore Operation
RP1406: 7/18/2009 7:20:47 PM - Removed Kaspersky Internet Security 2009.
RP1407: 7/18/2009 4:29:55 PM - Restore Operation
RP1408: 7/18/2009 7:09:49 PM - Restore Operation
RP1409: 7/18/2009 7:18:53 PM - Restore Operation
RP1410: 7/18/2009 7:20:11 PM - Software Distribution Service 3.0
RP1411: 7/19/2009 10:51:03 AM - Removed Kaspersky Internet Security 2009.
RP1412: 7/19/2009 11:17:16 AM - Removed Kaspersky Internet Security 2009.
RP1413: 7/19/2009 11:17:24 AM - Removed Kaspersky Internet Security 2009.
RP1414: 7/22/2009 11:03:41 PM - Installed Kaspersky Internet Security 2009.
RP1415: 7/23/2009 7:12:21 PM - Removed Kaspersky Internet Security 2009.
RP1416: 7/23/2009 7:11:37 PM - Installed Uniblue DriverScanner v1.0
RP1417: 7/23/2009 9:41:57 PM - Removed Kaspersky Internet Security 2009.
RP1418: 7/26/2009 11:22:37 AM - ComboFix created restore point

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint Plus
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.8
Adobe Shockwave Player 11
Amazing Windows XP Screen Saver 1.2
Anark Client 1.0
AOLIcon
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Authentium Web Install Helper
Azureus
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
Cisco Network Magic
CopySafe Plugin
Corel Photo Album 6
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell System Restore
DellSupport
Digital Content Portal
Easy CD Creator 5 Platinum
EducateU
ESPNMotion
EZ-DJ Plus
First Step Guide
GemMaster Mystic
Get High Speed Internet!
Google Earth
Google Updater
HijackThis 2.0.2
Holiday Snowflakes Screen Saver 1.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
ImageMixer EasyStepDVD
Intel(R) 537EP V9x DF PCI Modem
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
iPod for Windows 2005-03-23
iPodCopy
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Mega Codec Pack 1.45
Learn2 Player (Uninstall Only)
Lexmark 3300 Series
Lexmark Fax Solutions
Linksys Wireless-G PCI Network Adapter with SpeedBooster
Macromedia Flash Player
Malwarebytes' Anti-Malware
Media Center Extender
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Theme Ontario
MobileMe Control Panel
Modem Event Monitor
Modem Helper
Modem On Hold
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
MyWay Search Assistant
Network Magic
NILE THEME
Octoshape add-in for Adobe Flash Player
Otto
Palm Desktop and Synchronization Software
palmOne
PowerDVD 5.9
Pure Networks Platform
Qualxserve Service Agreement
QuickBooks Simple Start Special Edition
QuickTime
RealPlayer
RegCure 1.6.0.0
Replay Converter 2.31
Replay Media Catcher
Roxio DLA
Roxio Express Labeler
Roxio MyDVD
Roxio MyDVD Premier 8
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Roxio Simple Backup
Roxio Update Manager
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Shockwave
Sonic Encoders
Time Zone Data Update Tool for Microsoft Office Outlook
Total Video Converter 3.10
Trivial Pursuit® Handheld Edition for Palm OS
Uniblue DriverScanner 2009
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Virtual DJ - Atomix Productions
WavePad Uninstall
WebCyberCoach 3.2 Dell
WebEx Support Manager for Internet Explorer
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Media Center Edition 2005 KB895198
Windows XP Media Center Edition 2005 KB914548
Windows XP Service Pack 3
Windows XP Winter Fun Pack Screensavers
WinRAR archiver
WordPerfect Office 12

==== Event Viewer Messages From Past Week ========

7/26/2009 11:35:06 AM, error: Service Control Manager [7023]  - The Automatic Updates service terminated with the following error:  The specified module could not be found.
7/26/2009 11:35:06 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
7/23/2009 9:42:10 PM, error: Service Control Manager [7034]  - The Kaspersky Internet Security service terminated unexpectedly.  It has done this 9 time(s).
7/23/2009 9:40:55 PM, error: Service Control Manager [7034]  - The Kaspersky Internet Security service terminated unexpectedly.  It has done this 8 time(s).
7/23/2009 9:40:42 PM, error: Service Control Manager [7034]  - The Kaspersky Internet Security service terminated unexpectedly.  It has done this 7 time(s).
7/23/2009 9:40:17 PM, error: Service Control Manager [7034]  - The Kaspersky Internet Security service terminated unexpectedly.  It has done this 6 time(s).
7/23/2009 9:39:54 PM, error: Service Control Manager [7034]  - The Kaspersky Internet Security service terminated unexpectedly.  It has done this 5 time(s).
7/23/2009 9:39:41 PM, error: Service Control Manager [7034]  - The Kaspersky Internet Security service terminated unexpectedly.  It has done this 4 time(s).
7/23/2009 9:39:09 PM, error: Service Control Manager [7034]  - The Kaspersky Internet Security service terminated unexpectedly.  It has done this 3 time(s).
7/23/2009 9:38:56 PM, error: Service Control Manager [7034]  - The Kaspersky Internet Security service terminated unexpectedly.  It has done this 2 time(s).
7/23/2009 9:38:42 PM, error: Service Control Manager [7034]  - The Kaspersky Internet Security service terminated unexpectedly.  It has done this 1 time(s).
7/23/2009 4:03:27 PM, error: Dhcp [1002]  - The IP address lease 192.168.1.102 for the Network Card with network address 00123FA7ED64 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
7/23/2009 3:32:50 PM, error: DCOM [10005]  - DCOM got error "%1055" attempting to start the service lxcc_device with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441066}
7/23/2009 3:32:50 PM, error: DCOM [10005]  - DCOM got error "%1055" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
7/22/2009 5:48:30 PM, error: Service Control Manager [7000]  - The AVG8 WatchDog service failed to start due to the following error:  The system cannot find the path specified.
7/22/2009 4:45:50 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AVG Anti-Rootkit AvgArCln AvgLdx86 AvgMfx86 Fips intelppm klick klin
7/21/2009 6:08:51 PM, error: Dhcp [1002]  - The IP address lease 192.168.1.101 for the Network Card with network address 00123FA7ED64 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
7/21/2009 5:28:09 PM, error: Dhcp [1002]  - The IP address lease 192.168.1.103 for the Network Card with network address 00123FA7ED64 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
7/19/2009 9:07:31 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AVG Anti-Rootkit AvgArCln Fips intelppm KL1 klbg klick KLIF klin
7/19/2009 12:13:41 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AVG Anti-Rootkit AvgArCln Fips intelppm klick klin
7/19/2009 11:20:32 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AVG Anti-Rootkit AvgArCln klick klin
7/19/2009 11:14:55 AM, error: Service Control Manager [7034]  - The COM+ System Application service terminated unexpectedly.  It has done this 3 time(s).
7/19/2009 11:14:47 AM, error: Service Control Manager [7031]  - The COM+ System Application service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
7/19/2009 11:14:44 AM, error: Service Control Manager [7031]  - The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
7/19/2009 10:53:11 AM, error: Service Control Manager [7031]  - The Kaspersky Internet Security service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
7/19/2009 10:53:11 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Kaspersky Internet Security service to connect.
7/19/2009 10:53:11 AM, error: Service Control Manager [7000]  - The Kaspersky Internet Security service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/19/2009 10:21:47 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/19/2009 10:20:40 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/19/2009 10:20:14 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/19/2009 10:17:59 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/19/2009 10:16:48 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
7/19/2009 10:14:52 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AVG Anti-Rootkit AvgArCln Fips intelppm IPSec KL1 klbg klick KLIF klin MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
7/19/2009 10:14:52 AM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
7/19/2009 10:14:52 AM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/19/2009 10:14:52 AM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
7/19/2009 10:14:52 AM, error: Service Control Manager [7001]  - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/19/2009 10:14:52 AM, error: Service Control Manager [7001]  - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/19/2009 10:07:11 AM, error: Dhcp [1002]  - The IP address lease 192.168.1.110 for the Network Card with network address 00123FA7ED64 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
7/19/2009 10:06:58 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AVG Anti-Rootkit AvgArCln AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec klick klin MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
7/19/2009 10:06:58 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.

==== End Of File ===========================

DDS.txt

DDS (Ver_09-06-26.01) - NTFSx86 
Run by Derek Calice at 14:32:58.68 on Sun 07/26/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.483 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\ehome\RMSvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Derek Calice\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.cox.net/
uInternet Connection Wizard,ShellNext = iexplore
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {120DBFC6-9D80-4B34-9DE9-B029BBF0BE24} - No File
BHO: {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {A0369B3C-55DF-0875-FD4D-7FA291CA4B97} - No File
BHO: {AC547E2F-BC8E-45C4-BFD7-A22F8712DC7C} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: {b447ca80-0edf-4542-a62b-6c365a458a7f} - No File
BHO: {DCE17CB4-8005-4C77-BF51-2940464C4EF7} - No File
TB: {2C0A5F28-48D8-408B-9172-9C6121025BCE} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [LXCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCCtime.dll,_RunDLLEntry@16
mRun: [lxccmon.exe] "c:\program files\lexmark 3300 series\lxccmon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\derekc~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: musicmatch.com\online
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://www3.authentium.com/cssrelease/bin/wizard.exe
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: efcCULCs - efcCULCs.dll
Notify: qoMeCTmM - qoMeCTmM.dll
Notify: tuvSkhfc - tuvSkhfc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
S0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys --> c:\windows\system32\drivers\avgarkt.sys [?]
S0 klick;klick;c:\windows\system32\drivers\klick.sys --> c:\windows\system32\drivers\klick.sys [?]
S0 klin;klin;c:\windows\system32\drivers\klin.sys --> c:\windows\system32\drivers\klin.sys [?]
S1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\avgarcln.sys --> c:\windows\system32\drivers\AvgArCln.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-21 38496]

=============== Created Last 30 ================

2009-07-26 11:55 

Please uninstall Azureus. Let me know after you have done that, so I can continue cleaning by writing some script for you to run.

Hey Bug, I had a death in my family so I had to leave home, but before I left I uninstalled Azures. I'm using a friend's laptop right now but please continue with the your help.

Sorry to hear about the death in your family.  Let me know when you are back on your computer so we can continue.

Thanks Bug for your concern and for you showing patience, I'm back at home and ready to follow your instructions. Again, all crack, P2P, and torrent stuff has been removed.

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open.
  Please post the contents of both log.txt (will be maximized) and info.txt (will be minimized)

Here are the logs Bugbatter

info.txt logfile of random's system information tool 1.06 2009-07-27 15:33:18

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Motorola Inc.\Motorola USB Modem Installation\Uninst.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Motorola\iDEN WebJAL\Uninst.isu"
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {60E971B7-51A0-48CA-8687-C6B8F094A409}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /I{7FD9FD10-9F7F-4DDF-B9F0-911209FF0CEA}
-->MsiExec.exe /I{EB748B9B-F872-4E95-98E8-5CA7E5425DAF}
-->MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
-->MsiExec.exe /X{1359D6D8-B1F0-4335-AE79-49CD2AF8EA26}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint Plus-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Amazing Windows XP Screen Saver 1.2-->C:\WINDOWS\unins001.exe
Anark Client 1.0-->C:\Program Files\Anark\Client\AMInstal.exe -uninstall
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Authentium Web Install Helper-->RunDll32 setupapi.dll,InstallHinfSection RemoveFiles 9 AuthUninstall.inf
Azureus-->C:\Program Files\Azureus\Uninstall.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CopySafe Plugin-->C:\PROGRA~1\Copysafe\UNWISE.EXE C:\PROGRA~1\Copysafe\INSTALL.LOG
Corel Photo Album 6-->MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Easy CD Creator 5 Platinum-->MsiExec.exe /I{8851E12C-0EF9-11D4-A788-009027ABA5D0}
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
EZ-DJ Plus-->C:\WINDOWS\unvise32.exe C:\Program Files\Shockwave.com\EZ-DJ Plus\data\uninstal.log
First Step Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12872B4E-90F7-44E5-B1AA-D13AFEC8618B}\setup.exe" -l0x9 UNINSTALL
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Get High Speed Internet!-->MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Holiday Snowflakes Screen Saver 1.2-->C:\WINDOWS\unins000.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
ImageMixer EasyStepDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32C32B46-41C3-438F-94F6-55FE150D50D8}\setup.exe" -l0x9 UNINSTALL
Intel(R) 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iPod for Windows 2005-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iPodCopy-->MsiExec.exe /I{7C3AAACD-403E-4E4B-88ED-8326E5FC5F2C}
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Mega Codec Pack 1.45-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark 3300 Series-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxccUNST.EXE -NOLICENSE
Lexmark Fax Solutions-->C:\Program Files\Lexmark Fax Solutions\Install\Uninst.exe
Linksys Wireless-G PCI Network Adapter with SpeedBooster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAE4A00B-D290-4B65-8287-B82A80FC0619}\setup.exe" -l0x9
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Center Extender-->c:\WINDOWS\eHome\DvcConn.exe /uninstall
Media Center Extender-->MsiExec.exe /I{23FE964A-853B-4176-86D7-9E18B5CA1FC0}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Theme Ontario-->MsiExec.exe /X{9757283E-3FCA-4F3D-9257-928859318E55}
MobileMe Control Panel-->MsiExec.exe /I{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}
Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9  -uninst
MyWay Search Assistant-->MsiExec.exe /X{E7559288-223B-453C-9F06-340E3BE21E39}
Network Magic-->C:\Documents and Settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe /uninstall
NILE THEME-->MsiExec.exe /X{B19C841C-D60A-462F-AB86-4FDD51A77FA3}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Palm Desktop and Synchronization Software-->MsiExec.exe /X{13EDFFFE-DCF2-448A-A653-3C4CD60D99B4}
palmOne-->MsiExec.exe /X{E434580A-2D4A-4433-A81E-4BCAE86AD148}
PowerDVD 5.9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"  -uninstall
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickBooks Simple Start Special Edition-->msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegCure 1.6.0.0-->C:\Program Files\RegCure\uninst.exe
Replay Converter 2.31-->C:\WINDOWS\iun6002.exe "C:\Program Files\Replay Converter\irunin.ini"
Replay Media Catcher-->C:\PROGRA~1\REPLAY~1\UNWISE.EXE C:\PROGRA~1\REPLAY~1\INSTALL.LOG
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Premier 8-->MsiExec.exe /I{8F0A7DCB-D605-4890-B842-D5480F3B9232}
Roxio MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Roxio Simple Backup-->MsiExec.exe /I{60E971B7-51A0-48CA-8687-C6B8F094A409}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Time Zone Data Update Tool for Microsoft Office Outlook-->MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
Total Video Converter 3.10-->"C:\Program Files\Total Video Converter\unins000.exe"
Trivial Pursuit® Handheld Edition for Palm OS-->C:\WINDOWS\unvise32.exe C:\Program Files\Handmark\Trivial Pursuit for Palm OS\uninstal.log
Uniblue DriverScanner 2009-->"C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue DriverScanner 2009-->C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~3\UNWISE.EXE C:\PROGRA~1\VIRTUA~3\INSTALL.LOG
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg  "enginecf.inf,RealUninstallSection,,4"
WebEx Support Manager for Internet Explorer-->MsiExec.exe /I{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB914548-->"C:\WINDOWS\$NtUninstallKB914548$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows XP Winter Fun Pack Screensavers-->MsiExec.exe /I{27D0C7AB-59F1-4D4D-A0BB-05A31AC919EA}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}

=====HijackThis Backups=====

O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing) [2009-07-22]

======System event log======

Computer Name: 9WARD
Event Code: 7031
Message: The Kaspersky Internet Security service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Record Number: 61420
Source Name: Service Control Manager
Time Written: 20090718083205.000000-300
Event Type: error
User:

Computer Name: 9WARD
Event Code: 7034
Message: The COM+ System Application service terminated unexpectedly.  It has done this 3 time(s).

Record Number: 61403
Source Name: Service Control Manager
Time Written: 20090718082821.000000-300
Event Type: error
User:

Computer Name: 9WARD
Event Code: 7031
Message: The COM+ System Application service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Record Number: 61400
Source Name: Service Control Manager
Time Written: 20090718082815.000000-300
Event Type: error
User:

Computer Name: 9WARD
Event Code: 7031
Message: The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Record Number: 61398
Source Name: Service Control Manager
Time Written: 20090718082814.000000-300
Event Type: error
User:

Computer Name: 9WARD
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
AVG Anti-Rootkit
AvgArCln
klick
klin

Record Number: 61384
Source Name: Service Control Manager
Time Written: 20090718082811.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: 9WARD
Event Code: 0
Message: Configuration section system.serviceModel.activation already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 51624
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090624000741.000000-300
Event Type: warning
User:

Computer Name: 9WARD
Event Code: 0
Message: Configuration section system.runtime.serialization already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 51623
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090624000741.000000-300
Event Type: warning
User:

Computer Name: 9WARD
Event Code: 0
Message: Configuration section system.serviceModel already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 51622
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090624000741.000000-300
Event Type: warning
User:

Computer Name: 9WARD
Event Code: 0
Message: Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly.
If you believe this message is an error, check your IIS installation to make sure it is installed properly.

Record Number: 51620
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090624000739.000000-300
Event Type: warning
User:

Computer Name: 9WARD
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 51610
Source Name: ASP.NET 2.0.50727.0
Time Written: 20090624000640.000000-300
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\Roxio Central\
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Derek Calice at 2009-07-27 15:46:47
Microsoft Windows XP Professional Service Pack 3
System drive C: has 71 GB (48%) free of 148 GB
Total RAM: 1022 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:48 PM, on 7/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Derek Calice\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Derek Calice.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {120DBFC6-9D80-4B34-9DE9-B029BBF0BE24} - (no file)
O2 - BHO: (no name) - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {A0369B3C-55DF-0875-FD4D-7FA291CA4B97} - (no file)
O2 - BHO: (no name) - {AC547E2F-BC8E-45C4-BFD7-A22F8712DC7C} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: {f55f} - {b447ca80-0edf-4542-a62b-6c365a458a7f} - (no file)
O2 - BHO: (no name) - {DCE17CB4-8005-4C77-BF51-2940464C4EF7} - (no file)
O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authentium.com/cssrelease/bin/wizard.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O20 - Winlogon Notify: efcCULCs - efcCULCs.dll (file missing)
O20 - Winlogon Notify: qoMeCTmM - qoMeCTmM.dll (file missing)
O20 - Winlogon Notify: tuvSkhfc - tuvSkhfc.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 8686 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure Startup.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{120DBFC6-9D80-4B34-9DE9-B029BBF0BE24}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C7195F6-D788-4D50-BA72-2EE212EDAC78}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A0369B3C-55DF-0875-FD4D-7FA291CA4B97}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC547E2F-BC8E-45C4-BFD7-A22F8712DC7C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-22 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b447ca80-0edf-4542-a62b-6c365a458a7f}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DCE17CB4-8005-4C77-BF51-2940464C4EF7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2C0A5F28-48D8-408B-9172-9C6121025BCE}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"LXCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16 []
"lxccmon.exe"=C:\Program Files\Lexmark 3300 Series\lxccmon.exe [2005-02-21 192512]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2005-01-19 299008]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2006-04-06 49152]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-06-10 249856]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-12-19 180269]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]
"MMTray"=C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [2005-09-08 110592]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-12-12 642856]
"nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2008-12-14 467240]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

C:\Documents and Settings\Derek Calice\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcCULCs]
efcCULCs.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoMeCTmM]
qoMeCTmM.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvSkhfc]
tuvSkhfc.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\KAV\kis7.0\english\setup.exe"="C:\KAV\kis7.0\english\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup"
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English\setup.exe"="C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English\setup.exe:*:Enabled:Kaspersky Internet Security 2009 Setup"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe:*:Enabled:DVDLauncher"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-07-27 15:32:41 ----D---- C:\rsit
2009-07-26 13:20:46 ----SHD---- C:\RECYCLER
2009-07-26 11:56:14 ----A---- C:\ComboFix.txt
2009-07-26 11:47:18 ----A---- C:\WINDOWS\system32\proquota.exe
2009-07-26 11:23:40 ----A---- C:\Boot.bak
2009-07-26 11:23:28 ----RASHD---- C:\cmdcons
2009-07-26 11:22:06 ----A---- C:\WINDOWS\zip.exe
2009-07-26 11:22:06 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-07-26 11:22:06 ----A---- C:\WINDOWS\SWSC.exe
2009-07-26 11:22:06 ----A---- C:\WINDOWS\SWREG.exe
2009-07-26 11:22:06 ----A---- C:\WINDOWS\sed.exe
2009-07-26 11:22:06 ----A---- C:\WINDOWS\PEV.exe
2009-07-26 11:22:06 ----A---- C:\WINDOWS\NIRCMD.exe
2009-07-26 11:22:06 ----A---- C:\WINDOWS\grep.exe
2009-07-26 11:22:01 ----D---- C:\WINDOWS\ERDNT
2009-07-26 11:21:56 ----D---- C:\Qoobox
2009-07-23 19:12:31 ----D---- C:\Program Files\Uniblue
2009-07-23 19:12:31 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2009-07-23 19:11:37 ----HDC---- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-07-19 12:25:52 ----HD---- C:\$AVG8.VAULT$
2009-07-19 11:46:37 ----D---- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2009-07-19 11:45:50 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-07-19 11:42:40 ----D---- C:\Documents and Settings\Derek Calice\Application Data\AVG8
2009-07-19 10:13:20 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-19 09:48:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-19 01:33:01 ----D---- C:\Documents and Settings\Derek Calice\Application Data\Uniblue
2009-07-19 01:22:37 ----HDC---- C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-07-19 00:34:30 ----D---- C:\Program Files\Trend Micro
2009-07-19 00:15:04 ----D---- C:\Documents and Settings\All Users\Application Data\RegCure
2009-07-19 00:14:59 ----D---- C:\Program Files\RegCure
2009-07-18 09:16:59 ----D---- C:\Program Files\iTunes(3)
2009-07-16 20:51:23 ----D---- C:\Program Files\iTunes
2009-07-15 03:04:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 03:04:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 03:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-14 16:51:23 ----A---- C:\Documents and Settings\Derek Calice\Application Data\lsas.exe
2009-07-05 08:31:14 ----A---- C:\WINDOWS\system32\kbdusa.dll
2009-07-05 08:31:05 ----A---- C:\WINDOWS\system32\ftlx041e.dll
2009-07-04 19:37:23 ----A---- C:\WINDOWS\567788.bat

======List of files/folders modified in the last 1 months======

2009-07-27 15:45:56 ----D---- C:\WINDOWS\Temp
2009-07-27 15:39:11 ----D---- C:\WINDOWS\Registration
2009-07-27 15:38:44 ----A---- C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt
2009-07-27 15:38:41 ----SD---- C:\WINDOWS\Tasks
2009-07-27 15:38:36 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-27 15:38:31 ----D---- C:\WINDOWS
2009-07-27 15:28:33 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-07-26 20:21:58 ----D---- C:\Program Files
2009-07-26 11:56:17 ----D---- C:\WINDOWS\system32\drivers
2009-07-26 11:56:17 ----D---- C:\WINDOWS\system32
2009-07-26 11:50:34 ----A---- C:\WINDOWS\system.ini
2009-07-26 11:47:50 ----D---- C:\WINDOWS\system32\config
2009-07-26 11:47:24 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-07-26 11:47:04 ----D---- C:\Temp
2009-07-26 11:47:04 ----D---- C:\Program Files\Common Files
2009-07-26 11:47:03 ----D---- C:\WINDOWS\system32\wbem
2009-07-26 11:47:01 ----SHD---- C:\WINDOWS\Installer
2009-07-26 11:47:01 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-26 11:45:58 ----D---- C:\WINDOWS\AppPatch
2009-07-26 11:23:40 ----RASH---- C:\boot.ini
2009-07-26 11:21:56 ----D---- C:\WINDOWS\Prefetch
2009-07-23 22:42:20 ----D---- C:\Config.Msi
2009-07-23 21:42:30 ----HD---- C:\WINDOWS\inf
2009-07-23 19:16:29 ----D---- C:\Documents and Settings\Derek Calice\Application Data\Azureus
2009-07-22 23:03:08 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-22 16:44:17 ----SHD---- C:\WINDOWS\CSC
2009-07-19 22:14:32 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-19 00:28:23 ----D---- C:\WINDOWS\Debug
2009-07-18 19:54:59 ----D---- C:\Added Music
2009-07-18 19:16:47 ----D---- C:\Program Files\Common Files\Apple
2009-07-18 16:24:48 ----RSD---- C:\WINDOWS\Fonts
2009-07-18 14:50:19 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-16 20:51:27 ----D---- C:\Program Files\iPod
2009-07-16 20:47:57 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-16 20:26:07 ----D---- C:\Documents and Settings\Derek Calice\Application Data\LimeWire
2009-07-15 03:04:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-12 17:32:04 ----D---- C:\Program Files\Lx_cats
2009-07-07 10:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-05 08:31:03 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-12-02 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-12-02 23545]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-06-21 17801]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-12-23 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-12-12 23984]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-12-12 25264]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-02-25 25725]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-02-25 34845]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-02-25 4125]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-02-25 2241]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-02-25 86684]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-02-25 14877]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-02-25 6365]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-02-25 98716]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-02-25 100605]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 BCM43XX;Linksys Wireless-G PCI Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-22 369024]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-06 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-06 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-16 61157]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-06 37048]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-06-14 180864]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys []
S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 P2k;Motorola iDEN P2k Device; C:\WINDOWS\system32\DRIVERS\P2k.sys [2004-03-19 38912]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2006-05-25 16694]
S3 QWAVEDRV;QWAVE driver; C:\WINDOWS\system32\DRIVERS\qwavedrv.sys [2005-10-20 14336]
S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-05-29 39424]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-10-20 96256]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-12-12 642856]
R2 RMSvc;Media Center Extender Resource Monitor; C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 28160]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
R3 lxcc_device;lxcc_device; C:\WINDOWS\system32\lxcccoms.exe [2005-02-25 466944]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 183280]
S2 RoxLiveShare;LiveShare P2P Server; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe [2005-12-07 233472]
S2 RoxWatch;Roxio Hard Drive Watcher; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe [2005-12-07 155648]
S2 WMP54GSSVC;WMP54GSSVC; C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe [2004-02-06 41025]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 QWAVE;QWAVE service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 RoxMediaDB;RoxMediaDB; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe [2005-12-07 864256]

-----------------EOF-----------------

You will need to follow these instructions very carefully.
Disconnect from the internet....pull the plug!
Reboot the machine once.

[Important!}Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray.
Otherwise, they may interfere with running ComboFix.

Open Notepad and copy/paste the following text between the lines below. Do not copy the dotted lines.
 ** Make sure you copy/paste ALL the text at once. Do not try to edit extra spaces. It will copy correctly to Notepad if you highlight and copy as is.

-----------------------------------------------------------------------------------


DDS::
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670}-
BHO: {3C7195F6-D788-4D50-BA72-2EE212EDAC78}-
TB: {2C0A5F28-48D8-408B-9172-9C6121025BCE}-


File::
c:\windows\system32\witupibi.dll
c:\windows\system32\tolonebu.dll
c:\windows\system32\yumapapa.dll
c:\windows\system32\wezufeva.dll
c:\windows\system32\moyizolu.dll
c:\windows\system32\nilajezu.dll
c:\windows\system32\koveseye.dll
c:\windows\system32\tidadosa.dll
c:\windows\system32\wazomotu.dll
c:\windows\system32\nujorohu.dll
c:\windows\system32\joneyoyi.dll
c:\windows\system32\sufamoku.dll
c:\windows\system32\sabifabo.dll
c:\windows\system32\lewubobe.exe


Folder::
c:\Program Files\Azureus

----------------------------------------------------------------------------
Save this as CFScript.txt

Referring to the picture above, drag CFScript into ComboFix.exe You will be prompted to run Combofix again. Follow the same instructions you did before for running ComboFix. CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.
When finished, a log is produced here: C:\ComboFix.txt

If using the same computer, connect to the internet again.
In your next reply, please post that log along with a new HijackThis log.

Here is the ComboFix Log:

ComboFix 09-07-25.06 - Derek Calice 07/27/2009 19:23.2.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.578 [GMT -5:00]
Running from: c:\documents and settings\Derek Calice\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Derek Calice\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\joneyoyi.dll"
"c:\windows\system32\koveseye.dll"
"c:\windows\system32\lewubobe.exe"
"c:\windows\system32\moyizolu.dll"
"c:\windows\system32\nilajezu.dll"
"c:\windows\system32\nujorohu.dll"
"c:\windows\system32\sabifabo.dll"
"c:\windows\system32\sufamoku.dll"
"c:\windows\system32\tidadosa.dll"
"c:\windows\system32\tolonebu.dll"
"c:\windows\system32\wazomotu.dll"
"c:\windows\system32\wezufeva.dll"
"c:\windows\system32\witupibi.dll"
"c:\windows\system32\yumapapa.dll"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\joneyoyi.dll
c:\windows\system32\koveseye.dll
c:\windows\system32\lewubobe.exe
c:\windows\system32\moyizolu.dll
c:\windows\system32\nilajezu.dll
c:\windows\system32\nujorohu.dll
c:\windows\system32\sabifabo.dll
c:\windows\system32\sufamoku.dll
c:\windows\system32\tidadosa.dll
c:\windows\system32\tolonebu.dll
c:\windows\system32\wazomotu.dll
c:\windows\system32\wezufeva.dll
c:\windows\system32\witupibi.dll
c:\windows\system32\yumapapa.dll

.
(((((((((((((((((((((((((   Files Created from 2009-06-28 to 2009-07-28  )))))))))))))))))))))))))))))))
.

2009-07-27 20:32 . 2009-07-27 20:33 -------- d-----w- C:\rsit
2009-07-26 16:47 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-26 16:47 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-07-24 00:12 . 2009-06-29 04:20 2653070 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\DriverScanner_Setup.exe
2009-07-24 00:12 . 2009-07-24 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-07-24 00:12 . 2009-07-24 00:12 -------- d-----w- c:\program files\Uniblue
2009-07-24 00:10 . 2006-12-01 22:26 57856 -c--a-w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}\Windows\winsxs\7z1v718o.6n8\mfcm80u.dll
2009-07-19 17:25 . 2009-07-19 17:31 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-19 16:46 . 2009-07-19 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-07-19 16:45 . 2009-07-19 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-19 16:42 . 2009-07-19 16:42 -------- d-----w- c:\documents and settings\Derek Calice\Application Data\AVG8
2009-07-19 06:33 . 2009-07-24 00:12 -------- d-----w- c:\documents and settings\Derek Calice\Application Data\Uniblue
2009-07-19 06:32 . 2009-06-29 04:55 2568250 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\Uniblue RegistryBooster.exe
2009-07-19 06:23 . 2008-08-26 16:48 99624 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\7390E4F0\6383BC9B\StartRegistryBooster.exe
2009-07-19 06:23 . 2008-08-26 16:48 757760 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\2B86F085\6383BC9B\UBVarRB.dll
2009-07-19 06:23 . 2008-08-26 16:48 6676480 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\4E45A1A4\6383BC9B\RegistryBooster.dll
2009-07-19 06:23 . 2008-08-26 16:48 497496 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\AF01B0B\6383BC9B\XceedZip.dll
2009-07-19 06:23 . 2008-08-26 16:48 413696 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\52CD59C9\6383BC9B\update.dll
2009-07-19 06:23 . 2008-08-26 16:48 2019624 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\7CE1607E\6383BC9B\RegistryBooster.exe
2009-07-19 06:23 . 2008-08-26 16:48 111912 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\65B92A91\6383BC9B\KillRBProcess.exe
2009-07-19 06:22 . 2009-07-19 06:32 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-07-19 05:34 . 2009-07-19 05:34 -------- d-----w- c:\program files\Trend Micro
2009-07-19 05:15 . 2009-07-19 05:15 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-07-19 05:14 . 2009-07-21 21:57 -------- d-----w- c:\program files\RegCure
2009-07-19 01:10 . 2009-07-22 22:16 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-19 00:42 . 2007-08-02 03:47 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-07-18 19:44 . 2009-07-18 19:44 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-18 14:16 . 2009-07-18 21:39 -------- d-----w- c:\program files\iTunes(3)
2009-07-17 01:51 . 2009-07-19 00:16 -------- d-----w- c:\program files\iTunes
2009-07-17 01:45 . 2009-07-17 01:45 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-14 21:51 . 2009-07-14 21:51 491008 ----a-w- c:\documents and settings\Derek Calice\Application Data\lsas.exe
2009-07-05 13:31 . 2004-08-10 10:00 5632 ----a-w- c:\windows\system32\kbdusa.dll
2009-07-05 13:31 . 2004-08-10 10:00 5632 ----a-w- c:\windows\system32\dllcache\kbdusa.dll
2009-07-05 13:31 . 2004-08-10 10:00 6144 ----a-w- c:\windows\system32\ftlx041e.dll
2009-07-05 13:31 . 2004-08-10 10:00 6144 ----a-w- c:\windows\system32\dllcache\ftlx041e.dll
2009-07-05 00:37 . 2009-07-09 20:51 192 ----a-w- c:\windows\567788.bat

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-27 20:28 . 2008-11-12 05:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-24 00:16 . 2005-11-03 22:56 -------- d-----w- c:\documents and settings\Derek Calice\Application Data\Azureus
2009-07-24 00:12 . 2009-07-24 00:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-07-23 04:03 . 2007-05-17 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-19 00:16 . 2007-08-07 07:07 -------- d-----w- c:\program files\Common Files\Apple
2009-07-17 01:51 . 2005-12-04 15:43 -------- d-----w- c:\program files\iPod
2009-07-17 01:26 . 2007-05-22 21:52 -------- d-----w- c:\documents and settings\Derek Calice\Application Data\LimeWire
2009-07-12 22:32 . 2005-11-03 04:46 -------- d-----w- c:\program files\Lx_cats
2009-06-26 04:50 . 2005-10-29 06:11 93512 -c--a-w- c:\documents and settings\Derek Calice\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-25 22:27 . 2009-06-25 22:27 488960 ----a-w- c:\documents and settings\Derek Calice\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv302-0811070-0-main.dll
2009-06-25 22:27 . 2009-06-25 22:27 319488 ----a-w- c:\documents and settings\Derek Calice\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
2009-06-24 05:14 . 2009-06-21 22:30 8673792 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2009-06-24 05:13 . 2009-06-24 05:13 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2009-06-24 05:01 . 2009-06-24 05:01 -------- d-----w- c:\program files\MSBuild
2009-06-24 05:01 . 2009-06-24 05:01 -------- d-----w- c:\program files\Reference Assemblies
2009-06-21 23:30 . 2009-06-21 22:30 -------- d-----w- c:\program files\Linksys
2009-06-21 23:00 . 2009-06-21 23:00 -------- d-----w- c:\program files\Pure Networks
2009-06-21 22:59 . 2009-06-21 22:59 -------- d-----w- c:\program files\WebEx
2009-06-21 22:35 . 2009-06-21 22:35 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-21 22:35 . 2009-06-21 22:35 -------- d-----w- c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster
2009-06-21 22:35 . 2005-10-26 13:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-21 22:33 . 2009-06-21 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2009-06-16 14:36 . 2004-08-19 20:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-19 20:49 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-08 04:27 . 2006-04-14 02:31 -------- d-----w- c:\program files\QuickTime
2009-06-08 04:23 . 2007-08-06 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-03 19:09 . 2004-08-19 20:49 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 18:36 . 2009-03-18 02:06 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 18:36 . 2007-08-07 07:07 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-13 05:15 . 2004-08-19 20:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 01:25 . 2009-01-12 02:07 10684866 ----a-w- c:\documents and settings\Derek Calice\Application Data\Azureus\plugins\azump\mplayer.exe
2009-05-07 15:32 . 2004-08-19 20:49 345600 ----a-w- c:\windows\system32\localspl.dll
2008-11-12 02:50 . 2008-11-12 02:50 12537 -c--a-w- c:\program files\Common Files\pivemad._sy
2003-06-09 07:58 . 2005-11-04 11:48 1210 -c--a-w- c:\program files\changelog
2003-06-09 07:55 . 2005-11-04 11:48 1096342 -c--a-w- c:\program files\credits.exe
2003-06-09 07:48 . 2005-11-04 11:48 686080 -c--a-w- c:\program files\vcdgear.exe
2005-07-14 18:31 . 2006-05-24 16:37 27648 --sha-w- c:\windows\system32\AVSredirect.dll
2005-06-22 05:37 . 2006-05-24 17:37 45568 --sha-r- c:\windows\system32\cygz.dll
2009-04-21 16:39 . 2005-10-29 13:30 104 --sh--r- c:\windows\system32\F4F8169F3D.sys
2009-04-21 16:39 . 2005-10-29 13:30 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-02-21 192512]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-01-20 299008]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-12-19 180269]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-09 110592]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-12-14 467240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

c:\documents and settings\Derek Calice\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcCULCs]
efcCULCs.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMeCTmM]
qoMeCTmM.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvSkhfc]
tuvSkhfc.dll [BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0c:\docume~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.exe \??\c:\docume~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.dat

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\KAV\\kis7.0\\english\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

S0 klick;klick;c:\windows\system32\Drivers\klick.sys --> c:\windows\system32\Drivers\klick.sys [?]
S0 klin;klin;c:\windows\system32\Drivers\klin.sys --> c:\windows\system32\Drivers\klin.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/21/2009 3:34 PM 38496]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ    QWAVE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-07 13:18]

2009-07-28 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-07-28 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-07-23 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
.
- - - - ORPHANS REMOVED - - - -

BHO-{120DBFC6-9D80-4B34-9DE9-B029BBF0BE24} - (no file)
BHO-{A0369B3C-55DF-0875-FD4D-7FA291CA4B97} - (no file)
BHO-{AC547E2F-BC8E-45C4-BFD7-A22F8712DC7C} - (no file)
BHO-{b447ca80-0edf-4542-a62b-6c365a458a7f} - (no file)
BHO-{DCE17CB4-8005-4C77-BF51-2940464C4EF7} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cox.net/
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: musicmatch.com\online
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://www3.authentium.com/cssrelease/bin/wizard.exe
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-27 19:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-28 19:29
ComboFix-quarantined-files.txt  2009-07-28 00:29
ComboFix2.txt  2009-07-26 16:56

Pre-Run: 74,335,318,016 bytes free
Post-Run: 74,314,051,584 bytes free

220 --- E O F --- 2009-07-19 00:20

Here is the new HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:19 PM, on 7/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authentium.com/cssrelease/bin/wizard.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O20 - Winlogon Notify: efcCULCs - efcCULCs.dll (file missing)
O20 - Winlogon Notify: qoMeCTmM - qoMeCTmM.dll (file missing)
O20 - Winlogon Notify: tuvSkhfc - tuvSkhfc.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe

--
End of file - 8157 bytes

hi

i had the exact same problem when i upgraded from kas 2009 to 2010 version it was a mess!

i removed 2010 and reinstalled 2009 (8.0.0.506) and it seems to have fixed my issue

good luck

This was not a Kaspersky problem. This was caused by a serious malware infection.

Please launch HijackThis and place a checkmark next to the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - (no file)
O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O20 - Winlogon Notify: efcCULCs - efcCULCs.dll (file missing)
O20 - Winlogon Notify: qoMeCTmM - qoMeCTmM.dll (file missing)
O20 - Winlogon Notify: tuvSkhfc - tuvSkhfc.dll (file missing)

Close all other windows and and click "Fix Checked". Close HijackThis.

Download and scan each user profile with CCleaner (a good utility to keep and use regularly.):

http://www.ccleaner.com/download/builds

** Select to download the SLIM version.

** Because CCleaner removes everything in temp folders, if you have anything saved in a temp folder, back it up or move it to a permanent folder prior to running CCleaner.

** We will be cleaning cookies as well. Make a note of any passwords, etc. that you want to save. If you do not want to delete cookies, simply uncheck that option.

1. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

2. Then select the items you wish to clean up. In the Windows Tab:

• Clean all entries in the "Internet Explorer" section.
• Clean all the entries in the "Windows Explorer" section
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose. In the Applications Tab:
• Clean all in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

3. Click the "Run Cleaner" button.

4. A pop up box will appear advising this process will permanently delete files from your system.

5. Click "OK" and it will scan and clean your system.

6. Click "exit" when done. REBOOT.

Download -- to your Desktop -- JavaRa.Zip from either of these two sites:
http://prm753.bchea.org/click/click.php?id=9
http://www.majorgeeks.com/JavaRa_d5967.html

• Unzip the download. This will create a new Folder, JavaRa on your Desktop.
• Double click this new Folder to open it, and double click the file within: JavaRa to execute the program.
• Click the button: Remove Older Versions.
• Agree to the cleanup operation by clicking Yes. After a moment, a notice will appear that a log file has been produced. Click OK. Close the Notepad view that opens.
• Click the button: Other Tasks.
• Choose these options:
• Remove Useless JRE Files
  Remove Startup Entry
  Remove JavaRa Logfile
  
• Click Go. When it finishes, click OK to close the panel, and then Exit the program.
• Delete the download, and the unzipped folder and all contents.
• Go to http://java.sun.com/javase/downloads/index.jsp
• Download Java Runtime Environment (JRE) 6 Update 14.
• Select Windows Offline Installation. (You won't need to download the installer separately. For your Windows just click on the filename: jre-6u14-windows-i586-p.exe to download.) SAVE it to your desktop, do not RUN it yet.
• When the download is complete, close all browser windows and double-click on the saved file to install the update. Be patient: It may take five (5) minutes or more for the installation to complete.
• If the installation gives you the option to install a toolbar UNCHECK the option if you don't want it .

Delete the downloaded installation file after completing the above procedure and reboot if not prompted to do so.

Please post a fresh HijackThis log and let me know how things are running.

BuddaBrutha, Java has an update today, so instead of Update 14, you will be looking for Java Runtime Environment (JRE) 6 Update 15.

The main menu has not been updated, so please use this page:

https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jre-6u15-oth-JPR@CDS-CDS_Developerhttps://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jre-6u15-oth-JPR@CDS-CDS_Developer