Hi, I posted my log a couple days ago but the post got moved down. Here it is again. thanks and I'll wait for an answer.

Here is my log for HijackThis. I will await instructions. Thanks!
Gina

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:12 AM, on 12/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svcd\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\hkcmd .exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray .exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD .exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask .exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Logitech\iTouch\iTouch .exe
C:\Program Files\QdrPack\QdrPack11 .exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.snip.net/
F3 - REG:win.ini: load=C:\WINDOWS\system32\vtstq.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [drmsrv32] C:\DOCUME~1\Owner\LOCALS~1\Temp\ssmmt .exe
O4 - HKLM\..\Run: [ghgjihwb] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ghgjihwb.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [WinPerformance] C:\Program Files\WinPerformance\WinPerformance.lnk
O4 - HKLM\..\Run: [dcb11384] rundll32.exe "C:\WINDOWS\system32\rufaeucy.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [QdrModule11] "C:\Program Files\QdrModule\QdrModule11.exe"
O4 - HKCU\..\Run: [QdrPack11] "C:\Program Files\QdrPack\QdrPack11.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://www.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.photoworks.com/pixami/BPImageEditor.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {5242A5A1-EF1E-11D5-B3EE-0050DAC5EBD0} (printQuick Browser Add In (Ver4)) - http://www.pqpc.com/plugin/axversion/1410/printquick1410.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189611992906
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189611976953
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1450/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class) - http://download.verizon.net/sfp/Cabs/hst/webinstall/HstWebInstall.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Security Service (MLTK) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - http://cgi.ebay.com/ws/Courier New
O24 - Desktop Component 1: (no name) - http://www.designerlinensoutlet.com/store/images/frpromo.jpg

--
End of file - 10680 bytes
12-30-2007 10:10 AM

ComboFix 08-01-03.4 - Owner 2008-01-03 7:52:34.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.68 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\ghgjihwb.dll
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Microsoft Works\WkDetect.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive9.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\Program Files\QdrModule\dic.gz
C:\Program Files\QdrModule\kwd.gz
C:\Program Files\QdrModule\QdrModule11 .exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack11 .exe
C:\Program Files\QdrPack\trgts.gz
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\winperformance
C:\Program Files\winperformance\extensions\index.ext
C:\Program Files\winperformance\extensions\main.dll
C:\Program Files\winperformance\extensions\main.mdb
C:\Program Files\winperformance\files\warn_bad.bmp
C:\Program Files\winperformance\files\warn_trusted.bmp
C:\Program Files\winperformance\files\warn_unknown.bmp
C:\Program Files\winperformance\registry_backup\2007.12.27 18.02.19.rb
C:\Program Files\winperformance\registry_backup\2007.12.27 18.09.35.rb
C:\Program Files\winperformance\scan.archive
C:\Program Files\winperformance\uninstall.exe
C:\Program Files\winperformance\WinPerformance.exe
C:\Program Files\winperformance\WinPerformance.ini
C:\Program Files\winperformance\WinPerformance.lnk
C:\Program Files\winperformance\zlib.dll
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\PerfInfo
C:\WINDOWS\PerfInfo\rJsyuUVdGa.exe
C:\WINDOWS\regedit.com
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\din.ip
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\fwcsowiu.ini
C:\WINDOWS\system32\ghvqrmfq.dll
C:\WINDOWS\system32\jbaqukgo.dll
C:\WINDOWS\system32\jrdtwqjs.dll
C:\WINDOWS\system32\kcsoxbxc.dll
C:\WINDOWS\system32\khfcaaa.dll
C:\WINDOWS\system32\kynqfhjt.ini
C:\WINDOWS\system32\lendfcjp.dll
C:\WINDOWS\system32\lgvtcilt.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\pifwanag.dll
C:\WINDOWS\system32\qnwofqek.dll
C:\WINDOWS\system32\qtstv.ini
C:\WINDOWS\system32\qtstv.ini2
C:\WINDOWS\system32\RCX32.tmp
C:\WINDOWS\system32\RCX33.tmp
C:\WINDOWS\system32\RCX34.tmp
C:\WINDOWS\system32\RCX35.tmp
C:\WINDOWS\system32\RCX36.tmp
C:\WINDOWS\system32\RCX38.tmp
C:\WINDOWS\system32\rufaeucy.dll
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\sznf.ascii
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\tjhfqnyk.dll
C:\WINDOWS\system32\uiwoscwf.dll
C:\WINDOWS\system32\vcoibkii.dll
C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\vtstq.exe
C:\WINDOWS\system32\vuopwgxs.dll
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\ycueafur.ini
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

Second half of message: ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE ((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))) . 2008-01-03 08:21 . 2008-01-03 08:21 318 --ahs---- C:\WINDOWS\system32\qtstv.ini 2008-01-03 08:20 . 2008-01-03 08:20 337,920 --a------ C:\WINDOWS\system32\vtstq.dll 2008-01-03 08:20 . 2008-01-03 08:20 122,880 --a------ C:\WINDOWS\BCMSMMSG .exe 2008-01-03 07:53 . 2008-01-03 07:53 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS 2008-01-03 07:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-01 07:10 . 2008-01-01 07:10 1,031,499 ---hs---- C:\WINDOWS\system32\rnnndeyo.ini 2007-12-30 16:14 . 2007-12-31 19:06 1,031,439 ---hs---- C:\WINDOWS\system32\rmcyneng.ini 2007-12-30 16:11 . 2007-12-30 16:11 1,031,139 --ahs---- C:\WINDOWS\system32\kxecakle.ini 2007-12-30 11:07 . 2007-12-30 11:07 d-------- C:\Program Files\Trend Micro 2007-12-29 16:07 . 2007-12-29 16:16 1,031,259 --ahs---- C:\WINDOWS\system32\krgdgdfn.ini 2007-12-28 16:16 . 2007-12-29 02:25 1,031,208 --ahs---- C:\WINDOWS\system32\lwsgnkhv.ini 2007-12-28 16:10 . 2007-12-28 16:16 1,031,139 --ahs---- C:\WINDOWS\system32\lbskchjb.ini 2007-12-28 13:11 . 2007-12-28 13:11 d-------- C:\Program Files\RcvSystem 2007-12-27 16:42 . 2007-12-27 17:32 d-------- C:\Program Files\Norton AntiVirus 2007-12-27 16:39 . 2007-12-27 17:15 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-12-27 16:39 . 2007-12-27 17:15 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-12-27 16:37 . 2007-12-27 17:16 d-------- C:\Program Files\Symantec 2007-12-27 13:18 . 2007-12-27 13:18 d-------- C:\WINDOWS\rwrwhdfc 2007-12-27 13:18 . 2007-12-27 13:18 d-------- C:\WINDOWS\KBOpt 2007-12-27 13:18 . 2007-12-27 13:18 63,488 --a------ C:\WINDOWS\cxojihun.dll 2007-12-27 13:18 . 2007-12-27 13:18 4 --a------ C:\WINDOWS\system32\jpewocmz.ini 2007-12-27 05:33 . 2007-12-27 05:33 1,027,522 ---hs---- C:\WINDOWS\system32\vqwjmmlb.ini 2007-12-24 15:10 . 2007-12-24 15:10 d-------- C:\WINDOWS\system32\svcd 2007-12-24 15:10 . 2007-12-27 13:17 3,638 --a------ C:\info.exe 2007-12-24 15:10 . 2008-01-03 08:19 114 --a------ C:\WINDOWS\system32\url3 2007-12-24 15:10 . 2008-01-03 08:19 102 --a------ C:\WINDOWS\system32\url2 2007-12-24 15:10 . 2008-01-03 08:19 102 --a------ C:\WINDOWS\system32\url1 2007-12-24 15:10 . 2008-01-03 08:19 8 --a------ C:\WINDOWS\system32\CID 2007-12-24 15:10 . 2007-12-24 15:10 4 --a------ C:\WINDOWS\system32\SvcNm 2007-12-24 12:36 . 2007-12-26 13:02 1,018,787 ---hs---- C:\WINDOWS\system32\tehdxubn.ini 2007-12-23 12:36 . 2008-01-01 09:27 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe 2007-12-23 12:32 . 2007-12-31 12:43 126,976 --a------ C:\WINDOWS\system32\hkcmd .exe 2007-12-23 12:20 . 2007-12-23 12:20 d-------- C:\Program Files\Windows Sidebar 2007-12-23 07:23 . 2007-12-23 07:31 d-------- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6 2007-12-03 20:57 . 2007-12-27 17:15 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-12-03 20:57 . 2007-12-27 17:15 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-03 16:21 358,400 ----a-w C:\WINDOWS\system32\ctfmon.exe 2008-01-03 16:21 341,504 ----a-w C:\WINDOWS\system32\vtstq.exe 2008-01-03 16:07 --------- d-----w C:\Program Files\QuickTime 2008-01-03 16:07 --------- d-----w C:\Program Files\Microsoft Works 2008-01-02 16:11 466,432 ----a-w C:\WINDOWS\BCMSMMSG.exe 2007-12-31 20:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-12-28 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-12-27 19:02 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-23 16:53 --------- d-----w C:\Program Files\Trojan Remover 2007-12-23 16:39 --------- d-----w C:\Program Files\Common Files\Command Software 2007-12-12 05:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM 2007-12-04 04:39 --------- d-----w C:\Program Files\Common Files\Panda Software 2007-12-01 07:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys 2007-12-01 07:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys 2007-12-01 07:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys 2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-12-01 07:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-12-01 07:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-12-01 07:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-12-01 07:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-10-24 14:03 1,164,456 ----a-w C:\Documents and Settings\Owner\install_flash_player.exe 2007-01-05 16:30 439,296 ----a-w C:\Documents and Settings\Owner\GoToAssist_phone__317_en.exe 2005-08-19 20:26 389,120 ----a-w C:\Documents and Settings\Owner\remote.exe 2007-08-28 05:24 168 --sh--r C:\WINDOWS\system32\48B3F60C57.sys 2007-08-28 05:25 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys .

 ----a-w 851,968 2008-01-02 03:25:48 C:\Program Files\Brother\ControlCenter2\brctrcen .exe ----a-w 51,048 2007-12-28 00:01:51 C:\Program Files\Common Files\Symantec Shared\ccApp .exe ----a-w 68,856 2007-12-23 20:36:59 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe ----a-w 892,928 2008-01-02 03:25:50 C:\Program Files\Logitech\iTouch\iTouch .exe ----a-w 28,739 2008-01-02 03:25:39 C:\Program Files\Microsoft Works\WkDetect .exe ----a-w 53,248 2008-01-02 03:25:44 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask .exe ----a-w 135,168 2007-12-31 01:36:15 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray .exe ----a-w 429,568 2008-01-02 03:25:08 C:\Program Files\QuickTime\qttask .exe ----a-w 429,568 2008-01-01 17:26:01 C:\Program Files\QuickTime\qttask .exe ----a-w 429,568 2008-01-01 03:04:31 C:\Program Files\QuickTime\qttask .exe ----a-w 429,568 2007-12-31 20:42:50 C:\Program Files\QuickTime\qttask .exe ----a-w 429,568 2007-12-31 08:57:13 C:\Program Files\QuickTime\qttask .exe ----a-w 429,568 2007-12-31 01:35:53 C:\Program Files\QuickTime\qttask .exe ----a-w 429,568 2007-12-28 01:37:45 C:\Program Files\QuickTime\qttask .exe ----a-w 429,568 2007-12-28 00:32:52 C:\Program Files\QuickTime\qttask .exe ----a-w 429,568 2007-12-28 00:01:14 C:\Program Files\QuickTime\qttask .exe ----a-w 429,568 2007-12-27 19:48:48 C:\Program Files\QuickTime\qttask .exe ----a-w 429,568 2007-12-27 19:03:41 C:\Program Files\QuickTime\qttask .exe ----a-w 429,568 2007-12-26 20:44:22 C:\Program Files\QuickTime\qttask .exe ----a-w 429,568 2007-12-25 23:14:52 C:\Program Files\QuickTime\qttask .exe ----a-w 429,568 2007-12-24 22:45:01 C:\Program Files\QuickTime\qttask .exe ----a-w 679,936 2008-01-02 03:25:34 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD .exe ----a-w 385,024 2008-01-02 03:25:40 C:\Program Files\Verizon Online\Help Support\SmartBridge\MotiveSB .exe ----a-w 204,288 2007-12-24 22:45:59 C:\Program Files\Windows Media Player\WMPNSCFG .exe ----a-w 77,892 2007-12-27 19:49:08 C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130 .EXE ----a-w 122,880 2008-01-03 16:20:31 C:\WINDOWS\BCMSMMSG .exe ----a-w 15,360 2008-01-01 17:27:00 C:\WINDOWS\system32\ctfmon .exe ----a-w 126,976 2007-12-31 20:43:48 C:\WINDOWS\system32\hkcmd .exe 

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{167F8FE2-A265-4004-804E-ACB6FD84B189}] 2008-01-03 08:20 337920 --a------ C:\WINDOWS\system32\vtstq.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 2007-12-27 16:49 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8de4bca-1dd1-11b2-b626-a5d707838c8d}] 2007-12-27 13:18 63488 --a------ C:\WINDOWS\cxojihun.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "LDM"="\Program\BackWeb-8876480.exe" [ ] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [ ] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [ ] "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [ ] "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [ ] "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [ ] "BCMSMMSG"="BCMSMMSG.exe" [2008-01-02 08:11 466432 C:\WINDOWS\BCMSMMSG.exe] "Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe" [ ] "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [ ] "mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [ ] "QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [ ] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 21:07 51048] "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 20:53 714608] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-08-08 12:00:00] [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows] "load"=C:\WINDOWS\system32\vtstq.exe [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\vtstq [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL 9.LNK] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL 9.LNK backup=C:\WINDOWS\pss\CorelCENTRAL 9.LNKCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL Alarms.LNK] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL Alarms.LNK backup=C:\WINDOWS\pss\CorelCENTRAL Alarms.LNKCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Application Director 9.LNK] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Application Director 9.LNK backup=C:\WINDOWS\pss\Desktop Application Director 9.LNKCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk backup=C:\WINDOWS\pss\Status Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App] 2005-05-23 12:20 50744 --a------ C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN] C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2005-10-19 08:59 155648 --a------ C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] 2004-04-14 14:04 40960 --a------ C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Security Suite] 2005-04-10 16:30 180278 --a------ C:\Program Files\Verizon\Internet Security Suite\Freedom.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] 2004-04-14 13:46 57393 --a------ C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCANINICIO] C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt] 2004-05-25 08:16 49152 --------- C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2005-11-10 12:03 36975 --a------ C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner] 2005-06-30 14:07 282768 --a------ C:\Program Files\Trojan Remover\Trjscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD] 2000-08-08 12:00 24576 --a------ C:\Program Files\Microsoft Works\wkfud.exe R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 21:07] R2 MLTK;Security Service;C:\WINDOWS\system32\svcd\svchost.exe [2007-12-24 15:10] R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 19:15] R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 16:27] R3 USB20L;Linksys USB 2.0 10/100 Adapter;C:\WINDOWS\system32\DRIVERS\USB200M.sys [2002-09-23 22:35] S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 12:55] S3 EraserUtilDrvI4;EraserUtilDrvI4;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI4.sys [] S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys [] S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 16:27] . Contents of the 'Scheduled Tasks' folder "2008-01-02 17:00:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2008-01-01 05:44:57 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job" - C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK: "2007-12-31 16:00:00 C:\WINDOWS\Tasks\Windows Update.job" - C:\WINDOWS\system32\wupdmgr.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-03 08:20:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\BCMSMMSG .exe 122880 bytes executable scan completed successfully hidden files: 1 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156] -> C:\WINDOWS\system32\vtstq.dll . Completion time: 2008-01-03 8:30:29 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-03 16:30:19

Message Edited by trot on 01-03-2008 07:47 AM

part two



((((((((((((((((((((((((((((( snapshot@2008-01-03_ 8.29.03.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-03 16:21:17 358,400 ----a-w C:\WINDOWS\system32\ctfmon.exe
+ 2004-08-04 07:56:48 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-12-27 16:49 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D28DE57C-3BB5-4887-94E8-3279C5224ACE}]
2008-01-03 11:40 337920 --------- C:\WINDOWS\system32\vtstq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8de4bca-1dd1-11b2-b626-a5d707838c8d}]
2007-12-27 13:18 63488 --a------ C:\WINDOWS\cxojihun.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"LDM"="\Program\BackWeb-8876480.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [ ]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [ ]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [ ]
"BCMSMMSG"="BCMSMMSG.exe" [2008-01-02 08:11 466432 C:\WINDOWS\BCMSMMSG.exe]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe" [ ]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [ ]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [ ]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 21:07 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 20:53 714608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-08-08 12:00:00]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\vtstq.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\vtstq

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL 9.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL 9.LNK
backup=C:\WINDOWS\pss\CorelCENTRAL 9.LNKCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL Alarms.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL Alarms.LNK
backup=C:\WINDOWS\pss\CorelCENTRAL Alarms.LNKCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Application Director 9.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Application Director 9.LNK
backup=C:\WINDOWS\pss\Desktop Application Director 9.LNKCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=C:\WINDOWS\pss\Status Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]
2005-05-23 12:20 50744 --a------ C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN]
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-10-19 08:59 155648 --a------ C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2004-04-14 14:04 40960 --a------ C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Security Suite]
2005-04-10 16:30 180278 --a------ C:\Program Files\Verizon\Internet Security Suite\Freedom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2004-04-14 13:46 57393 --a------ C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCANINICIO]
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2004-05-25 08:16 49152 --------- C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 12:03 36975 --a------ C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2005-06-30 14:07 282768 --a------ C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2000-08-08 12:00 24576 --a------ C:\Program Files\Microsoft Works\wkfud.exe

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 21:07]
R2 MLTK;Security Service;C:\WINDOWS\system32\svcd\svchost.exe [2007-12-24 15:10]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 19:15]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 16:27]
R3 USB20L;Linksys USB 2.0 10/100 Adapter;C:\WINDOWS\system32\DRIVERS\USB200M.sys [2002-09-23 22:35]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 12:55]
S3 EraserUtilDrvI4;EraserUtilDrvI4;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI4.sys []
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 16:27]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-03 17:00:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-01 05:44:57 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job"
- C:\Program Files\Norton AntiVirus\Navw32.exe
"2007-12-31 16:00:00 C:\WINDOWS\Tasks\Windows Update.job"
- C:\WINDOWS\system32\wupdmgr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 11:41:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\qtstv.ini

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\vtstq.dll
.
Completion time: 2008-01-03 11:48:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-03 19:48:14
ComboFix2.txt 2008-01-03 16:30:30

Sorry I tried to fix it but it didn't help. I had to put it in two posts because I got a message saying the post was too large.


ComboFix 08-01-03.4 - Owner 2008-01-03 11:21:33.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\qtstv.ini
C:\WINDOWS\system32\qtstv.ini2
C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\vtstq.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.

2008-01-03 11:39 . 2008-01-03 11:40 337,920 --------- C:\WINDOWS\system32\vtstq.dll
2008-01-03 08:20 . 2008-01-03 11:40 122,880 --a------ C:\WINDOWS\BCMSMMSG .exe
2008-01-03 07:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 07:10 . 2008-01-01 07:10 1,031,499 ---hs---- C:\WINDOWS\system32\rnnndeyo.ini
2007-12-30 16:14 . 2007-12-31 19:06 1,031,439 ---hs---- C:\WINDOWS\system32\rmcyneng.ini
2007-12-30 16:11 . 2007-12-30 16:11 1,031,139 --ahs---- C:\WINDOWS\system32\kxecakle.ini
2007-12-30 11:07 . 2007-12-30 11:07 d-------- C:\Program Files\Trend Micro
2007-12-29 16:07 . 2007-12-29 16:16 1,031,259 --ahs---- C:\WINDOWS\system32\krgdgdfn.ini
2007-12-28 16:16 . 2007-12-29 02:25 1,031,208 --ahs---- C:\WINDOWS\system32\lwsgnkhv.ini
2007-12-28 16:10 . 2007-12-28 16:16 1,031,139 --ahs---- C:\WINDOWS\system32\lbskchjb.ini
2007-12-28 13:11 . 2007-12-28 13:11 d-------- C:\Program Files\RcvSystem
2007-12-27 16:42 . 2007-12-27 17:32 d-------- C:\Program Files\Norton AntiVirus
2007-12-27 16:39 . 2007-12-27 17:15 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-27 16:39 . 2007-12-27 17:15 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-27 16:37 . 2007-12-27 17:16 d-------- C:\Program Files\Symantec
2007-12-27 13:18 . 2007-12-27 13:18 d-------- C:\WINDOWS\rwrwhdfc
2007-12-27 13:18 . 2007-12-27 13:18 d-------- C:\WINDOWS\KBOpt
2007-12-27 13:18 . 2007-12-27 13:18 63,488 --a------ C:\WINDOWS\cxojihun.dll
2007-12-27 13:18 . 2007-12-27 13:18 4 --a------ C:\WINDOWS\system32\jpewocmz.ini
2007-12-27 05:33 . 2007-12-27 05:33 1,027,522 ---hs---- C:\WINDOWS\system32\vqwjmmlb.ini
2007-12-24 15:10 . 2007-12-24 15:10 d-------- C:\WINDOWS\system32\svcd
2007-12-24 15:10 . 2007-12-27 13:17 3,638 --a------ C:\info.exe
2007-12-24 15:10 . 2008-01-03 11:39 114 --a------ C:\WINDOWS\system32\url3
2007-12-24 15:10 . 2008-01-03 11:39 102 --a------ C:\WINDOWS\system32\url2
2007-12-24 15:10 . 2008-01-03 11:39 102 --a------ C:\WINDOWS\system32\url1
2007-12-24 15:10 . 2008-01-03 11:39 8 --a------ C:\WINDOWS\system32\CID
2007-12-24 15:10 . 2007-12-24 15:10 4 --a------ C:\WINDOWS\system32\SvcNm
2007-12-24 12:36 . 2007-12-26 13:02 1,018,787 ---hs---- C:\WINDOWS\system32\tehdxubn.ini
2007-12-23 12:36 . 2008-01-01 09:27 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-23 12:32 . 2007-12-31 12:43 126,976 --a------ C:\WINDOWS\system32\hkcmd .exe
2007-12-23 12:20 . 2007-12-23 12:20 d-------- C:\Program Files\Windows Sidebar
2007-12-23 07:23 . 2007-12-23 07:31 d-------- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
2007-12-03 20:57 . 2007-12-27 17:15 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-03 20:57 . 2007-12-27 17:15 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 16:07 --------- d-----w C:\Program Files\QuickTime
2008-01-03 16:07 --------- d-----w C:\Program Files\Microsoft Works
2008-01-02 16:11 466,432 ----a-w C:\WINDOWS\BCMSMMSG.exe
2007-12-31 20:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-28 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-27 19:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-23 16:53 --------- d-----w C:\Program Files\Trojan Remover
2007-12-23 16:39 --------- d-----w C:\Program Files\Common Files\Command Software
2007-12-12 05:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-12-04 04:39 --------- d-----w C:\Program Files\Common Files\Panda Software
2007-12-01 07:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 07:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 07:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 07:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 07:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 07:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 07:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 07:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-10-24 14:03 1,164,456 ----a-w C:\Documents and Settings\Owner\install_flash_player.exe
2007-01-05 16:30 439,296 ----a-w C:\Documents and Settings\Owner\GoToAssist_phone__317_en.exe
2005-08-19 20:26 389,120 ----a-w C:\Documents and Settings\Owner\remote.exe
2007-08-28 05:24 168 --sh--r C:\WINDOWS\system32\48B3F60C57.sys
2007-08-28 05:25 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

----a-w 851,968 2008-01-02 03:25:48 C:\Program Files\Brother\ControlCenter2\brctrcen .exe
----a-w 51,048 2007-12-28 00:01:51 C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w 68,856 2007-12-23 20:36:59 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 892,928 2008-01-02 03:25:50 C:\Program Files\Logitech\iTouch\iTouch .exe
----a-w 28,739 2008-01-02 03:25:39 C:\Program Files\Microsoft Works\WkDetect .exe
----a-w 53,248 2008-01-02 03:25:44 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask .exe
----a-w 135,168 2007-12-31 01:36:15 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray .exe
----a-w 429,568 2008-01-02 03:25:08 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2008-01-01 17:26:01 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2008-01-01 03:04:31 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-31 20:42:50 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-31 08:57:13 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-31 01:35:53 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-28 01:37:45 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-28 00:32:52 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-28 00:01:14 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-27 19:48:48 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-27 19:03:41 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-26 20:44:22 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-25 23:14:52 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-24 22:45:01 C:\Program Files\QuickTime\qttask .exe
----a-w 679,936 2008-01-02 03:25:34 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD .exe
----a-w 385,024 2008-01-02 03:25:40 C:\Program Files\Verizon Online\Help Support\SmartBridge\MotiveSB .exe
----a-w 204,288 2007-12-24 22:45:59 C:\Program Files\Windows Media Player\WMPNSCFG .exe
----a-w 77,892 2007-12-27 19:49:08 C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130 .EXE
----a-w 122,880 2008-01-03 19:40:02 C:\WINDOWS\BCMSMMSG .exe
----a-w 15,360 2008-01-01 17:27:00 C:\WINDOWS\system32\ctfmon .exe
----a-w 126,976 2007-12-31 20:43:48 C:\WINDOWS\system32\hkcmd .exe

Here is the log. I will continue to try and check it again tonight.

Ran on Thu 01/03/2008 - 19:59:12.56

----a-w 851,968 2008-01-02 03:25:48 C:\Program Files\Brother\ControlCenter2\brctrcen .exe
----a-w 51,048 2007-12-28 00:01:51 C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w 68,856 2007-12-23 20:36:59 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 892,928 2008-01-02 03:25:50 C:\Program Files\Logitech\iTouch\iTouch .exe
----a-w 28,739 2008-01-02 03:25:39 C:\Program Files\Microsoft Works\WkDetect .exe
----a-w 53,248 2008-01-02 03:25:44 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask .exe
----a-w 135,168 2007-12-31 01:36:15 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray .exe
----a-w 429,568 2008-01-02 03:25:08 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2008-01-01 17:26:01 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2008-01-01 03:04:31 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-31 20:42:50 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-31 08:57:13 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-31 01:35:53 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-28 01:37:45 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-28 00:32:52 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-28 00:01:14 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-27 19:48:48 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-27 19:03:41 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-26 20:44:22 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-25 23:14:52 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-24 22:45:01 C:\Program Files\QuickTime\qttask .exe
----a-w 679,936 2008-01-02 03:25:34 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD .exe
----a-w 385,024 2008-01-02 03:25:40 C:\Program Files\Verizon Online\Help Support\SmartBridge\MotiveSB .exe
----a-w 204,288 2007-12-24 22:45:59 C:\Program Files\Windows Media Player\WMPNSCFG .exe
----a-w 77,892 2007-12-27 19:49:08 C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130 .EXE
----a-w 122,880 2008-01-03 19:40:02 C:\WINDOWS\BCMSMMSG .exe
----a-w 15,360 2008-01-01 17:27:00 C:\WINDOWS\system32\ctfmon .exe
----a-w 126,976 2007-12-31 20:43:48 C:\WINDOWS\system32\hkcmd .exe

Entries: 28 (28)
Directories: 0 Files: 28
Bytes: 9,708,263 Blocks: 18,964

Ok here is the log. Also please note that since the first scan the desktop has gone from a black background w/icons to a plain blue background w/icons. (don't know if this means anything.)

Gina

Ran on Fri 01/04/2008 - 11:30:02.03

------w 51,048 2007-12-28 00:01:51 C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w 429,568 2008-01-02 03:25:08 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2008-01-01 17:26:01 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2008-01-01 03:04:31 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-31 20:42:50 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-31 08:57:13 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-31 01:35:53 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-28 01:37:45 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-28 00:32:52 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-28 00:01:14 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-27 19:48:48 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-27 19:03:41 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-26 20:44:22 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-25 23:14:52 C:\Program Files\QuickTime\qttask .exe

Entries: 14 (14)
Directories: 0 Files: 14
Bytes: 5,635,432 Blocks: 11,007

Here's the latest.

Ran on Fri 01/04/2008 - 12:40:23.21

------w 51,048 2007-12-28 00:01:51 C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w 429,568 2008-01-02 03:25:08 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2008-01-01 17:26:01 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2008-01-01 03:04:31 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-31 20:42:50 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-31 08:57:13 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-31 01:35:53 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-28 01:37:45 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-28 00:32:52 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-28 00:01:14 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-27 19:48:48 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-27 19:03:41 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-26 20:44:22 C:\Program Files\QuickTime\qttask .exe
----a-w 429,568 2007-12-25 23:14:52 C:\Program Files\QuickTime\qttask .exe

Entries: 14 (14)
Directories: 0 Files: 14
Bytes: 5,635,432 Blocks: 11,007

Norton had a pop up saying that it blocked or is trying to block a trojan.vundo virus.