First off i have to apologize you know when you told me to delete those zip files at C:\Documents and Settings\David\Shared well i did but i manually deleted them(i went there and clicked on them and then i clicked delete) but not till your last step did i realize that you had instructed combofix to delete them for me......but i am telling you this to assure you they ARE DELETED !!!!!!!! and also here are those logs you asked for. Here is the combo fix log
"David" - 2007-07-08 13:02:19 - ComboFix 07-07-04.4 - Service Pack 2
Command switches used :: C:\Documents and Settings\David\Desktop\CFScript.txt
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\David\APPLIC~1\Viewpoint
C:\DOCUME~1\David\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini
C:\DOCUME~1\David\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini
C:\DOCUME~1\David\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini
C:\DOCUME~1\David\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-1699046308.mtj&p2=1&p3=12369614062899471727616304244719&p4=50463258
C:\DOCUME~1\David\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini
C:\DOCUME~1\David\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\UpdateVersionList_v2.mtx
C:\DOCUME~1\David\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\URLCache.ini
C:\DOCUME~1\David\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\URLCache.ini
C:\DOCUME~1\David\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\URLCache.ini
C:\DOCUME~1\David\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\URLCache.ini
C:\DOCUME~1\David\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\UpdateVersionList_v2.mtx
C:\Program Files\Common Files\Panda Software
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305001C.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MTSDownloadSites.txt
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents\SWFView.dll
C:\WINDOWS\ScUnin.pif
((((((((((((((((((((((((( Files Created from 2007-06-08 to 2007-07-08 )))))))))))))))))))))))))))))))
2007-07-08 12:53 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-07-08 12:53 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-08 12:53 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-07-08 12:53 1,250 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-07 15:20 <DIR> d-------- C:\Program Files\7-Zip
2007-07-06 13:35 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-06 12:43 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-06 10:01 <DIR> d-------- C:\DOCUME~1\David\APPLIC~1\Uniblue
2007-07-06 09:46 <DIR> d-------- C:\WINDOWS\setupupd
2007-07-05 09:01 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-05 09:01 <DIR> d-------- C:\DOCUME~1\David\APPLIC~1\SUPERAntiSpyware.com
2007-07-05 09:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-05 08:23 <DIR> d-------- C:\DOCUME~1\David\.SunDownloadManager
2007-07-04 21:20 18,432 --a------ C:\WINDOWS\system32\drivers\ApiMon.sys
2007-07-04 12:45 <DIR> d-------- C:\Program Files\GameSpot
2007-07-03 21:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
2007-07-03 21:34 <DIR> d-------- C:\Program Files\Autodesk
2007-07-03 09:43 <DIR> d-------- C:\VB4Run
2007-07-03 09:36 <DIR> d-------- C:\VB3Run
2007-07-03 09:32 <DIR> d-------- C:\Program Files\Camelot Systems
2007-07-03 09:23 <DIR> d-------- C:\Program Files\IGN
2007-07-03 08:16 <DIR> d-------- C:\Program Files\ifns
2007-07-03 08:16 <DIR> d-------- C:\DOCUME~1\David\APPLIC~1\ifns
2007-07-02 21:24 <DIR> d-------- C:\BSA
2007-07-02 14:41 <DIR> d-------- C:\Program Files\WGV
2007-07-02 11:23 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-07-02 11:23 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-07-02 11:23 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-07-02 11:22 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-07-02 11:22 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-07-02 09:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-07-02 09:43 <DIR> d-------- C:\Program Files\Common Files\Control Panels
2007-07-02 09:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ALM
2007-07-02 08:46 <DIR> d-------- C:\Program Files\Bonjour
2007-07-02 08:39 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-07-01 19:13 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2007-07-01 19:13 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2007-06-30 18:37 <DIR> d-------- C:\DOCUME~1\David\APPLIC~1\RecordPad
2007-06-30 18:37 <DIR> d-------- C:\DOCUME~1\David\APPLIC~1\NCH Swift Sound
2007-06-30 18:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
2007-06-30 18:36 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-06-30 14:48 <DIR> d-------- C:\Program Files\GetDiz
2007-06-30 13:00 <DIR> d-------- C:\Program Files\ePrompter
2007-06-29 06:31 <DIR> d-------- C:\Program Files\PowerISO
2007-06-29 03:00 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-28 07:19 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-06-28 07:18 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2007-06-28 07:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-06-28 07:17 <DIR> d-------- C:\Program Files\Logitech
2007-06-27 20:49 <DIR> d-------- C:\Program Files\Yawcam
2007-06-27 19:44 <DIR> d-------- C:\Program Files\TrackerChecker
2007-06-27 16:58 1,031,680 --a------ C:\WINDOWS\explorerkonshu.exe
2007-06-27 15:12 <DIR> d-------- C:\Program Files\TightVNC
2007-06-27 08:53 <DIR> d-------- C:\Program Files\Cain
2007-06-27 07:52 <DIR> d-------- C:\Program Files\Nmap
2007-06-26 12:37 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-06-26 12:33 <DIR> d-------- C:\Program Files\MSBuild
2007-06-26 12:12 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-06-26 12:11 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-06-26 12:10 180,224 --a------ C:\WINDOWS\system32\nvuaudio.exe
2007-06-26 12:10 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-06-26 11:53 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-06-26 11:53 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-06-26 11:53 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-06-26 11:30 <DIR> d-------- C:\Program Files\FairUse Wizard 2
2007-06-25 17:27 <DIR> d-------- C:\Program Files\PolderbitS
2007-06-25 13:49 <DIR> d-------- C:\Program Files\CounterPath
2007-06-25 13:39 <DIR> d-------- C:\Program Files\XemiComputers
2007-06-24 21:05 <DIR> d-------- C:\Program Files\Red Kawa
2007-06-24 09:56 <DIR> d-------- C:\Program Files\XviD
2007-06-23 21:14 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-06-23 21:14 <DIR> d-------- C:\WINDOWS\system32\RMBin
2007-06-23 21:14 <DIR> d-------- C:\Program Files\Apex
2007-06-23 14:04 <DIR> d-------- C:\Program Files\Microsoft Bootvis
2007-06-22 18:15 <DIR> d-------- C:\Program Files\Passware
2007-06-21 16:38 <DIR> d-------- C:\Program Files\MySecretCodes Toolbar
2007-06-21 14:46 <DIR> d-------- C:\Program Files\Myspace Enhanced
2007-06-21 14:46 <DIR> d-------- C:\DOCUME~1\David\APPLIC~1\MyspaceEnhanced
2007-06-21 11:43 <DIR> d-------- C:\DOCUME~1\David\APPLIC~1\tunebite
2007-06-21 11:42 16,640 --a------ C:\WINDOWS\system32\drivers\tbhsd.sys
2007-06-21 11:42 <DIR> d-------- C:\Program Files\Tunebite
2007-06-20 19:37 <DIR> d-------- C:\DOCUME~1\David\New Folder
2007-06-20 14:25 <DIR> d-------- C:\Program Files\HTTP-Tunnel
2007-06-20 13:59 <DIR> d-------- C:\DOCUME~1\David\APPLIC~1\Obsidium
2007-06-20 11:14 1,156 --a------ C:\WINDOWS\mozver.dat
2007-06-20 07:47 <DIR> d-------- C:\Program Files\XBC
2007-06-19 15:45 <DIR> d-------- C:\Program Files\A-FF Repair Station
2007-06-18 09:14 <DIR> d-------- C:\Program Files\Bethesda Softworks
2007-06-18 08:57 <DIR> d-------- C:\Program Files\Smart Projects
2007-06-16 21:54 <DIR> d-------- C:\Program Files\Telemarketing Blocker
2007-06-16 19:53 241,664 --a------ C:\ChaosMash_v2.5.exe
2007-06-14 22:31 <DIR> d-------- C:\ConverterOutput
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-05 21:23:12 -------- d--h--w C:\DOCUME~1\David\APPLIC~1\Move Networks
2007-07-05 14:00:56 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-07-04 23:02:16 -------- d-----w C:\DOCUME~1\David\APPLIC~1\IGN_DLM
2007-07-04 12:18:35 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-04 12:18:35 -------- d-----w C:\Program Files\CyberLink
2007-07-04 12:01:46 -------- d-----w C:\Program Files\gbVRML
2007-07-04 11:55:32 -------- d-----w C:\Program Files\Apple Software Update
2007-06-30 23:25:32 -------- d-s---w C:\Program Files\Xfire
2007-06-26 18:42:34 -------- d-----w C:\Program Files\AvRack
2007-06-26 15:30:12 -------- d-----w C:\Program Files\AlienGUIse
2007-06-25 18:49:51 -------- d-----w C:\DOCUME~1\David\APPLIC~1\Xfire
2007-06-21 14:14:25 -------- d-----w C:\Program Files\Free WMA to MP3 Converter
2007-06-14 17:16:09 -------- d-----w C:\Program Files\AIM6
2007-06-14 14:43:55 -------- d-----w C:\Program Files\Twaddle Software
2007-06-13 21:24:30 -------- d-----w C:\DOCUME~1\David\APPLIC~1\CyberLink
2007-06-12 16:35:25 -------- d-----w C:\DOCUME~1\David\APPLIC~1\AdobeUM
2007-06-12 13:42:02 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-06-12 02:04:18 2,423,296 ----a-w C:\WINDOWS\system32\logonuiX.exe
2007-06-11 21:46:06 -------- d-----w C:\Program Files\Linksys EasyLink Advisor
2007-06-08 01:33:40 -------- d-----w C:\Program Files\MidiMeow
2007-06-07 19:47:28 -------- d-----w C:\Program Files\WAVSPLITTER
2007-06-07 19:41:33 -------- d-----w C:\Program Files\MP3 to WAV Decoder
2007-06-05 18:41:52 -------- d-----w C:\DOCUME~1\David\APPLIC~1\MySpace
2007-06-05 18:41:50 -------- d-----w C:\Program Files\MySpace
2007-06-04 14:37:18 -------- d-----w C:\Program Files\Free Internet Window Washer
2007-06-04 06:45:08 -------- d--h--w C:\DOCUME~1\David\APPLIC~1\GTek
2007-06-04 06:44:40 29,184 ----a-w C:\WINDOWS\system32\drivers\goprot51.sys
2007-06-03 21:06:49 -------- d-----w C:\Program Files\Microsoft Games
2007-05-20 21:36:43 15,781 ----a-w C:\WINDOWS\system32\drivers\mdc8021x.sys
2007-05-20 21:36:40 -------- d-----w C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-11 21:37:58 -------- d-----w C:\Program Files\QuickTime
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 03:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 03:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-08 14:36:49 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2007-04-08 14:36:49 10,494 ----a-w C:\WINDOWS\scunin.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
2007-03-16 15:13 118784 --a------ D:\Adobe CS3 Master Collection\/Adobe Contribute CS3/contributeieplugin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-06-14 18:32 509592 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
2007-03-29 22:11 321120 --a------ D:\Adobe CS3 Master Collection\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-03 08:56]
"Acrobat Assistant 8.0"="D:\Adobe CS3 Master Collection\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 22:14]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40]
"LanzarP2006"="C:\DOCUME~1\David\LOCALS~1\Temp\{9A8B669E-CD8E-490B-A20C-CA0914ED86D7}\{EEBA9416-3207-47E0-9022-116440599DBC}\..\..\P2006tmp\Install.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 18:32]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TeleBlocker"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]
"Instant File Name Search"="C:\Program Files\ifns\ifns.exe" [2007-04-06 00:57]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^David^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\David\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US
ee://aol/imApp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Internet Window Washer]
C:\Program Files\Free Internet Window Washer\Clearpch.exe -Start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
"C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR]
C:\Program Files\XemiComputers\Pocket Voice Recorder\PVR.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ResChanger 2005]
C:\Program Files\ResChanger 2005\ResChanger2005.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Secrecy File & Folder Hider]
C:\TF\Secrecy File & Folder Hider\Secrethider.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"D:\Steam\Steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskbar Button Manager]
C:\Program Files\Innovative Solutions\Taskbar Button Manager\tbm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"C:\Program Files\Zune\ZuneLauncher.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US
ee://aol/imApp
"Free Internet Window Washer"=C:\Program Files\Free Internet Window Washer\Clearpch.exe -Start
"Taskbar Button Manager"=C:\Program Files\Innovative Solutions\Taskbar Button Manager\tbm.exe
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nTrayFw"=C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
"SoundMan"=SOUNDMAN.EXE
"GuruClock"=C:\Program Files\ABIT\ABIT uGuru\GuruClock.exe
"ABIT uGuru"=C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
"nwiz"=nwiz.exe /install
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe"
"WinVNC"="C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Ardamax Keylogger"=C:\Program Files\Ardamax Keylogger Lite\akl.exe
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"XDc"=C:\Program Files\Xtreme Desktop\xdc\startxdc.exe
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0fb0931-5cb6-11d9-b4be-806d6172696f}]
AutoRun\command- E:\autorun.exe
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-07-08 13:03:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-08 13:04:26
C:\ComboFix-quarantined-files.txt ... 2007-07-08 13:04
C:\ComboFix2.txt ... 2007-07-06 13:21
--- E O F ---
here is that smart fraud fix log
SmitFraudFix v2.201
Scan done at 12:53:34.01, Sun 07/08/2007
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Adobe CS3 Master Collection\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\GameSpot\GDM_TrayApp.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\David
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\David\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\David\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{1125EFB8-6938-472F-81E6-57ECC0604BB6}: NameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{222E2FB6-A1B8-452D-8C3D-5544A5A4BAFC}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{222E2FB6-A1B8-452D-8C3D-5544A5A4BAFC}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F8EEB660-CEC7-464B-AEB9-06D98CD4F94F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1125EFB8-6938-472F-81E6-57ECC0604BB6}: NameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{222E2FB6-A1B8-452D-8C3D-5544A5A4BAFC}: NameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Here is that hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 1:16:18 PM, on 7/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Adobe CS3 Master Collection\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\GameSpot\GDM_TrayApp.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.gmail.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=localhost:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Adobe CS3 Master Collection\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Adobe CS3 Master Collection\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Adobe CS3 Master Collection\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Adobe CS3 Master Collection\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Adobe CS3 Master Collection\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [LanzarP2006] "C:\DOCUME~1\David\LOCALS~1\Temp\{9A8B669E-CD8E-490B-A20C-CA0914ED86D7}\{EEBA9416-3207-47E0-9022-116440599DBC}\..\..\P2006tmp\Install.exe" /SETUP:"/l0x0009"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US
ee://aol/imApp
O4 - HKCU\..\Run: [Instant File Name Search] C:\Program Files\ifns\ifns.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: Append to existing PDF -
res://D:\Adobe CS3 Master Collection\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://D:\Adobe CS3 Master Collection\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://D:\Adobe CS3 Master Collection\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://D:\Adobe CS3 Master Collection\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://D:\Adobe CS3 Master Collection\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://D:\Adobe CS3 Master Collection\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://D:\Adobe CS3 Master Collection\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://D:\Adobe CS3 Master Collection\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) -
http://www.fileplanet.com/fpdlmgr/cabs/ ... .2.100.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 4837470515
O17 - HKLM\System\CCS\Services\Tcpip\..\{1125EFB8-6938-472F-81E6-57ECC0604BB6}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{222E2FB6-A1B8-452D-8C3D-5544A5A4BAFC}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1125EFB8-6938-472F-81E6-57ECC0604BB6}: NameServer = 192.168.2.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - igfxdev.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
and finally here is that
hxxp://virusscan.jotti.org/ (tell me if i am posting this right i was not sure how to post this as it did not give me alog)
Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1
File to upload & scan: Virus
Service
Service load:
0% 100%
File: explorerkonshu.exe
Status:
OK
MD5: 112592915e16229842a61ba521110fdc
Packers detected:
-
Bit9 reports: File not found
Scanner results
Scan taken on 08 Jul 2007 17:56:11 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
Powered by
images/asquared.png images/antivir.png images/arcabit.png images/avast.png images/avg.gif images/bitdefender.png images/clamav-logo1.png images/drweb.gif images/f-prot.png images/f-secure_logo.gif images/fortinet.gif images/kaspersky.png images/nod32.gif images/norman.png images/panda.png images/rising.gif images/sophos.gif images/virusbuster.gif images/vba32.png Bit9
Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.
Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.
Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.
Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.
Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.
Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, HotelScraper.com, people who donated in the past, and some people who prefer to remain anonymous... many thanks to all!
Statistics
Last file scanned at least one scanner reported something about: server.exe (MD5: b35b85eb86b8f9b122770cdbee7e933c, size: 516096 bytes), detected by:
Scanner Malware name
A-Squared X
AntiVir HEUR/Crypted
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Rising Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 X
You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.
PLEASE IF I DIDN'T REMOVE ANY AND ALL ILLEGAL PRODUCTS THAT THIS GOMYRON VIRUS OBTAINED TELL ME WITH INSTRUCTIONS BECAUSE I BELIEVE THAT ANYONE WHO WORKS HARD TO DESIGN AND MAKE PRODUCTS SHOULD RECIEVE FULL PAYMENT.
get back to me as soon as you figure out what i need to do next.