I've run Combo Fix and Hijack This again, here are the logs.
ComboFix 08-08-12.01 - comp795 2008-08-13 11:17:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1492 [GMT -7:00]
Running from: C:\Documents and Settings\comp795\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\comp795\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\comp795\Application Data\macromedia\Flash Player\#SharedObjects\822NVVZ8\interclick.com
C:\Documents and Settings\comp795\Application Data\macromedia\Flash Player\#SharedObjects\822NVVZ8\interclick.com\ud.sol
C:\Documents and Settings\comp795\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\comp795\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
.
((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
.
2008-08-10 13:36 . 2008-08-10 13:36 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-08-06 10:14 . 2008-08-06 10:14 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-06 10:12 . 2008-08-06 10:13 <DIR> d-------- C:\Program Files\iTunes
2008-08-06 10:12 . 2008-08-06 10:12 <DIR> d-------- C:\Program Files\iPod
2008-07-27 23:20 . 2008-07-27 23:21 <DIR> d-------- C:\Documents and Settings\comp795\.housecall6.6
2008-07-27 23:20 . 2008-07-27 23:20 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-17 20:15 . 2008-04-22 21:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-17 20:15 . 2007-04-17 02:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-17 20:15 . 2007-03-07 22:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-17 20:15 . 2008-04-22 21:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-17 20:15 . 2008-04-22 21:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-17 20:15 . 2008-04-22 21:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-17 20:15 . 2008-04-22 21:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-17 20:15 . 2008-04-22 21:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-17 20:15 . 2008-04-22 00:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-17 18:59 . 2008-07-17 18:59 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-17 18:59 . 2008-07-17 18:59 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-17 18:59 . 2008-07-17 18:59 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-17 18:59 . 2008-07-17 18:59 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-17 18:56 . 2008-07-17 19:00 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-17 18:41 . 2008-04-13 17:12 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-07-17 18:41 . 2008-04-13 17:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-07-17 18:39 . 2008-04-13 17:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-07-15 19:58 . 2008-07-15 19:58 <DIR> d-------- C:\Program Files\CCleaner
2008-07-15 19:56 . 2008-07-15 19:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-15 12:26 . 2008-07-15 12:26 <DIR> d-------- C:\Program Files\PrevxCSI
2008-07-15 12:26 . 2008-08-12 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-07-15 12:26 . 2008-08-06 12:03 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-07-15 07:00 . 2008-07-15 07:00 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
2008-07-15 06:48 . 2008-07-16 22:20 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-07-15 06:48 . 2008-07-16 00:00 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-07-15 06:48 . 2008-08-06 06:15 <DIR> d-------- C:\Documents and Settings\comp795\Application Data\SiteAdvisor
2008-07-15 06:48 . 2008-07-15 06:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-13 23:03 . 2008-07-13 23:03 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-13 23:03 . 2008-07-13 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-13 20:24 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-13 20:24 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-13 20:24 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-07-13 20:24 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-13 20:24 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-13 20:23 . 2008-07-13 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-13 20:23 . 2008-07-13 20:23 164 --a------ C:\install.dat
2008-07-13 15:18 . 2008-07-13 15:18 0 --a------ C:\WINDOWS\system32\M277CDp2.exe.a_a
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-13 17:57 --------- d-----w C:\Program Files\McAfee
2008-08-13 17:55 --------- d-----w C:\Documents and Settings\comp795\Application Data\uTorrent
2008-08-10 13:25 --------- d-----w C:\Program Files\BitTorrent
2008-08-06 00:39 --------- d-----w C:\Program Files\downloads
2008-07-20 02:20 --------- d-----w C:\Program Files\Games
2008-07-16 07:05 --------- d-----w C:\Documents and Settings\comp795\Application Data\Apple Computer
2008-07-15 13:51 --------- d-----w C:\Program Files\Common Files\McAfee
2008-07-15 13:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-14 06:03 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-13 17:10 --------- d-----w C:\Program Files\QuickTime
2008-07-10 16:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-06-27 19:43 --------- d-----w C:\Documents and Settings\comp795\Application Data\dvdcss
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 06:17 81920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="thpsrv" [X]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 08:11 925696]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 22:40 196608]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2006-05-05 17:36 30208]
"00THotkey"="C:\WINDOWS\system32\
00THotkey.exe" [2006-07-05 12:14 258048]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 16:13 122880]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-05 22:06 1077322]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 12:11 73728]
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 11:42 49152]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2005-06-28 20:43 126976]
"DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-25 17:57 299008]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-06-30 12:58 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-06-30 12:55 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-06-30 12:59 118784]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 17:37 151552]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 13:37 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 12:41 602182]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-27 19:08 185896]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 14:57 36640]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 07:50 88204 C:\WINDOWS\agrsmmsg.exe]
"000StTHK"="000StTHK.exe" [2001-06-23 04:28 24576 C:\WINDOWS\system32\
000StTHK.exe]
"TPSMain"="TPSMain.exe" [2006-04-24 19:54 315392 C:\WINDOWS\system32\TPSMain.exe]
"TPSODDCtl"="TPSODDCtl.exe" [2006-04-24 19:54 110592 C:\WINDOWS\system32\TPSODDCtl.exe]
"TFNF5"="TFNF5.exe" [2006-03-16 17:34 593920 C:\WINDOWS\system32\TFNF5.exe]
"TOSDCR"="TOSDCR.EXE" [2005-12-13 10:54 57344 C:\WINDOWS\system32\TOSDCR.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]
C:\Documents and Settings\comp795\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 13:49:52 64864]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-05 17:48 40448 C:\WINDOWS\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\downloads\\utorrent.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Games\\Dawn of War\\W40k.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21672:TCP"= 21672:TCP:BitComet 21672 TCP
"21672:UDP"= 21672:UDP:BitComet 21672 UDP
"50136:TCP"= 50136:TCP:72.20.34.145/255.255.255.255:Enabled:torrent
R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-08-06 12:03]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\WINDOWS\system32\DRIVERS\thpdrv.sys [2004-12-27 23:31]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\WINDOWS\system32\DRIVERS\Thpevm.SYS [2004-11-13 12:24]
R2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [2008-08-06 12:03]
R2 FdRedir;FdRedir;C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2006-05-05 18:00]
R2 FileDisk2;FileDisk Protector Kernel Driver;C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2006-05-05 17:59]
R2 smihlp;SMI helper driver;C:\Program Files\Protector Suite QL\smihlp.sys [2006-05-05 17:33]
R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-06-28 11:50]
S2 TvcbAudio;BUFFALO TV-CB Audio Output;C:\WINDOWS\system32\Drivers\TvcbAudio.sys [2007-01-19 22:24]
S2 TvcbBrs;BUFFALO TV-CB BRS Output;C:\WINDOWS\system32\Drivers\TvcbBrs.sys [2007-01-19 22:24]
S2 TvcbHost;BUFFALO Card Bus Patch Driver for TV-CB;C:\WINDOWS\system32\Drivers\TvcbHost.sys [2007-01-19 22:24]
S2 TvcbMain;BUFFALO TV-CB Main;C:\WINDOWS\system32\Drivers\TvcbMain.sys [2007-01-19 22:24]
S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\comp795\LOCALS~1\Temp\cdrmkaun.sys []
.
Contents of the 'Scheduled Tasks' folder
2008-08-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-07-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-08-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-08-13 C:\WINDOWS\Tasks\wrSpySweeper_L4BBBAF7E00C14CCD9070BE07FD3E634B.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 20:56]
2008-08-13 C:\WINDOWS\Tasks\wrSpySweeper_L4BBBAF7E00C14CCD9070BE07FD3E634B.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 20:56]
2008-08-13 C:\WINDOWS\Tasks\wrSpySweeper_L4BBBAF7E00C14CCD9070BE07FD3E634B.job
- C:\","D:\","E:\","F:\" []
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
hxxp://www.nytimes.com/R0 -: HKCU-Main,SearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-13 11:23:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\Toshiba\ConfigFree\CFSServ.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2008-08-13 11:27:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-13 18:27:41
Pre-Run: 28,489,670,656 bytes free
Post-Run: 28,984,094,720 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /forceresetreg
267 --- E O F --- 2008-07-18 03:35:51
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:52 AM, on 8/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.nytimes.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKLM\..\Run: [Tvs] "C:\Program Files\Toshiba\Tvs\TvsTray.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TouchED] "C:\Program Files\TOSHIBA\TouchED\TouchED.Exe"
O4 - HKLM\..\Run: [DDWMon] "C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Pinger] "c:\toshiba\ivp\ism\pinger.exe" /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -
http://zone.msn.com/binFrameWork/v10/St ... b55579.cabO16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) -
http://zone.msn.com/BinFrameWork/v10/ZB ... b55579.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx2.hotmail.com/mail/w2/pr02/re ... NPUpld.cabO16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -
http://zone.msn.com/binframework/v10/ZP ... b55579.cabO16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
http://www.systemrequirementslab.com/sysreqlab2.cabO16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) -
http://zone.msn.com/bingame/zpagames/zp ... b60231.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v ... b56649.cabO16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) -
http://zone.msn.com/binframework/v10/St ... b55579.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 12840 bytes
Thanks for the help