Please see below for results for last set of instructions.
C:\pmcubosf3.exe ---- CANNOT DELETE IT IS BEING USED BY ANOTHER PROGRAM OR PERSON
C:\WINDOWS\system32\pmcubosf ---- NOT PRESENT
Oin ---- NOT PRESENT
Yazzle by Oin ---- NOT PRESENT
Purityscan by Oin ---- NOT PRESENT
Snowballwars by Oin ---- NOT PRESENT
or anything similar with Oin or Outerinfo in it. ---- NOT PRESENT
Zolero ---- NOT PRESENT
Tizzletalk ---- NOT PRESENT
MediaTickets ---- NOT PRESENT
Cowabanga ---- NOT PRESENT
and any other programs you didn't install or don't recognize - if your not sure please ask first
COMBOFIX REPORT
ComboFix 07-06-17 - C:\Documents and Settings\John\Desktop\ComboFix.exe
"John" - 2007-06-18 19:54:27 - Service Pack 2 NTFS
((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 )))))))))))))))))))))))))))))))
2007-06-18 19:15 <DIR> d-------- C:\backups
2007-06-18 19:11 218,112 --a------ C:\scanner.exe
2007-06-17 22:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-06-17 22:32 <DIR> d-------- C:\DOCUME~1\John\Phone Browser
2007-06-17 22:32 <DIR> d-------- C:\DOCUME~1\John\APPLIC~1\Datalayer
2007-06-17 22:31 <DIR> d-------- C:\DOCUME~1\John\APPLIC~1\Nokia
2007-06-17 22:25 <DIR> d-------- C:\DOCUME~1\John\APPLIC~1\AdobeAUM
2007-06-17 22:14 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-06-17 22:14 <DIR> d-------- C:\Program Files\DIFX
2007-06-17 22:14 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-06-17 22:14 <DIR> d-------- C:\DOCUME~1\John\APPLIC~1\PC Suite
2007-06-17 22:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-06-17 22:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
2007-06-17 22:12 <DIR> d-------- C:\Program Files\Nokia
2007-06-17 22:12 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-06-17 19:55 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-17 18:12 71,316 --a------ C:\VundoFix.exe
2007-06-16 14:10 662 --a------ C:\pmcubosf3.exe
2007-06-16 10:11 <DIR> d-------- C:\WINDOWS\system32\pmcubosf
2007-06-12 20:06 <DIR> d-------- C:\DOCUME~1\John\.housecall6.6
2007-06-11 22:44 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-06-09 23:33 <DIR> d---s---- C:\DOCUME~1\Anne\APPLIC~1\?icrosoft
2007-06-09 23:18 <DIR> d-------- C:\Program Files\Common Files\??crosoft
2007-06-09 23:16 <DIR> d---s---- C:\WINDOWS\system32\M?crosoft
2007-06-09 23:16 <DIR> d-------- C:\Program Files\?icrosoft.NET
2007-06-09 23:16 <DIR> d-------- C:\Program Files\?icrosoft
2007-06-09 23:15 <DIR> d-------- C:\Program Files\A?pPatch
2007-06-09 23:15 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\?asks
2007-06-09 23:14 <DIR> d-------- C:\Program Files\??pPatch
2007-06-09 23:13 <DIR> d-------- C:\WINDOWS\system32\?asks
2007-06-09 23:13 <DIR> d-------- C:\WINDOWS\system32\??pPatch
2007-06-09 23:13 <DIR> d-------- C:\Program Files\??mbols
2007-06-09 23:12 <DIR> d---s---- C:\WINDOWS\system32\?icrosoft
2007-06-09 23:12 <DIR> d-------- C:\WINDOWS\system32\??sks
2007-06-09 23:12 <DIR> d-------- C:\Program Files\Common Files\?icrosoft
2007-06-09 23:12 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\?ssembly
2007-06-09 23:12 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\??crosoft.NET
2007-06-09 23:11 <DIR> dr--s---- C:\WINDOWS\a?sembly
2007-06-09 23:11 <DIR> d---s---- C:\WINDOWS\?asks
2007-06-09 23:11 <DIR> d-------- C:\WINDOWS\system32\F?nts
2007-06-09 23:11 <DIR> d-------- C:\WINDOWS\A?pPatch
2007-06-09 23:11 <DIR> d-------- C:\Program Files\Common Files\?asks
2007-06-09 23:11 <DIR> d-------- C:\Program Files\?asks
2007-06-09 23:11 <DIR> d-------- C:\Program Files\??crosoft.NET
2007-06-09 23:11 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\s?stem32
2007-06-09 23:10 <DIR> dr--s---- C:\WINDOWS\??sembly
2007-06-09 23:10 <DIR> d---s---- C:\WINDOWS\system32\??crosoft
2007-06-09 23:10 <DIR> d---s---- C:\DOCUME~1\Anne\APPLIC~1\??crosoft
2007-06-09 23:10 <DIR> d-------- C:\WINDOWS\system32\??sks
2007-06-09 23:10 <DIR> d-------- C:\WINDOWS\?ymbols
2007-06-09 23:10 <DIR> d-------- C:\WINDOWS\?icrosoft.NET
2007-06-09 23:10 <DIR> d-------- C:\WINDOWS\??stem
2007-06-09 23:10 <DIR> d-------- C:\Program Files\Common Files\?ymantec
2007-06-09 23:10 <DIR> d-------- C:\Program Files\Common Files\??sembly
2007-06-09 23:10 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\F?nts
2007-06-09 23:10 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\?asks
2007-06-09 23:10 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\??pPatch
2007-06-09 23:09 <DIR> d---s---- C:\WINDOWS\??sks
2007-06-09 23:09 <DIR> d-------- C:\WINDOWS\system32\A?pPatch
2007-06-09 23:09 <DIR> d-------- C:\WINDOWS\system32\??pPatch
2007-06-09 23:09 <DIR> d-------- C:\WINDOWS\system32\??crosoft.NET
2007-06-09 23:09 <DIR> d-------- C:\WINDOWS\?dobe
2007-06-09 23:09 <DIR> d-------- C:\WINDOWS\??crosoft
2007-06-09 23:09 <DIR> d-------- C:\Program Files\F?nts
2007-06-09 23:09 <DIR> d-------- C:\Program Files\Common Files\S?mantec
2007-06-09 23:09 <DIR> d-------- C:\Program Files\Common Files\?ystem
2007-06-09 23:09 <DIR> d-------- C:\Program Files\Common Files\?dobe
2007-06-09 23:09 <DIR> d-------- C:\Program Files\Common Files\??curity
2007-06-09 23:09 <DIR> d-------- C:\Program Files\Common Files\??crosoft.NET
2007-06-09 23:09 <DIR> d-------- C:\Program Files\?ecurity
2007-06-09 23:09 <DIR> d-------- C:\Program Files\?asks
2007-06-09 23:09 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\S?mantec
2007-06-09 23:09 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\?ymbols
2007-06-09 23:09 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\??crosoft.NET
2007-06-09 23:08 <DIR> d-a------ C:\WINDOWS\??stem32
2007-06-09 23:08 <DIR> d---s---- C:\WINDOWS\system32\??crosoft
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\W?nSxS
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\system32\s?stem32
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\system32\s?stem
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\system32\?ymantec
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\system32\?icrosoft.NET
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\system32\??crosoft.NET
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\s?mbols
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\?ecurity
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\??pPatch
2007-06-09 23:08 <DIR> d-------- C:\Program Files\F?nts
2007-06-09 23:08 <DIR> d-------- C:\Program Files\Common Files\s?stem32
2007-06-09 23:08 <DIR> d-------- C:\Program Files\Common Files\?ecurity
2007-06-09 23:08 <DIR> d-------- C:\Program Files\Common Files\??stem32
2007-06-09 23:08 <DIR> d-------- C:\Program Files\Common Files\??sks
2007-06-09 23:08 <DIR> d-------- C:\Program Files\Common Files\??crosoft
2007-06-09 23:08 <DIR> d-------- C:\Program Files\?racle
2007-06-09 23:08 <DIR> d-------- C:\Program Files\?icrosoft
2007-06-09 23:08 <DIR> d-------- C:\Program Files\?dobe
2007-06-09 23:08 <DIR> d-------- C:\Program Files\??sks
2007-06-09 23:08 <DIR> d-------- C:\Program Files\??curity
2007-06-09 23:08 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\??sembly
2007-06-09 23:07 <DIR> d-a------ C:\WINDOWS\?ystem32
2007-06-09 23:07 <DIR> d---s---- C:\WINDOWS\?asks
2007-06-09 23:07 <DIR> d-------- C:\WINDOWS\system32\?ymbols
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-17 21:09:18 -------- d-----w C:\DOCUME~1\John\APPLIC~1\Azureus
2007-06-16 19:32:28 -------- d-----w C:\Program Files\Virtools
2007-06-16 19:22:29 -------- d-----w C:\Program Files\Viewpoint
2007-06-16 08:27:20 -------- d-----w C:\Program Files\Common Files\Command Software
2007-06-12 20:18:41 -------- d-----w C:\Program Files\Common Files\PestPatrol
2007-06-09 22:18:57 -------- d-----w C:\Program Files\Common Files\??crosoft
2007-06-09 22:16:57 -------- d-----w C:\Program Files\?icrosoft.NET
2007-06-09 22:16:23 -------- d-----w C:\Program Files\?icrosoft
2007-06-09 22:14:39 -------- d-----w C:\Program Files\??pPatch
2007-06-09 22:13:58 -------- d-----w C:\Program Files\??mbols
2007-06-09 22:12:16 -------- d-----w C:\Program Files\Common Files\?icrosoft
2007-06-09 22:11:39 -------- d-----w C:\Program Files\Common Files\?asks
2007-06-09 22:11:25 -------- d-----w C:\Program Files\?asks
2007-06-09 22:11:18 -------- d-----w C:\Program Files\??crosoft.NET
2007-06-09 22:10:24 -------- d-----w C:\Program Files\Common Files\?ymantec
2007-06-09 22:10:21 -------- d-----w C:\Program Files\Common Files\??sembly
2007-06-09 22:09:53 -------- d-----w C:\Program Files\Common Files\??curity
2007-06-09 22:09:31 -------- d-----w C:\Program Files\Common Files\??crosoft.NET
2007-06-09 22:09:23 -------- d-----w C:\Program Files\?asks
2007-06-09 22:09:22 -------- d-----w C:\Program Files\?ecurity
2007-06-09 22:09:09 -------- d-----w C:\Program Files\Common Files\?dobe
2007-06-09 22:09:06 -------- d-----w C:\Program Files\Common Files\?ystem
2007-06-09 22:08:53 -------- d-----w C:\Program Files\Common Files\??crosoft
2007-06-09 22:08:48 -------- d-----w C:\Program Files\?icrosoft
2007-06-09 22:08:47 -------- d-----w C:\Program Files\??curity
2007-06-09 22:08:43 -------- d-----w C:\Program Files\?dobe
2007-06-09 22:08:31 -------- d-----w C:\Program Files\Common Files\??sks
2007-06-09 22:08:31 -------- d-----w C:\Program Files\??sks
2007-06-09 22:08:15 -------- d-----w C:\Program Files\Common Files\??stem32
2007-06-09 22:08:09 -------- d-----w C:\Program Files\Common Files\?ecurity
2007-06-09 22:08:07 -------- d-----w C:\Program Files\?racle
2007-06-09 22:07:51 -------- d-----w C:\Program Files\Common Files\?racle
2007-06-09 22:07:50 -------- d-----w C:\Program Files\??pPatch
2007-06-09 22:07:40 -------- d-----w C:\Program Files\??crosoft.NET
2007-06-09 22:07:38 -------- d-----w C:\Program Files\?ymbols
2007-06-09 22:07:37 -------- d-----w C:\Program Files\Common Files\??crosoft.NET
2007-06-09 22:07:26 -------- d-----w C:\Program Files\Common Files\?icrosoft
2007-06-09 22:07:14 -------- d-----w C:\Program Files\?icrosoft.NET
2007-06-09 22:07:03 -------- d-----w C:\Program Files\Common Files\??pPatch
2007-06-09 22:07:01 -------- d-----w C:\Program Files\??crosoft
2007-06-09 22:06:53 -------- d-----w C:\Program Files\Common Files\?dobe
2007-06-09 22:06:27 -------- d-----w C:\Program Files\Common Files\?icrosoft.NET
2007-06-09 22:06:22 -------- d-----w C:\Program Files\??crosoft
2007-06-09 22:06:21 -------- d-----w C:\Program Files\Common Files\??sks
2007-06-09 22:06:20 -------- d-----w C:\Program Files\Common Files\??mbols
2007-06-09 22:06:15 -------- d-----w C:\Program Files\?ystem
2007-06-09 22:06:13 -------- d-----w C:\Program Files\?ppPatch
2007-06-09 22:06:07 -------- d-----w C:\Program Files\Common Files\??mantec
2007-06-09 22:06:05 -------- d-----w C:\Program Files\?ystem32
2007-06-09 22:06:04 -------- d-----w C:\Program Files\Common Files\?ppPatch
2007-06-09 22:06:00 -------- d-----w C:\Program Files\??sks
2007-06-09 22:05:57 -------- d-----w C:\Program Files\?racle
2007-06-09 22:05:49 -------- d-----w C:\Program Files\Common Files\??stem
2007-06-09 22:05:47 -------- d-----w C:\Program Files\Common Files\??pPatch
2007-06-09 22:05:45 -------- d-----w C:\Program Files\Common Files\?icrosoft.NET
2007-06-09 22:05:42 -------- d-----w C:\Program Files\?ssembly
2007-06-09 22:05:41 -------- d-----w C:\Program Files\?ymantec
2007-06-09 22:05:36 -------- d-----w C:\Program Files\??mantec
2007-06-09 22:05:31 -------- d-----w C:\Program Files\Common Files\?racle
2007-06-09 22:05:29 -------- d-----w C:\Program Files\??sembly
2007-06-09 22:05:26 -------- d-----w C:\Program Files\?ppPatch
2007-06-09 22:05:25 -------- d-----w C:\Program Files\?dobe
2007-06-09 22:05:16 -------- d-----w C:\Program Files\Common Files\?ssembly
2007-06-09 22:05:15 -------- d-----w C:\Program Files\Common Files\?ppPatch
2007-06-09 22:05:13 -------- d-----w C:\Program Files\??stem32
2007-06-09 22:05:07 -------- d-----w C:\Program Files\Common Files\?ymbols
2007-06-09 22:04:59 -------- d-----w C:\Program Files\Common Files\?asks
2007-06-09 22:04:57 -------- d-----w C:\Program Files\??stem
2007-06-09 22:04:52 -------- d-----w C:\Program Files\Common Files\?ystem32
2007-05-16 15:12:02 683,520 ------w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 21:13:18 -------- d-----w C:\Program Files\Your Syndicate Manager
2007-05-10 11:23:44 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-04-27 18:07:48 79,384 ----a-w C:\WINDOWS\system32\avmontr.dll
2007-04-27 17:49:12 840,352 ----a-w C:\WINDOWS\system32\drivers\css-dvp.sys
2007-04-25 18:20:57 -------- d-----w C:\DOCUME~1\John\APPLIC~1\AdobeUM
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-23 05:07:56 1,683,280 ----a-w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 05:07:54 583,504 ----a-w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-22 19:25:02 124,928 ----a-w C:\WINDOWS\system32\prntvpt.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03 23:17]
{3C060EA2-E6A9-4E49-A530-D4657B8C449A}=C:\Program Files\blueyonder\PCguard\pkR.dll [2006-05-01 13:41]
{56071E0D-C61B-11D3-B41C-00E02927A304}=C:\Program Files\blueyonder\PCguard\FBHR.dll [2006-05-01 13:41]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-03 01:05]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AE7CD045-E861-484f-8273-0445EE161910}=F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 02:03]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FLMLABTECMOUSE"="C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe" [2004-12-13 23:02]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"MISAggregator"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"NWEReboot"="" []
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 05:41]
"nwiz"="nwiz.exe" [2005-12-10 04:06 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 17:53 C:\WINDOWS\SOUNDMAN.EXE]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 16:06 C:\WINDOWS\system32\ptipbmf.dll]
"PVR Agent"="C:\Program Files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe" [2005-07-05 19:25]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 15:09]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-04 23:38]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15]
"HP Software Update"="F:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10]
"eFax 4.1"="C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" [2005-12-17 00:59]
"PCguardadvisor.exe"="C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe" [2006-04-28 15:27]
"PCguard"="C:\Program Files\blueyonder\PCguard\Rps.exe" [2006-05-01 13:43]
"five Media Manager Tray"="C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe" [2006-07-30 11:25]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [2005-06-14 16:23]
"SaiMfd"="C:\Program Files\Saitek\Software\SaiMfd.exe" [2005-06-17 20:02]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 01:12]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MS Office32cb Startup"=OfficeGUI32cb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winlvv32]
winlvv32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.1.lnk]
backup=C:\WINDOWS\pss\eFax 4.1.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Phone Connection Monitor.lnk]
backup=C:\WINDOWS\pss\Phone Connection Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MediaFace Integration"=F:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
Contents of the 'Scheduled Tasks' folder
2005-02-16 22:41:46 C:\WINDOWS\tasks\1 Copernic Intra-Daily ~HOME-PC Anne.job
2005-12-04 20:43:01 C:\WINDOWS\tasks\1 Copernic Intra-Daily ~HOME-PC John.job
2007-06-08 16:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job
2005-02-16 22:41:46 C:\WINDOWS\tasks\2 Copernic Daily ~HOME-PC Anne.job
2005-12-04 20:43:01 C:\WINDOWS\tasks\2 Copernic Daily ~HOME-PC John.job
2005-02-16 22:41:46 C:\WINDOWS\tasks\3 Copernic Weekly ~HOME-PC Anne.job
2005-12-04 20:43:01 C:\WINDOWS\tasks\3 Copernic Weekly ~HOME-PC John.job
2005-02-16 22:41:46 C:\WINDOWS\tasks\4 Copernic Monthly ~HOME-PC Anne.job
2005-12-04 20:43:01 C:\WINDOWS\tasks\4 Copernic Monthly ~HOME-PC John.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-06-18 19:57:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
cmd.exe [3224]
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
Completion time: 2007-06-18 19:58:07
C:\ComboFix-quarantined-files.txt ... 2007-06-18 19:57
C:\ComboFix2.txt ... 2007-06-17 20:17
--- E O F ---
HIGHJACKTHIS LOG
Logfile of HijackThis v1.99.1
Scan saved at 20:12, on 2007-06-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe
C:\Program Files\blueyonder\PCguard\Rps.exe
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaServer.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\blueyonder\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [PCguardadvisor.exe] "C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe"
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\blueyonder\PCguard\Rps.exe"
O4 - HKLM\..\Run: [five Media Manager Tray] "C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe" /CustomId:five
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List -
res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print -
res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview -
res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print -
res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Search Using Copernic Agent -
res://F:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - blank (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - blank (file missing)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - blank (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader -
http://www.miniclip.com/haphazard/rapti ... loader.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) -
http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/download/ipixx.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) -
http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} -
http://www.miniclip.com/inflaterball/mi ... Loader.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
http://www.cult3d.com/download/cult.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) -
http://www.miniclip.com/ricochet/Reflex ... Loader.cab
O16 - DPF: {46431044-1B22-4EF3-B333-863AAF310153} (five Class) -
http://www.download.five.tv/Download/five_3_4_0_8.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) -
http://www.amiuptodate.com/vsc/bin/1,0, ... Portal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v ... 2779681543
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 7678277405
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) -
http://www.download.five.tv/Download/En ... Silent.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} -
http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winlvv32 - winlvv32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe (file missing)
HOPE I HAVE FOLLOWED YOUR INSTRUCTIONS CORRECTLY.
RGDS JONKED