Here is the ComboFit log and new Hijack log:
ComboFix 08-06-20.4 - Edward M. Donnelly 2008-06-29 11:30:26.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.261 [GMT -4:00]
Running from: C:\Documents and Settings\Edward M. Donnelly\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Edward M. Donnelly\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
C:\WINDOWS\didduid.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SYSREST.SYS
-------\Service_sysrest.sys
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.
2008-06-29 03:47 . 2008-06-29 03:47 <DIR> d-------- C:\Documents and Settings\Edward M. Donnelly\Application Data\AXPFixer
2008-06-29 03:46 . 2008-06-29 03:47 <DIR> d-------- C:\Program Files\AXPFixer
2008-06-27 23:21 . 2008-06-27 23:21 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-27 23:21 . 2008-06-27 23:21 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-27 23:21 . 2008-06-27 23:21 <DIR> d-------- C:\Documents and Settings\Edward M. Donnelly\Application Data\PC Tools
2008-06-27 23:21 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-06-27 23:21 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-27 23:21 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-27 23:21 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-27 23:21 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-27 22:57 . 2008-06-27 22:57 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-06-27 21:41 . 2008-06-27 21:40 23,040 --a------ C:\WINDOWS\system32\sysrest32.exe
2008-06-27 21:41 . 2008-06-28 11:08 15,328 --a------ C:\WINDOWS\system32\sysrest.sys
2008-06-27 09:51 . 2008-06-27 09:51 <DIR> d-------- C:\Deckard
2008-06-27 09:10 . 2008-06-27 09:10 <DIR> d-------- C:\Documents and Settings\Edward M. Donnelly\Application Data\rhcacnj0e91g
2008-06-27 09:10 . 2008-06-29 11:41 94,208 --a------ C:\WINDOWS\system32\pphcecnj0e91g.exe
2008-06-27 09:09 . 2008-06-27 09:10 <DIR> d-------- C:\Program Files\rhcacnj0e91g
2008-06-27 09:09 . 2008-06-27 09:09 34,304 --a------ C:\WINDOWS\system32\lphcecnj0e91g.exe
2008-06-11 08:22 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 14:12 . 2008-06-10 14:12 <DIR> d-------- C:\Documents and Settings\Edward M. Donnelly\Application Data\Viewpoint
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 14:16 --------- d-----w C:\Program Files\Trend Micro
2008-06-27 13:29 --------- d-----w C:\Program Files\Total PDF Converter
2008-06-27 13:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-09 00:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 00:24 --------- d-----w C:\Program Files\NETGEAR
2008-05-09 00:20 --------- d-----w C:\Program Files\Linksys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-29 02:39 --------- d-----w C:\Program Files\iTunes
2008-04-29 02:39 --------- d-----w C:\Program Files\iPod
2008-04-29 02:35 --------- d-----w C:\Program Files\QuickTime
2008-04-29 02:27 --------- d-----w C:\Program Files\Apple Software Update
2007-01-04 01:58 84,024 ----a-w C:\Documents and Settings\Edward M. Donnelly\Application Data\GDIPFONTCACHEV1.DAT
2004-05-09 20:56 28 ----a-w C:\Documents and Settings\Edward M. Donnelly\Application Data\tvmcwrd.dll
2004-05-09 03:05 146,708 ----a-w C:\Documents and Settings\Edward M. Donnelly\Application Data\tvmknwrd.dll
2002-08-29 12:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 07:56 50,688 --sh--w C:\WINDOWS\twain_32.dll
2006-06-30 03:47 32 --sha-w C:\WINDOWS\{7C9D86C9-1B77-49ED-ABD1-E617D69BFFD6}.dat
2006-06-30 03:49 32 --sha-w C:\WINDOWS\{82A4CC2A-26F7-4411-AE3D-1C3A538CF610}.dat
2006-06-30 03:46 32 --sha-w C:\WINDOWS\{942B0ADF-2533-47B2-B7C0-5260E8ECC86C}.dat
2006-06-30 03:46 32 --sha-w C:\WINDOWS\{B8447E77-4739-4E79-934C-E069A109BA7D}.dat
2006-06-30 03:48 32 --sha-w C:\WINDOWS\{C66E0750-3FFE-424B-9770-A397C5F2397E}.dat
2006-06-30 03:46 32 --sha-w C:\WINDOWS\{CA0A526B-F904-4AAA-87EA-052DEBDEDCA8}.dat
2004-08-04 07:56 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-04 07:56 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 07:56 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe
2006-06-30 03:48 32 --sha-w C:\WINDOWS\system32\{20260041-C20F-477D-88DC-E8AF5B38C2DC}.dat
2006-06-30 03:49 32 --sha-w C:\WINDOWS\system32\{2EBDAA44-E934-4241-8BE9-8577D03A8AB4}.dat
2006-06-30 03:46 32 --sha-w C:\WINDOWS\system32\{41893581-D36F-4324-A607-3551BC696EFC}.dat
2006-06-30 03:47 32 --sha-w C:\WINDOWS\system32\{75D1AE9F-D86E-4873-BCB9-6D6C5B37BF3E}.dat
2006-06-30 03:46 32 --sha-w C:\WINDOWS\system32\{A6D2417F-6DC9-4F6D-86B9-F05BA2AE64A8}.dat
2006-06-30 03:46 32 --sha-w C:\WINDOWS\system32\{DEF13665-1786-4196-8581-733BF72FE3B4}.dat
.
------- Sigcheck -------
2002-08-29 08:00 12800 0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-04 03:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
md5deep: C:\WINDOWS\system32\svchost.exe: error at offset 0: Permission denied
2002-08-29 08:00 516608 2246d8d8f4714a2cedb21ab9b1849abb C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-04 03:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
md5deep: C:\WINDOWS\system32\winlogon.exe: error at offset 0: Permission denied
md5deep: C:\WINDOWS\explorer.exe: error at offset 0: Permission denied
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2003-05-11 21:12 996352 a73bc66a95cf4f7b597fc8975778a889 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2002-08-29 08:00 1004032 a82b28bfc2e4455fe43022a498c0ef0a C:\WINDOWS\$NtUninstallKB820291$\explorer.exe
2004-08-04 03:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-04 03:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2002-08-29 08:00 101376 e3df4a0252d287c44606ee55355e1623 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-04 03:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\ServicePackFiles\i386\services.exe
md5deep: C:\WINDOWS\system32\services.exe: error at offset 0: Permission denied
2002-08-29 08:00 11776 b2b6ba905d0e3f8a32a0eb3b4051807b C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-04 03:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
md5deep: C:\WINDOWS\system32\lsass.exe: error at offset 0: Permission denied
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-06 16:50 50528]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"gi1825060051"="C:\DOCUME~1\EDWARD~1.DON\LOCALS~1\Temp\giR863NT.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-08-01 11:22 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-08-01 11:21 618496]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 20:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-11-15 21:59 294912]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2002-11-08 19:00 61440]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 14:29 40960]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-09 22:45 28672]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 22:22 50880]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 22:23 34504]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-06-28 15:53 100056]
"Linksys Wireless-N Notebook Adapter"="C:\Program Files\Linksys\Wireless-N Network Monitor\WPC300N.exe" [2006-04-28 06:55 36864]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"lphcecnj0e91g"="C:\WINDOWS\system32\lphcecnj0e91g.exe" [2008-06-27 09:09 34304]
"SMrhcacnj0e91g"="C:\Program Files\rhcacnj0e91g\rhcacnj0e91g.exe" [2008-06-27 05:13 1214976]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 15:47 847872]
"AXPFixer"="C:\Program Files\AXPFixer\AXPFixer.exe" [2008-05-19 14:03 1564672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="C:\WINDOWS\system32\msiexec.exe" [2005-03-21 15:00 78848]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HPAiODevice(hp officejet 7100 series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe [2002-11-23 16:55:48 495682]
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2008-05-08 20:24:12 745472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"MgEThRck"= {A004ACC7-0AAE-066D-48C9-493E99985935} - C:\WINDOWS\system32\pic.dll [2007-04-16 11:52 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\system32\\sysrest32.exe"=
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 11:43]
R2 NICSer_WPC300N;NICSer_WPC300N;C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe [2003-11-13 14:29]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 23:28]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 14:52]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2002-08-20 15:59]
S3 LSWPCv4;Wireless-B Notebook Adapter Driver;C:\WINDOWS\system32\DRIVERS\LSRTNDS.SYS []
S3 PinnacleMovieBox;Pinnacle Systems MovieBox USB Device;C:\WINDOWS\system32\DRIVERS\PcleMBox.sys [2003-04-03 14:00]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 17:53]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 08:57]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3092590-d7c5-11da-bb61-000c412eddb6}]
\Shell\AutoRun\command - F:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-06-24 03:18:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-09 21:30:19 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- D:\Program Files\Norton SystemWorks\OBC.exe
"2008-06-29 15:41:58 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-29 11:41:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
C:\WINDOWS\explorer.exe [1724] 0x82CDFDA0
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVAPSVC.EXE
D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
D:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
D:\Program Files\Microsoft Office\Office10\MSOFFICE.EXE
C:\Program Files\Linksys\Wireless-N Network Monitor\OdHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\WINDOWS\system32\pphcecnj0e91g.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-06-29 11:49:22 - machine was rebooted [Edward M. Donnelly]
ComboFix-quarantined-files.txt 2008-06-29 15:49:08
Pre-Run: 3,946,856,448 bytes free
Post-Run: 3,997,454,336 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
216 --- E O F --- 2008-06-19 23:20:10
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:02 AM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe
D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\WPC300N.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphcecnj0e91g.exe
C:\Program Files\rhcacnj0e91g\rhcacnj0e91g.exe
C:\Program Files\AXPFixer\AXPFixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
D:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Linksys\Wireless-N Network Monitor\OdHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\pphcecnj0e91g.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customi ... earch.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customi ... .yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Linksys Wireless-N Notebook Adapter] C:\Program Files\Linksys\Wireless-N Network Monitor\WPC300N.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lphcecnj0e91g] C:\WINDOWS\system32\lphcecnj0e91g.exe
O4 - HKLM\..\Run: [SMrhcacnj0e91g] C:\Program Files\rhcacnj0e91g\rhcacnj0e91g.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [AXPFixer] C:\Program Files\AXPFixer\AXPFixer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US
ee://aol/imAppO4 - HKCU\..\RunOnce: [gi1825060051] "C:\DOCUME~1\EDWARD~1.DON\LOCALS~1\Temp\giR863NT.exe" /resume:"C:\DOCUME~1\EDWARD~1.DON\LOCALS~1\Temp\30R85SNL" /exename:"C:\Documents and Settings\Edward M. Donnelly\Local Settings\Temporary Internet Files\Content.IE5\JHGN16JR\Free-SpyHunter-Scanner-Install[1].exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Contains -
O16 - DPF: DownloadInformation -
O16 - DPF: InstalledVersion -
O21 - SSODL: MgEThRck - {A004ACC7-0AAE-066D-48C9-493E99985935} - C:\WINDOWS\system32\pic.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC300N - Unknown owner - C:\Program Files\Linksys\Wireless-N Network Monitor\NICServ.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 11725 bytes
It apprears that both viruses have been removed. They are not showing up on my screen. Thank you so much. I hope that I am not jumping the gun. Ed