You all are lifesavers... thank you!!
Here are the 2 new logs you requested. Let me know what's next.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:40, on 2008-08-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPDCLNT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Registry Mechanic\regmech.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customi ... ch/ie.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eligmini] C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe 0
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\regmech.exe /H
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-21-3244575127-1134473960-4047211624-1008\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Kristen Rutherford')
O4 - HKUS\S-1-5-21-3244575127-1134473960-4047211624-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Kristen Rutherford')
O4 - HKUS\S-1-5-21-3244575127-1134473960-4047211624-1009\..\Run: [Sonic RecordNow!] (User 'Riley Rutherford')
O4 - HKUS\S-1-5-21-3244575127-1134473960-4047211624-500\..\Run: [Sonic RecordNow!] (User 'Administrator')
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=58813O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?LinkId= ... lcid=0x409O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://www2.snapfish.com/SnapfishActivia.cabO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/activex ... -0-3-9.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/share ... insctl.cabO16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) -
http://www.winkflash.com/photo/loaders/ ... oader4.cabO16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) -
http://web1.shutterfly.com/downloads/Uploader.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.mcafee.com/molbin/share ... cgdmgr.cabO16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
http://photos.yahoo.com/ocx/us/yexplorer1_9us.cabO16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) -
http://www.ffps.org/Upload/XUpload.ocxO20 - AppInit_DLLs: lckdvs.dll llmddk.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: F-Secure Installer restarter (FSIHS) - Unknown owner - C:\DOCUME~1\JASONR~1\LOCALS~1\Temp\Installer\00000001\bootstrap\fsihs.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Firewall - Networks Associates, Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
--
End of file - 10543 bytes
ComboFix 08-08-15.04 - Jason Rutherford 2008-08-16 9:08:32.1 - NTFSx86
Running from: C:\Documents and Settings\Jason Rutherford\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Jason Rutherford\Application Data\macromedia\Flash Player\#SharedObjects\YWHFVL7D\interclick.com
C:\Documents and Settings\Jason Rutherford\Application Data\macromedia\Flash Player\#SharedObjects\YWHFVL7D\interclick.com\ud.sol
C:\Documents and Settings\Jason Rutherford\Application Data\macromedia\Flash Player\#SharedObjects\YWHFVL7D\www.broadcaster.com
C:\Documents and Settings\Jason Rutherford\Application Data\macromedia\Flash Player\#SharedObjects\YWHFVL7D\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Jason Rutherford\Application Data\macromedia\Flash Player\#SharedObjects\YWHFVL7D\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Jason Rutherford\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Jason Rutherford\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Jason Rutherford\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Jason Rutherford\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Jason Rutherford\Cookies\jason_rutherford@ad.yieldmanager[2].txt
C:\Documents and Settings\Jason Rutherford\Cookies\jason_rutherford@facebook[1].txt
C:\Documents and Settings\Jason Rutherford\Cookies\jason_rutherford@revsci[2].txt
C:\Documents and Settings\Jason Rutherford\Cookies\jason_rutherford@vendorweb.citibank[1].txt
C:\Documents and Settings\Jason Rutherford\Cookies\jason_rutherford@webbanking.comerica[2].txt
C:\Documents and Settings\Jason Rutherford\Cookies\jason_rutherford@yahoo[1].txt
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\WINDOWS\cs_cache.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\SYSTEM32\kdtwkbwm.ini
C:\WINDOWS\system32\lajivxls.ini
C:\WINDOWS\system32\lckdvs.dll
C:\WINDOWS\system32\llmddk.dll
C:\WINDOWS\SYSTEM32\mSstvyxx.ini
C:\WINDOWS\SYSTEM32\mSstvyxx.ini2
C:\WINDOWS\SYSTEM32\pyutbula.ini
C:\WINDOWS\system32\system
C:\WINDOWS\system32\system\mcafeepf.dll
C:\WINDOWS\system32\uninstall.exe
C:\WINDOWS\system32\vrtmoewd.ini
C:\WINDOWS\wnslvxtf.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))
.
2008-08-12 23:43 . 2008-05-01 09:30 331,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msadce.dll
2008-08-12 22:56 . 2008-08-12 22:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-11 22:32 . 2008-08-11 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-08-11 22:31 . 2008-08-11 21:55 160,792 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pctfw2.sys
2008-08-11 01:17 . 2008-08-11 22:31 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-08-10 23:01 . 2008-08-16 09:29 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-10 23:01 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2008-08-10 23:01 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2008-08-10 23:01 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2008-08-10 23:01 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2008-08-10 23:00 . 2008-08-13 08:08 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-08-10 23:00 . 2008-08-10 23:00 <DIR> d-------- C:\Documents and Settings\Jason Rutherford\Application Data\PC Tools
2008-08-10 12:18 . 2008-08-10 12:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-08-09 17:32 . 2008-08-09 17:32 <DIR> d-------- C:\Documents and Settings\Riley Rutherford\Application Data\HP
2008-08-09 17:13 . 2004-02-23 18:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-08-09 17:13 . 2008-08-11 01:55 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-05 21:24 . 2008-08-16 09:27 2,206 --a------ C:\WINDOWS\SYSTEM32\wpa.dbl
2008-08-04 22:51 . 2008-08-04 22:52 <DIR> d-------- C:\Temp\scavenger hunt
2008-08-03 12:42 . 2008-08-03 12:42 <DIR> d-------- C:\WINDOWS\SYSTEM32\NtmsData
2008-08-01 20:02 . 2008-06-23 11:57 6,066,176 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-08-01 20:02 . 2007-04-17 04:32 2,455,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2008-08-01 20:02 . 2007-03-08 00:10 991,232 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2008-08-01 20:02 . 2008-06-23 11:57 459,264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2008-08-01 20:02 . 2008-06-23 11:57 383,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2008-08-01 20:02 . 2008-06-23 11:57 267,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2008-08-01 20:02 . 2008-06-23 11:57 63,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2008-08-01 20:02 . 2008-06-23 11:57 52,224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2008-08-01 20:02 . 2008-06-23 04:20 13,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-08-01 19:35 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\SYSTEM32\javaee.dll
2008-07-24 23:45 . 2008-07-24 23:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-15 23:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-08-05 03:48 --------- d-----w C:\Documents and Settings\Jason Rutherford\Application Data\Image Zone Express
2008-08-03 17:36 --------- d-----w C:\Program Files\Canon
2008-08-02 01:24 --------- d-----w C:\Program Files\BroadJump
2008-08-02 01:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-02 01:19 --------- d-----w C:\Program Files\Java
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2007-09-03 21:10 0 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2007-08-22 04:25 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\regmech.exe" [2008-07-08 16:41 2828184]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 18:43 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 23:32 53248]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-02-23 18:33 151597]
"McAfee Guardian"="C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" [2002-05-28 06:02 142336]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-12-17 23:00 90112]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19 129536]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2005-04-22 20:49 397312]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59 126976]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"eligmini"="C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe" [2008-04-03 08:56 487424]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-20 13:20 155648]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 22:08 95504]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2002-01-09 22:53:14 200704]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-04-09 06:56:24 598150]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2002-03-13 05:08:34 16384]
Microsoft Works Calendar Reminders.lnk - C:\WINDOWS\Installer\{0CD3BB5C-BBCA-11D2-8C20-00C04FBBCFF9}\A94AAB13.exe [2006-05-17 21:39:29 30720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=lckdvs.dll llmddk.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
backup=C:\WINDOWS\pss\Microsoft Find Fast.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
backup=C:\WINDOWS\pss\Office Startup.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Jason Rutherford^Start Menu^Programs^Startup^Connection Manager.lnk]
backup=C:\WINDOWS\pss\Connection Manager.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPSExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpecialOffers
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmdprovidersbc
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2003-08-06 02:04 114741 C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-10-19 08:59 126976 C:\WINDOWS\SYSTEM32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-10-19 08:59 155648 C:\WINDOWS\SYSTEM32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-20 13:20 155648 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
--a--c--- 2003-02-13 02:01 155648 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-02-23 18:33 151597 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
--a------ 2006-07-21 17:19 129536 C:\Program Files\Yahoo!\browser\ybrwicon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Registry Mechanic\\RegMech.exe"=
"C:\\Program Files\\Spyware Doctor\\pctsGui.exe"=
R1 pctfw2;pctfw2;C:\WINDOWS\SYSTEM32\DRIVERS\pctfw2.sys [2008-08-11 21:55]
R3 McAfeePF;McAfee Firewall Network Filter Miniport;C:\WINDOWS\system32\DRIVERS\fw220.sys [2001-12-12 02:02]
S2 FSIHS;F-Secure Installer restarter;C:\DOCUME~1\JASONR~1\LOCALS~1\Temp\Installer\
00000001\bootstrap\fsihs.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2004-02-28 C:\WINDOWS\Tasks\ISP signup reminder 1.job
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE [2004-08-04 02:56]
2008-08-16 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (D6ZMCF41-Jason Rutherford).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe []
2008-08-15 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 05:08]
.
- - - - ORPHANS REMOVED - - - -
Notify-awtttuUm - awtttuUm.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Jason Rutherford\Application Data\Mozilla\Firefox\Profiles\i3l5r773.default\
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1111.1511\npCIDetect11.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-16 09:27:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\SYSTEM32\ScsiAccess.EXE
C:\WINDOWS\SYSTEM32\wdfmgr.exe
C:\Program Files\McAfee\McAfee Firewall\cpd.exe
C:\Program Files\McAfee\McAfee Firewall\CPDClnt.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-08-16 9:37:18 - machine was rebooted [Jason Rutherford]
ComboFix-quarantined-files.txt 2008-08-16 14:36:53
Pre-Run: 47,375,745,024 bytes free
Post-Run: 48,129,089,536 bytes free
218 --- E O F --- 2008-08-16 08:03:51