Personal Antivirus

Started getting alerts from Personal Antivirus saying I had tons of viruses and trojans and stuff. Scared the you no what out of me. I did a scan of my computer with my antivirus program and it says its good. Don't know what else to do. The keep popping up saying another thing needs to be blocked. Help Please.

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:13 AM, on 6/20/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\PersonalAV\pav.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
C:\Program Files\CinemaNow\CinemaNow Media Manager\CNRpc.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\windows defender\MSASCui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Users\Christina\iWin Games\iWinGamesHookIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse.com/games/gamehouse/ghplayer.cab
O16 - DPF: {74EF5274-F439-2168-B543-14745B625C72} (CPlayFirstWeddingDasControl Object) - http://www.gamehouse.com/games/WeddingDash2.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/games/mjolauncher.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.gamehouse.com/games/tumblebugs/axhost.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://www.gamehouse.com/games/SpinTopGamesLauncher.cab
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://www.gamehouse.com/games/JBGamePlayer.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.gamehouse.com/games/GoBitGamesPlayer.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/games/zylom/zylomplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06} (CPlayFirstChocolatieControl Object) - http://www.gamehouse.com/games/Chocolatier2.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/games/bonnie/popcaploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A4855E0-B760-4AE6-87AD-6F8DE11CFC73}: Domain = domain.invalid
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Users\Christina\iWin Games\iWinTrusted.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12585 bytes

• Open HijackThis.
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  O1 - Hosts: ::1 localhost
  O17 - HKLM\System\CCS\Services\Tcpip\..\{8A4855E0-B760-4AE6-87AD-6F8DE11CFC73}: Domain = domain.invalid
  
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.38
Database version: 2318
Windows 6.0.6001 Service Pack 1

6/21/2009 9:56:28 AM
mbam-log-2009-06-21 (09-56-28).txt

Scan type: Quick Scan
Objects scanned: 77187
Time elapsed: 3 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Christina\iWin Games\iWinGamesHookIE.dll (Trojan.BHO) -> Delete on reboot.

How is the machine running now?

Good!! Thank you!!! I do have one more question. Does it mean anything that my defender says that I have a Trojan that can't be removed?

Where does it say it found the trojan?

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

I am having the same problem with personal antivirus. I ran hijack this and this is my log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:42 PM, on 21/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\PersonalAV\pav.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Documents and Settings\Mom\Application Data\U3\29068113D3831980\LaunchPad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: &Helper - {A77D3539-581D-450C-9E44-A84C415A6172} - C:\WINDOWS\system32\msxmlm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PersonalAV] C:\Program Files\PersonalAV\pav.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - S-1-5-18 Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'SYSTEM')
O4 - .DEFAULT Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?e4fb3763e8e14c9bbee5b63ea26db8c7
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?e4fb3763e8e14c9bbee5b63ea26db8c7
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223477393736
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex/v2_0_0_11/PCAXSetupv2.0.0.11.cab?
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 9212 bytes

Stewbomb please start your own topic.

It's not letting me save it. It says: Cannot find C:Program Files\Trend Micro\Hijack This\uninstall_list.txt file. Am I doing something wrong. I'm pretty sure I followed all the steps the correct way. I saw everything on there. Is that good or bad? Thanks for the help by the way it's really apprecitated. chooper30

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV. (Mcafee)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouse click combofix's window whilst it's running. That may cause it to stall.
  

Sorry to be a pain. It won't let me post it. It says it's to big. Can I reformat it so can fit?

Please split the log into two posts or more if required.

ComboFix 09-06-21.01 - Christina 06/22/2009 6:54.2 - NTFSx86
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.3062.1955 [GMT -7:00]
Running from: c:\users\Christina\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 )))))))))))))))))))))))))))))))
.

2009-06-22 01:27 . 2009-04-10 18:46 89104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.039\NAVENG.SYS
2009-06-22 01:27 . 2009-04-10 18:46 876144 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.039\NAVEX15.SYS
2009-06-22 01:27 . 2009-04-10 18:46 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.039\EECTRL.SYS
2009-06-22 01:27 . 2009-04-10 18:46 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.039\ERASER.SYS
2009-06-22 01:27 . 2009-04-10 18:46 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.039\NAVENG32.DLL
2009-06-22 01:27 . 2009-04-10 18:46 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.039\NAVEX32A.DLL
2009-06-22 01:27 . 2009-04-10 18:46 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.039\ECMSVR32.DLL
2009-06-22 01:27 . 2009-04-10 18:46 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.039\CCERASER.DLL
2009-06-21 16:51 . 2009-06-21 16:51 -------- d-----w- c:\users\Christina\AppData\Roaming\Malwarebytes
2009-06-21 16:51 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-21 16:51 . 2009-06-21 16:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-21 16:51 . 2009-06-21 16:51 -------- d-----w- c:\programdata\Malwarebytes
2009-06-21 16:51 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-20 18:09 . 2009-06-20 18:09 -------- d-----w- c:\program files\Trend Micro
2009-06-20 17:41 . 2009-06-20 17:53 -------- d-----w- c:\users\Christina\.SunDownloadManager
2009-06-20 05:12 . 2009-06-20 05:12 -------- d-----w- c:\program files\Common Files\Uninstall
2009-06-20 05:11 . 2009-06-20 05:11 -------- d-----w- c:\program files\PersonalAV
2009-06-19 19:14 . 2009-04-10 18:46 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSviA64.sys
2009-06-19 19:14 . 2009-04-10 18:46 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSvix86.sys
2009-06-19 19:14 . 2009-04-10 18:46 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSXpx86.sys
2009-06-19 19:14 . 2009-04-10 18:46 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSxpx86.dll
2009-06-19 19:14 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\Scxpx86.dll
2009-06-16 02:30 . 2009-06-16 02:32 -------- d-----w- c:\programdata\Creative
2009-06-16 02:30 . 2009-06-16 02:30 -------- d--h--w- c:\programdata\{7A246771-272C-415B-B2AB-AE698ADB7EEB}
2009-06-16 02:30 . 2008-06-17 01:40 2354414 ----a-w- c:\programdata\{7A246771-272C-415B-B2AB-AE698ADB7EEB}\setup.exe
2009-06-16 02:30 . 2006-10-06 21:17 53248 ------w- c:\windows\Ctregrun.exe
2009-06-16 02:29 . 2009-06-16 02:30 -------- d-----w- c:\program files\Creative
2009-06-13 18:49 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-13 18:49 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-13 18:26 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-13 18:26 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-13 18:24 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-13 18:06 . 2009-06-13 18:06 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbF410.tmp.exe
2009-06-08 16:49 . 2009-06-08 16:49 758088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-07 05:18 . 2009-06-08 13:06 -------- d-----w- c:\users\Christina\AppData\Local\SpookyManor
2009-06-07 02:11 . 2009-06-08 14:02 -------- d-----w- c:\programdata\MysteryChronicles
2009-06-07 02:09 . 2009-06-07 02:09 -------- d-----w- c:\program files\Mystery Chronicles - Murder Among Friends
2009-06-03 22:07 . 2009-06-03 22:07 -------- d-----w- c:\program files\iPod
2009-06-03 22:07 . 2009-06-03 22:07 -------- d-----w- c:\program files\iTunes
2009-06-03 22:05 . 2009-06-19 17:15 -------- d-----w- c:\program files\QuickTime
2009-06-03 21:59 . 2009-06-03 21:59 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-26 21:29 . 2009-06-21 16:58 -------- d-----w- c:\users\Christina\iWin Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-22 13:58 . 2009-06-22 13:26 0 ----a-w- c:\windows\system32\msxmlm.dll.tmp
2009-06-20 16:23 . 2008-04-13 00:38 88328 ----a-w- c:\users\Christina\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-20 12:09 . 2008-07-07 18:44 -------- d-----w- c:\users\Christina\AppData\Roaming\LimeWire
2009-06-16 02:28 . 2007-11-18 11:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-15 22:26 . 2008-04-13 18:37 5584 ----a-w- c:\users\Christina\AppData\Roaming\wklnhst.dat
2009-06-14 07:38 . 2007-11-18 11:29 -------- d-----w- c:\program files\Microsoft Works
2009-06-14 07:38 . 2008-04-13 02:32 -------- d-----w- c:\programdata\Microsoft Help
2009-06-03 22:07 . 2008-10-12 15:56 -------- d-----w- c:\program files\Common Files\Apple
2009-05-26 21:29 . 2008-06-25 08:14 -------- d-----w- c:\programdata\iWin Games
2009-05-16 13:52 . 2009-05-16 13:52 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-16 04:40 . 2009-05-10 01:26 -------- d-----w- c:\program files\GameMill Entertainment
2009-05-10 01:21 . 2009-05-10 01:20 -------- d-----w- c:\programdata\PopCap Games
2009-05-10 01:21 . 2009-04-06 00:52 -------- d-----w- c:\programdata\SpinTop Games
2009-05-10 01:21 . 2008-07-14 00:26 -------- d-----w- c:\program files\PopCap Games
2009-05-03 06:19 . 2009-05-03 06:19 -------- d-----w- c:\programdata\HP Product Assistant
2009-05-03 06:16 . 2009-05-03 06:16 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-05-03 06:16 . 2009-05-03 06:16 315392 ----a-w- c:\windows\HideWin.exe
2009-05-03 06:16 . 2009-05-03 06:16 -------- d-----w- c:\program files\Realtek
2009-05-03 05:57 . 2009-05-03 05:57 -------- d-----w- c:\program files\Intel
2009-05-03 05:57 . 2009-05-03 05:57 -------- d-----w- c:\users\Christina\AppData\Roaming\WinBatch
2009-04-10 18:47 . 2009-04-10 18:47 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-26 00:46 . 2009-03-26 00:46 98304 ----a-w- c:\users\Christina\AppData\Roaming\LimeWire\browser\xulrunner\smime3.dll
2008-06-25 00:48 . 2008-06-25 00:48 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-22_13.26.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-06-22 13:27 50470 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2009-06-22 12:56 78764 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-06-22 13:27 78764 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-13 01:22 . 2009-06-22 13:27 12300 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2346018145-2267827550-2019775581-1000_UserData.bin
+ 2006-11-02 10:33 . 2009-06-22 13:31 604214 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-22 12:58 604214 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-06-22 13:31 105170 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-06-22 12:58 105170 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-10-17 4347120]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-05-28 401408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"DT HPW"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-30 278528]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-26 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-26 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-03 178712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-07-03 6266880]

c:\users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{ADF403AE-14A0-454B-8D08-F241D4DD0239}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{3ADC0D61-0236-4732-9C98-BC859CCD336F}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{16AB5610-7CEE-4D33-B3AA-4DEF4CC1ABCD}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{43DD6BF7-7628-47FD-89C5-03996974329B}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0B1D2605-F23B-4B15-AD92-72A6A8E43CCB}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{00E98F33-552B-497D-9152-1E4AA7E3D66D}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{190EFC28-BBAB-42B7-B1A7-6C9F98CF122C}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{FA167C38-2B8A-4F8D-AE9E-9851D3637FF9}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1CC78A3B-0FEA-4F9D-A3BC-0CB35FEFC8E9}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C67201BF-04A0-4008-BB53-9B6DA4A4FD15}"= UDP:c:\users\Christina\iWin Games\iWinGames.exe:iWin Games application.
"{AC5C028F-76B6-4B30-9E44-302158D4798A}"= TCP:c:\users\Christina\iWin Games\iWinGames.exe:iWin Games application.
"{1509824B-75E3-442D-B790-C9DB437B2B0C}"= UDP:c:\users\Christina\iWin Games\WebUpdater.exe:iWin Games updater.
"{77A34E9B-255A-4BC6-8D1B-006ECC9317BA}"= TCP:c:\users\Christina\iWin Games\WebUpdater.exe:iWin Games updater.
"{96150C3B-F5A8-49E3-9649-B51CCBC60C55}"= UDP:c:\users\Christina\Download music\LimeWire\LimeWire.exe:LimeWire
"{DACE4BFD-F418-470B-880E-399AB365B25B}"= TCP:c:\users\Christina\Download music\LimeWire\LimeWire.exe:LimeWire
"{B26612D6-1F8D-4650-A990-B16B787BE6E0}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{A905790E-3129-4626-9CB8-E74AF1530CBB}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B3C621DB-46D3-4333-85D1-E8A0AE96410A}"= UDP:c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:CinemaNow Media Manager
"{403342CA-DDC7-406B-82D0-CA43AB90B9EA}"= TCP:c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:CinemaNow Media Manager
"{6318553F-4564-4E70-9AAB-0547202AD4AA}"= UDP:c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:CinemaNow Media Manager
"{69586D75-273C-4A75-8E3A-8FDF73A59F77}"= TCP:c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:CinemaNow Media Manager
"{198E0F6F-796A-4A6B-9640-3898D0D9F72D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B30D5DF6-8B59-4B5B-92E2-B30CA0351439}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5438EF38-5D02-416E-9B80-BA0CC6F77626}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{FAB61888-C345-4D3A-9A7E-20042B90DF4E}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{14D070DF-11B6-48A1-945B-43DDF93FC194}"= UDP:c:\users\Christina\iWin Games\iWinGames.exe:iWin Games application.
"{E298C3CD-24B1-4017-8115-A76010C0EC42}"= TCP:c:\users\Christina\iWin Games\iWinGames.exe:iWin Games application.
"{CB59389C-75AE-44D6-B634-41DB616E29CA}"= UDP:c:\users\Christina\iWin Games\WebUpdater.exe:iWin Games updater.
"{C3BB80EE-FA5E-48D2-B2BD-55FC6034DEEC}"= TCP:c:\users\Christina\iWin Games\WebUpdater.exe:iWin Games updater.
"{2E98AC0A-C212-454D-A161-0A415F76B9EE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{8814B712-1B0F-43BB-B225-13D749F54371}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0300000.086\SymEFA.sys [4/10/2009 11:46 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0300000.086\BHDrvx86.sys [4/10/2009 11:46 AM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0300000.086\cchpx86.sys [4/10/2009 11:46 AM 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSvix86.sys [6/19/2009 12:14 PM 292912]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [9/22/2008 10:49 PM 138616]
R2 iWinTrusted;iWinTrusted;c:\users\Christina\iWin Games\iWinTrusted.exe [4/27/2009 6:49 AM 78104]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe [4/10/2009 11:46 AM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/10/2009 12:04 PM 101936]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0300000.086\symndisv.sys [4/10/2009 11:46 AM 39984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-06-22 c:\windows\Tasks\PersonalAV.job
- c:\program files\PersonalAV\pav.exe [2009-06-20 05:11]

2009-06-22 c:\windows\Tasks\User_Feed_Synchronization-{952568A8-6D2A-4050-BDF6-2CB627CF9BB3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-26 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://www.gamehouse.com/games/WeddingDash2.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://www.gamehouse.com/games/tumblebugs/axhost.cab
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://www.gamehouse.com/games/SpinTopGamesLauncher.cab
DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://www.gamehouse.com/games/JBGamePlayer.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.gamehouse.com/games/GoBitGamesPlayer.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/games/zylom/zylomplayer.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://www.gamehouse.com/games/Chocolatier2.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-22 06:58
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A2\4&98671ce&0&UID16843008\Device Parameters\MODES]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A2\4&98671ce&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A2\4&98671ce&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4340)
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\System32\WUDFHost.exe
c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
c:\program files\CinemaNow\CinemaNow Media Manager\CNRpc.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\hp\KBD\kbd.exe
.
**************************************************************************
.
Completion time: 2009-06-22 7:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-22 14:01
ComboFix2.txt 2009-06-22 13:29

Pre-Run: 383,701,532,672 bytes free
Post-Run: 383,676,465,152 bytes free

270 --- E O F --- 2009-06-21 04:18

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
c:\windows\Tasks\PersonalAV.job
c:\windows\system32\msxmlm.dll.tmp

Folder::
c:\program files\PersonalAV
c:\program files\Common Files\Uninstall

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

ComboFix 09-06-23.01 - Christina 06/24/2009 11:06.3 - NTFSx86
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.3062.1834 [GMT -7:00]
Running from: c:\users\Christina\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Christina\Desktop\CFScript.txt.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\msxmlm.dll.tmp"
"c:\windows\Tasks\PersonalAV.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Uninstall
c:\program files\Common Files\Uninstall\PersonalAV\Uninstall.lnk
c:\windows\system32\msxmlm.dll.tmp
c:\windows\Tasks\PersonalAV.job

.
((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 )))))))))))))))))))))))))))))))
.

2009-06-24 18:09 . 2009-06-24 18:12 -------- d-----w- c:\users\Christina\AppData\Local\temp
2009-06-23 18:14 . 2009-06-23 18:14 -------- d-----w- c:\programdata\Alex Gordon
2009-06-23 17:45 . 2009-06-23 17:44 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-23 13:12 . 2009-06-23 13:16 -------- d-----w- c:\program files\The Omega Stone
2009-06-23 00:14 . 2009-06-24 13:33 -------- d-----w- c:\programdata\AlawarWrapper
2009-06-23 00:14 . 2009-06-23 00:15 -------- d-----w- c:\users\Christina\AppData\Roaming\TMInc
2009-06-23 00:09 . 2009-06-23 00:13 -------- d-----w- c:\program files\Viva Media
2009-06-23 00:05 . 2009-06-23 00:05 -------- d-----w- c:\program files\Viva Media Game Center
2009-06-21 16:51 . 2009-06-21 16:51 -------- d-----w- c:\users\Christina\AppData\Roaming\Malwarebytes
2009-06-21 16:51 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-21 16:51 . 2009-06-21 16:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-21 16:51 . 2009-06-21 16:51 -------- d-----w- c:\programdata\Malwarebytes
2009-06-21 16:51 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-20 18:09 . 2009-06-20 18:09 -------- d-----w- c:\program files\Trend Micro
2009-06-20 17:41 . 2009-06-20 17:53 -------- d-----w- c:\users\Christina\.SunDownloadManager
2009-06-19 19:14 . 2009-04-10 18:46 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSviA64.sys
2009-06-19 19:14 . 2009-04-10 18:46 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSvix86.sys
2009-06-19 19:14 . 2009-04-10 18:46 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSXpx86.sys
2009-06-19 19:14 . 2009-04-10 18:46 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\IDSxpx86.dll
2009-06-19 19:14 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618.002\Scxpx86.dll
2009-06-16 02:30 . 2009-06-16 02:32 -------- d-----w- c:\programdata\Creative
2009-06-16 02:30 . 2009-06-16 02:30 -------- d--h--w- c:\programdata\{7A246771-272C-415B-B2AB-AE698ADB7EEB}
2009-06-16 02:30 . 2008-06-17 01:40 2354414 ----a-w- c:\programdata\{7A246771-272C-415B-B2AB-AE698ADB7EEB}\setup.exe
2009-06-16 02:30 . 2006-10-06 21:17 53248 ------w- c:\windows\Ctregrun.exe
2009-06-16 02:29 . 2009-06-16 02:30 -------- d-----w- c:\program files\Creative
2009-06-13 18:49 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-13 18:49 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-13 18:26 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-13 18:26 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-13 18:24 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-13 18:06 . 2009-06-13 18:06 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbF410.tmp.exe
2009-06-08 16:49 . 2009-06-08 16:49 758088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-07 05:18 . 2009-06-08 13:06 -------- d-----w- c:\users\Christina\AppData\Local\SpookyManor
2009-06-07 02:11 . 2009-06-08 14:02 -------- d-----w- c:\programdata\MysteryChronicles
2009-06-07 02:09 . 2009-06-07 02:09 -------- d-----w- c:\program files\Mystery Chronicles - Murder Among Friends
2009-06-03 22:07 . 2009-06-03 22:07 -------- d-----w- c:\program files\iPod
2009-06-03 22:07 . 2009-06-03 22:07 -------- d-----w- c:\program files\iTunes
2009-06-03 22:05 . 2009-06-19 17:15 -------- d-----w- c:\program files\QuickTime
2009-06-03 21:59 . 2009-06-03 21:59 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-26 21:29 . 2009-06-21 16:58 -------- d-----w- c:\users\Christina\iWin Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 17:54 . 2008-04-13 18:37 5692 ----a-w- c:\users\Christina\AppData\Roaming\wklnhst.dat
2009-06-24 04:10 . 2008-07-07 18:44 -------- d-----w- c:\users\Christina\AppData\Roaming\LimeWire
2009-06-23 17:44 . 2007-11-18 11:28 -------- d-----w- c:\program files\Java
2009-06-23 12:59 . 2007-11-18 11:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-23 12:56 . 2008-07-12 02:46 -------- d-----w- c:\program files\The Learning Company
2009-06-20 16:23 . 2008-04-13 00:38 88328 ----a-w- c:\users\Christina\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-14 07:38 . 2007-11-18 11:29 -------- d-----w- c:\program files\Microsoft Works
2009-06-14 07:38 . 2008-04-13 02:32 -------- d-----w- c:\programdata\Microsoft Help
2009-06-03 22:07 . 2008-10-12 15:56 -------- d-----w- c:\program files\Common Files\Apple
2009-05-26 21:29 . 2008-06-25 08:14 -------- d-----w- c:\programdata\iWin Games
2009-05-16 13:52 . 2009-05-16 13:52 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-16 04:40 . 2009-05-10 01:26 -------- d-----w- c:\program files\GameMill Entertainment
2009-05-10 01:21 . 2009-05-10 01:20 -------- d-----w- c:\programdata\PopCap Games
2009-05-10 01:21 . 2009-04-06 00:52 -------- d-----w- c:\programdata\SpinTop Games
2009-05-10 01:21 . 2008-07-14 00:26 -------- d-----w- c:\program files\PopCap Games
2009-05-03 06:19 . 2009-05-03 06:19 -------- d-----w- c:\programdata\HP Product Assistant
2009-05-03 06:16 . 2009-05-03 06:16 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-05-03 06:16 . 2009-05-03 06:16 315392 ----a-w- c:\windows\HideWin.exe
2009-05-03 06:16 . 2009-05-03 06:16 -------- d-----w- c:\program files\Realtek
2009-05-03 05:57 . 2009-05-03 05:57 -------- d-----w- c:\program files\Intel
2009-05-03 05:57 . 2009-05-03 05:57 -------- d-----w- c:\users\Christina\AppData\Roaming\WinBatch
2009-04-10 18:46 . 2009-04-10 18:46 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvia64.sys
2008-06-25 00:48 . 2008-06-25 00:48 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-22_13.26.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-06-24 13:33 50692 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2009-06-22 12:56 78764 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-06-24 13:33 78764 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-13 01:22 . 2009-06-24 13:33 12380 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2346018145-2267827550-2019775581-1000_UserData.bin
- 2008-04-13 00:14 . 2009-06-22 13:18 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-13 00:14 . 2009-06-24 13:30 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-13 00:14 . 2009-06-22 13:18 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-13 00:14 . 2009-06-24 13:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 10:33 . 2009-06-24 13:36 604214 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-06-22 12:58 604214 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-06-24 13:36 105170 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-06-22 12:58 105170 c:\windows\System32\perfc009.dat
+ 2009-06-23 17:45 . 2009-06-23 17:44 148888 c:\windows\System32\javaws.exe
+ 2009-06-23 17:45 . 2009-06-23 17:44 144792 c:\windows\System32\javaw.exe
+ 2009-06-23 17:45 . 2009-06-23 17:44 144792 c:\windows\System32\java.exe
+ 2008-04-13 00:14 . 2009-06-24 13:30 114688 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-10-17 4347120]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-05-28 401408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"DT HPW"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-30 278528]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-26 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-26 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-03 178712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-23 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-07-03 6266880]

c:\users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{ADF403AE-14A0-454B-8D08-F241D4DD0239}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{3ADC0D61-0236-4732-9C98-BC859CCD336F}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{16AB5610-7CEE-4D33-B3AA-4DEF4CC1ABCD}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{43DD6BF7-7628-47FD-89C5-03996974329B}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0B1D2605-F23B-4B15-AD92-72A6A8E43CCB}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{00E98F33-552B-497D-9152-1E4AA7E3D66D}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{190EFC28-BBAB-42B7-B1A7-6C9F98CF122C}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{FA167C38-2B8A-4F8D-AE9E-9851D3637FF9}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1CC78A3B-0FEA-4F9D-A3BC-0CB35FEFC8E9}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C67201BF-04A0-4008-BB53-9B6DA4A4FD15}"= UDP:c:\users\Christina\iWin Games\iWinGames.exe:iWin Games application.
"{AC5C028F-76B6-4B30-9E44-302158D4798A}"= TCP:c:\users\Christina\iWin Games\iWinGames.exe:iWin Games application.
"{1509824B-75E3-442D-B790-C9DB437B2B0C}"= UDP:c:\users\Christina\iWin Games\WebUpdater.exe:iWin Games updater.
"{77A34E9B-255A-4BC6-8D1B-006ECC9317BA}"= TCP:c:\users\Christina\iWin Games\WebUpdater.exe:iWin Games updater.
"{96150C3B-F5A8-49E3-9649-B51CCBC60C55}"= UDP:c:\users\Christina\Download music\LimeWire\LimeWire.exe:LimeWire
"{DACE4BFD-F418-470B-880E-399AB365B25B}"= TCP:c:\users\Christina\Download music\LimeWire\LimeWire.exe:LimeWire
"{B26612D6-1F8D-4650-A990-B16B787BE6E0}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{A905790E-3129-4626-9CB8-E74AF1530CBB}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B3C621DB-46D3-4333-85D1-E8A0AE96410A}"= UDP:c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:CinemaNow Media Manager
"{403342CA-DDC7-406B-82D0-CA43AB90B9EA}"= TCP:c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:CinemaNow Media Manager
"{6318553F-4564-4E70-9AAB-0547202AD4AA}"= UDP:c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:CinemaNow Media Manager
"{69586D75-273C-4A75-8E3A-8FDF73A59F77}"= TCP:c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:CinemaNow Media Manager
"{198E0F6F-796A-4A6B-9640-3898D0D9F72D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B30D5DF6-8B59-4B5B-92E2-B30CA0351439}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5438EF38-5D02-416E-9B80-BA0CC6F77626}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{FAB61888-C345-4D3A-9A7E-20042B90DF4E}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{14D070DF-11B6-48A1-945B-43DDF93FC194}"= UDP:c:\users\Christina\iWin Games\iWinGames.exe:iWin Games application.
"{E298C3CD-24B1-4017-8115-A76010C0EC42}"= TCP:c:\users\Christina\iWin Games\iWinGames.exe:iWin Games application.
"{CB59389C-75AE-44D6-B634-41DB616E29CA}"= UDP:c:\users\Christina\iWin Games\WebUpdater.exe:iWin Games updater.
"{C3BB80EE-FA5E-48D2-B2BD-55FC6034DEEC}"= TCP:c:\users\Christina\iWin Games\WebUpdater.exe:iWin Games updater.
"{2E98AC0A-C212-454D-A161-0A415F76B9EE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{8814B712-1B0F-43BB-B225-13D749F54371}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0300000.086\SymEFA.sys [4/10/2009 11:46 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0300000.086\BHDrvx86.sys [4/10/2009 11:46 AM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0300000.086\cchpx86.sys [4/10/2009 11:46 AM 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623.001\IDSvix86.sys [6/24/2009 9:33 AM 292912]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [9/22/2008 10:49 PM 138616]
R2 iWinTrusted;iWinTrusted;c:\users\Christina\iWin Games\iWinTrusted.exe [4/27/2009 6:49 AM 78104]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe [4/10/2009 11:46 AM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/10/2009 12:04 PM 101936]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0300000.086\symndisv.sys [4/10/2009 11:46 AM 39984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-06-24 c:\windows\Tasks\User_Feed_Synchronization-{952568A8-6D2A-4050-BDF6-2CB627CF9BB3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-26 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://www.gamehouse.com/games/WeddingDash2.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://www.gamehouse.com/games/tumblebugs/axhost.cab
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://www.gamehouse.com/games/SpinTopGamesLauncher.cab
DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://www.gamehouse.com/games/JBGamePlayer.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.gamehouse.com/games/GoBitGamesPlayer.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://www.gamehouse.com/games/zylom/zylomplayer.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://www.gamehouse.com/games/Chocolatier2.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 11:11
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A2\4&98671ce&0&UID16843008\Device Parameters\MODES]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A2\4&98671ce&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A2\4&98671ce&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5920)
c:\windows\System32\srchadmin.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\hp\KBD\kbd.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
.
**************************************************************************
.
Completion time: 2009-06-24 11:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-24 18:15
ComboFix2.txt 2009-06-22 14:01
ComboFix3.txt 2009-06-22 13:29

Pre-Run: 383,921,967,104 bytes free
Post-Run: 383,795,793,920 bytes free

286 --- E O F --- 2009-06-21 04:18

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

The computers running fantastic. No more pop-ups saying my computer's going to die. Thank you very much for all your help. Much appreciated.