removal of windows/system32/services.exe-1073741819

need help removing this virus i have received the notice on my computer saying that it will shut down, i have run my spyware, anti virus and it doesn't take it off... Please help me. thanks.

Hello.
Is the warning 60 seconds till shutdown? You can stop that by doing this.

Next time you get the 60 seconds warning, go to Start > Run. Type in the following.

shutdown -a

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

Yes it does say that it will shutdown.. I am not on my computer that is infected but i will do that tonight as soon as i get home from work. Thanks very much.

here is my logfile
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:52:36 PM, on 8/31/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\mset.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5228
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5228
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/clientapps/AutoSearch/SearchBarLM/YSetSearch/2008/08/26/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5228
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] "ARPWRMSG.EXE"
O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe"
O4 - HKLM\..\Run: [Alcmtr] "ALCMTR.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] "zHotkey.exe"
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [mset] C:\WINDOWS\system32\mset.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe

O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-IN ee://aol/imApp
O4 - HKCU\..\Run: [mset] C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\mset.exe
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?d209a59c4da94ef0b832999bf707858a
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?d209a59c4da94ef0b832999bf707858a
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://laguera16.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://laguera16.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://longsdrugs.digitalcameradeveloping.com/upload/FujifilmUploadClient.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://webprod.vcccd.net/dwa7W.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 17002 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R3 - URLSearchHook: (no name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
  O4 - HKLM\..\Run: [mset] C:\WINDOWS\system32\mset.exe
  O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Quick Question for some reason when i rebooted the computer a blue screen came up and said that windows had detected a problem and it has to be shut down to prevent damage to your computer so i had to start the computer when it was last configured to get it started again.. here is my log for the malware
Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2

9/1/2009 12:02:10 PM
mbam-log-2009-09-01 (12-02-10).txt

Scan type: Quick Scan
Objects scanned: 183774
Time elapsed: 30 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: wiusvcdi.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\wiusvcdi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\Temp\wpv621251225613.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv891251594352.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\yanette\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\yanette\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_ex-68.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Hello.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run.
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.
  

DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 18:20:59.50 on Tue 09/01/2009
Internet Explorer: 8.0.6001.18372

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5228
uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5228
mSearch Bar = hxxp://us.rd.yahoo.com/clientapps/AutoSearch/SearchBarLM/YSetSearch/2008/08/26/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5228
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn5\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn5\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn5\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn5\yt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [LDM] "c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SUPERAntiSpyware] "c:\program files\superantispyware\SUPERAntiSpyware.exe"
uRun: [filehippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-IN ee://aol/imApp
uRun: [mset] c:\documents and settings\owner.your-dc3e0b8f38\mset.exe
mRun: [ehTray] "c:\windows\ehome\ehtray.exe"
mRun: [AlwaysReady Power Message APP] "ARPWRMSG.EXE"
mRun: [readericon] "c:\program files\digital media reader\readericon45G.exe"
mRun: [Alcmtr] "ALCMTR.EXE"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CHotkey] "zHotkey.exe"
mRun: [Recguard] "c:\windows\sminst\RECGUARD.EXE"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [LogitechVideoRepair] "c:\program files\logitech\video\ISStart.exe"
mRun: [LogitechVideoTray] "c:\program files\logitech\video\LogiTray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Picasa Media Detector] "c:\program files\picasa2\PicasaMediaDetector.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: &Search
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/229?d209a59c4da94ef0b832999bf707858a
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-us\msntabres.dll.mui/230?d209a59c4da94ef0b832999bf707858a
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://laguera16.spaces.live.com//PhotoUpload/MsnPUpld.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://laguera16.spaces.live.com/PhotoUpload/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://longsdrugs.digitalcameradeveloping.com/upload/FujifilmUploadClient.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxp://webprod.vcccd.net/dwa7W.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~1.you\applic~1\mozilla\firefox\profiles\mcw9nge9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&type=Web&orig=IMC-FF&qry=
FF - plugin: c:\documents and settings\owner.your-dc3e0b8f38\application data\mozilla\firefox\profiles\mcw9nge9.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000005.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: XUL Cache: {57B00780-F09A-40B5-86D0-F5D90E5DE0A0} - c:\documents and settings\yanette\local settings\application data\{57B00780-F09A-40B5-86D0-F5D90E5DE0A0}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-09-01 12:02 61,440 a------- c:\windows\system32\drivers\pdmfy.sys
2009-08-30 17:03 94,016 ac------ c:\windows\system32\dllcache\agp440.sys
2009-08-30 16:46 29,465 a------- c:\windows\system32\mset.exe
2009-08-30 16:38 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-08-30 16:38 21,504 a------- c:\windows\system32\drivers\hidserv.dll
2009-08-30 16:30 31,048 a------- c:\windows\system32\drivers\point32.sys
2009-08-30 16:29 --d----- c:\program files\Microsoft IntelliPoint
2009-08-30 16:28 18,504 a------- c:\windows\system32\drivers\nuidfltr.sys
2009-08-30 16:26 --d----- c:\program files\Microsoft IntelliType Pro
2009-08-29 22:22 120 a------- c:\windows\Bgopohekafom.dat
2009-08-29 21:19 --d----- c:\program files\WinPcap
2009-08-29 20:44 81,152 a------- c:\windows\system32\drivers\9f20db4c.sys
2009-08-11 18:02 --d----- c:\windows\ServicePackFiles
2009-08-11 14:48 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx

==================== Find3M ====================

2009-09-01 14:53 28,982 a------- c:\windows\hpoins03.dat
2009-09-01 10:50 94,016 a------- c:\windows\system32\drivers\AGP440.SYS
2009-08-05 02:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-17 11:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-06-25 11:36 661,504 a------- c:\windows\system32\mqqm.dll
2009-06-25 11:36 517,120 a------- c:\windows\system32\mqsnap.dll
2009-06-25 11:36 471,552 a------- c:\windows\system32\mqutil.dll
2009-06-25 11:36 225,280 a------- c:\windows\system32\mqoa.dll
2009-06-25 11:36 186,880 a------- c:\windows\system32\mqtrig.dll
2009-06-25 11:36 177,152 a------- c:\windows\system32\mqrt.dll
2009-06-25 11:36 138,240 a------- c:\windows\system32\mqad.dll
2009-06-25 11:36 123,392 a------- c:\windows\system32\mqrtdep.dll
2009-06-25 11:36 95,744 a------- c:\windows\system32\mqsec.dll
2009-06-25 11:36 48,640 a------- c:\windows\system32\mqupgrd.dll
2009-06-25 11:36 47,104 a------- c:\windows\system32\mqdscli.dll
2009-06-25 11:36 16,896 a------- c:\windows\system32\mqise.dll
2009-06-25 01:17 729,600 a------- c:\windows\system32\lsasrv.dll
2009-06-25 01:17 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 01:17 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 01:17 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 01:17 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 01:17 56,320 a------- c:\windows\system32\secur32.dll
2009-06-22 04:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 04:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 04:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-16 07:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-12 04:50 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 04:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 07:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-09 23:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 00:42 655,872 a------- c:\windows\system32\mstscax.dll
2009-05-27 20:13 4,378 ac------ c:\docume~1\owner~1.you\applic~1\wklnhst.dat
2007-12-07 23:52 439,296 a------- c:\documents and settings\owner.your-dc3e0b8f38\GoToAssist_phone__317_en.exe
2008-12-23 23:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122320081224\index.dat

============= FINISH: 18:21:38.70 ===============

second logfile

==== Installed Programs ======================

4200
4200_Help
4200Tour
4200Trb
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
AiO_Scan
AIOMinimal
AiOSoftware
AOL Coach Version 2.0(Build:20041026.5 en)
Apple Mobile Device Support
Apple Software Update
Avery Wizard 3.1
BigFix
Birthday EZ Cards
Blackhawk Striker 2
Blasterball 2 Revolution
Bonjour
Browser Address Error Redirector
BUM
CCScore
Choice Guard
Compatibility Pack for the 2007 Office system
Copy
Crawler Toolbar with Web Security Guard
CreativeProjects
Critical Update for Windows Media Player 11 (KB959772)
Data Entry Test 2004 Version 5.0.1
Digital Media Reader
DIGOpt
DIGReqEx
Diner Dash
Director
DocProc
Download Updater (AOL LLC)
DVD Solution
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
FATE
Fax
Flock (Photobucket Edition) 0.7
Form Fill (Windows Live Toolbar)
Gateway Game Console
getPlus(R)_ocx
Google Desktop
Google Toolbar for Internet Explorer
gtw_logo
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895953)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB914906)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)

HP Image Zone 3.5
hp officejet 4200 series
HP PSC & OfficeJet 3.5
HP Unload DLL Patch
HP Update
HPSystemDiagnostics
InstantShare
iPod for Windows 2006-01-10
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 8
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
kgcbase
KODAK EASYSHARE Gallery Upload ActiveX Control
Kodak EasyShare software
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
MathPlayer
Messenger Plus! Live
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Away Mode
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft IntelliPoint 6.3
Microsoft IntelliType Pro 6.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Standard Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.13)
MSN
MSN Encarta Plus Support Files
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Multimedia Keyboard Driver
Napster Burn Engine
netbrdg
NVIDIA Drivers
OfotoXMI
OneCare Advisor (Windows Live Toolbar)
Ovation
Overland
Penguins!
PhotoGallery
PhotoStreamer 2
Picasa 2
PlayLinc
Polar Bowler
Polar Golfer
Popup Blocker (Windows Live Toolbar)
Power2Go 4.0
PowerDVD
PrintScreen
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
Realtek High Definition Audio Driver
Recovery Software Suite Gateway
Scan
SCRABBLE
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
SFR
SFR2
SHASTA
skin0001
SkinsHP1
SkinsHP2
SKINXSDK
Smart Menus (Windows Live Toolbar)
Soft Data Fax Modem with SmartCP
Sonic Encoders
SplashPhoto
SplashShopper
Spy Sweeper
Spy Sweeper Core
staticcr
SUPERAntiSpyware Free Edition
Tabbed Browsing (Windows Live Toolbar)
tooltips
Tradewinds
TrayApp
Trend Micro AntiVirus
Unload
Update for Windows Internet Explorer 8 (KB961813)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Verizon Broadband Toolbar
Verizon Help and Support Tool
Viewpoint Media Player
VPRINTOL
WD Diagnostics
WebCam for MSN Messenger
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8 Release Candidate 1
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Media Center Edition 2005 KB925766
WIRELESS
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zumie Search 1.0 build 152
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

==== End Of File ===========================

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
  
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  
• When prompted to run the scan, click Yes.
  
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
  

GooredFix by jpshortstuff (12.07.09)
Log created at 18:38 on 01/09/2009 (Owner)
Firefox version 3.0.13 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [02:20 08/03/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

how do i disable trend micro antivirus it doesnt show me how to do it

nevermind i found it

ComboFix 09-09-01.04 - Owner 09/01/2009 19:07.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1919.888 [GMT -7:00]
Running from: c:\documents and settings\Owner.YOUR-DC3E0B8F38\Desktop\ComboFix.exe
AV: Trend Micro AntiVirus - Virus Protection *On-access scanning disabled* (Updated) {9596F8E6-38C3-4C51-80B9-8C94D2E25B07}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Omar\Application Data\020000002a974dcfC.manifest
c:\documents and settings\Omar\Application Data\020000002a974dcfO.manifest
c:\documents and settings\Omar\Application Data\020000002a974dcfP.manifest
c:\documents and settings\Omar\Application Data\020000002a974dcfR.manifest
c:\documents and settings\Omar\Application Data\020000002a974dcfS.manifest
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\020000002a974dcfC.manifest
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\020000002a974dcfO.manifest
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\020000002a974dcfP.manifest
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\020000002a974dcfR.manifest
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\020000002a974dcfS.manifest
c:\documents and settings\yanette\Application Data\020000002a974dcfC.manifest
c:\documents and settings\yanette\Application Data\020000002a974dcfO.manifest
c:\documents and settings\yanette\Application Data\020000002a974dcfP.manifest
c:\documents and settings\yanette\Application Data\020000002a974dcfR.manifest
c:\documents and settings\yanette\Application Data\020000002a974dcfS.manifest
c:\documents and settings\yanette\Start Menu\Programs\Startup\ikowin32.exe
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\recycler\S-1-5-21-3184997983-3164463926-2442236481-500
c:\windows\Installer\107fd0.msp
c:\windows\Installer\10b1e72.msp
c:\windows\Installer\10d00ed.msp
c:\windows\Installer\10fe96.msp
c:\windows\Installer\1150fcb.msp
c:\windows\Installer\11bccd5.msp
c:\windows\Installer\12d25cf.msp
c:\windows\Installer\13f80f.msp
c:\windows\Installer\1413f4.msp
c:\windows\Installer\144e67f.msp
c:\windows\Installer\148125.msp
c:\windows\Installer\148a2fb.msp
c:\windows\Installer\1495a06.msp
c:\windows\Installer\152c18e.msp
c:\windows\Installer\153b8df.msp
c:\windows\Installer\15db238.msp
c:\windows\Installer\1617673.msp
c:\windows\Installer\1632452.msp
c:\windows\Installer\165cd1b.msp
c:\windows\Installer\16b68b7.msp
c:\windows\Installer\16d8628.msp
c:\windows\Installer\16f3196.msp
c:\windows\Installer\16f4b5.msp
c:\windows\Installer\187f406.msp
c:\windows\Installer\18b1a4d.msp
c:\windows\Installer\18cb0db.msp
c:\windows\Installer\18ff43e.msp
c:\windows\Installer\1904106.msp
c:\windows\Installer\194c518.msp
c:\windows\Installer\1979908.msp
c:\windows\Installer\1ad6a0d.msp
c:\windows\Installer\1ae424d.msp
c:\windows\Installer\1aeaa0.msp
c:\windows\Installer\1b0f99d.msp
c:\windows\Installer\1b77066.msp
c:\windows\Installer\1b7b0f9.msp
c:\windows\Installer\1b7f3bf.msp
c:\windows\Installer\1b9acd9.msp
c:\windows\Installer\1bb7bfb.msp
c:\windows\Installer\1bc708c.msp
c:\windows\Installer\1bdd03c.msp
c:\windows\Installer\1bec9fd.msp
c:\windows\Installer\1c26dff.msp
c:\windows\Installer\1c3ec33.msp
c:\windows\Installer\1c53983.msp
c:\windows\Installer\1c79100.msp
c:\windows\Installer\1c9ab54.msp
c:\windows\Installer\1ca172d.msp
c:\windows\Installer\1cc6bad.msp
c:\windows\Installer\1cdc62c.msp
c:\windows\Installer\1cefc2b.msp
c:\windows\Installer\1d011a2.msp
c:\windows\Installer\1d39ed0.msp
c:\windows\Installer\1d45aae.msp
c:\windows\Installer\1d9a0e6.msp
c:\windows\Installer\1e09636.msp
c:\windows\Installer\1e27806.msp
c:\windows\Installer\1e403e5.msp
c:\windows\Installer\1ea621.msp
c:\windows\Installer\1ee2826.msp
c:\windows\Installer\1ee40cf.msp
c:\windows\Installer\1f1c041.msp
c:\windows\Installer\1fb0d9a.msp
c:\windows\Installer\1fc7af5.msp
c:\windows\Installer\1fff9bc.msp
c:\windows\Installer\2024aef.msp
c:\windows\Installer\20488c9.msp
c:\windows\Installer\205463d.msp
c:\windows\Installer\205f4ae.msp
c:\windows\Installer\2064231.msp
c:\windows\Installer\2072dd9.msp
c:\windows\Installer\208ec04.msp
c:\windows\Installer\20baa88.msp
c:\windows\Installer\20efa4.msp
c:\windows\Installer\2117cd.msp
c:\windows\Installer\216f392.msp
c:\windows\Installer\2175faa.msp
c:\windows\Installer\21a9292.msp
c:\windows\Installer\21e27fe.msp
c:\windows\Installer\2211988.msp
c:\windows\Installer\222e177.msp
c:\windows\Installer\223d2eb.msp
c:\windows\Installer\224096c.msp
c:\windows\Installer\22457f.msp
c:\windows\Installer\22680d5.msp
c:\windows\Installer\226f682.msp
c:\windows\Installer\2271d73.msp
c:\windows\Installer\2280a24.msp
c:\windows\Installer\228f743.msp
c:\windows\Installer\2297424.msp
c:\windows\Installer\2298923.msp
c:\windows\Installer\22c04b2.msp
c:\windows\Installer\22c7dea.msp
c:\windows\Installer\22dc917.msp
c:\windows\Installer\22dd57b.msp
c:\windows\Installer\22f7b7a.msp
c:\windows\Installer\23027fa.msp
c:\windows\Installer\2309844.msp
c:\windows\Installer\2310d65.msp
c:\windows\Installer\231dcab.msp
c:\windows\Installer\232ad2a.msp
c:\windows\Installer\235a953.msp
c:\windows\Installer\2376e92.msp
c:\windows\Installer\237ddb7.msp
c:\windows\Installer\23a5d1f.msp
c:\windows\Installer\23afac6.msp
c:\windows\Installer\23c2c90.msp
c:\windows\Installer\2416320.msp
c:\windows\Installer\242904e.msp
c:\windows\Installer\24fb839.msp
c:\windows\Installer\255dac8.msp
c:\windows\Installer\25b8a8d.msp
c:\windows\Installer\25c281.msp
c:\windows\Installer\25ccc.msp
c:\windows\Installer\25ea7b6.msp
c:\windows\Installer\25ff563.msp
c:\windows\Installer\26aa7.msp
c:\windows\Installer\27307e5.msp
c:\windows\Installer\276dff7.msp
c:\windows\Installer\27ab50c.msp
c:\windows\Installer\2938ea.msp
c:\windows\Installer\294af31.msp
c:\windows\Installer\298ccb8.msp
c:\windows\Installer\29cdc07.msp
c:\windows\Installer\2ab22.msp
c:\windows\Installer\2ada6db.msp
c:\windows\Installer\2af4a59.msp
c:\windows\Installer\2b01fe9.msp
c:\windows\Installer\2b0f049.msp
c:\windows\Installer\2b5fbf9.msp
c:\windows\Installer\2bd369e.msp
c:\windows\Installer\2bf9a6f.msp
c:\windows\Installer\2c8d22d.msp
c:\windows\Installer\2ca689c.msp
c:\windows\Installer\2cb0058.msp
c:\windows\Installer\2cb74.msp
c:\windows\Installer\2d497f8.msp
c:\windows\Installer\2d84fb1.msp
c:\windows\Installer\2db9dc3.msp
c:\windows\Installer\2dff92e.msp
c:\windows\Installer\2e0f1e5.msp
c:\windows\Installer\2e1ba56.msp

c:\windows\Installer\2e27ae7.msp
c:\windows\Installer\2e36bee.msp
c:\windows\Installer\2e39957.msp
c:\windows\Installer\2e3a722.msp
c:\windows\Installer\2e3eb4f.msp
c:\windows\Installer\2e71f70.msp
c:\windows\Installer\2ea3a4d.msp
c:\windows\Installer\2ec3bba.msp
c:\windows\Installer\2ec799e.msp
c:\windows\Installer\2ef602c.msp
c:\windows\Installer\2ef8141.msp
c:\windows\Installer\2f9b6d7.msp
c:\windows\Installer\2fe8791.msp
c:\windows\Installer\30b4672.msp
c:\windows\Installer\30d3cf2.msp
c:\windows\Installer\30db5cc.msp
c:\windows\Installer\30e18eb.msp
c:\windows\Installer\30edad3.msp
c:\windows\Installer\3123a5a.msp
c:\windows\Installer\3151cd1.msp
c:\windows\Installer\3175740.msp
c:\windows\Installer\32274a6.msp
c:\windows\Installer\323026f.msp
c:\windows\Installer\32649ba.msp
c:\windows\Installer\328a00e.msp
c:\windows\Installer\330733b.msp
c:\windows\Installer\332528a.msp
c:\windows\Installer\333a558.msp
c:\windows\Installer\333b2b6.msp
c:\windows\Installer\335cc4f.msp
c:\windows\Installer\338b7af.msp
c:\windows\Installer\3396257.msp
c:\windows\Installer\33a9e4.msp
c:\windows\Installer\33b4223.msp
c:\windows\Installer\33e2805.msp
c:\windows\Installer\33f1533.msp
c:\windows\Installer\341585d.msp
c:\windows\Installer\341ca8f.msp
c:\windows\Installer\34238ab.msp
c:\windows\Installer\34c7025.msp
c:\windows\Installer\34eccd2.msp
c:\windows\Installer\350793a.msp
c:\windows\Installer\3511098.msp
c:\windows\Installer\35195f5.msp
c:\windows\Installer\35ced18.msp
c:\windows\Installer\367d4b8.msp
c:\windows\Installer\36ad621.msp
c:\windows\Installer\36f0c41.msp
c:\windows\Installer\37524a.msp
c:\windows\Installer\39edba2.msp
c:\windows\Installer\3d30da2.msp
c:\windows\Installer\41b8c4.msp
c:\windows\Installer\433a05.msp
c:\windows\Installer\441dfd.msp
c:\windows\Installer\468cf9.msp
c:\windows\Installer\4b3069.msp
c:\windows\Installer\4d2f56.msp
c:\windows\Installer\4e9ba8.msp
c:\windows\Installer\4ec6fe.msp
c:\windows\Installer\51dbf97.msp
c:\windows\Installer\53ba05.msp
c:\windows\Installer\5aaea9.msp
c:\windows\Installer\5d0e15.msp
c:\windows\Installer\612ec1e.msp
c:\windows\Installer\69f6d4.msp
c:\windows\Installer\70f11.msp
c:\windows\Installer\718249e.msp
c:\windows\Installer\80037.msp
c:\windows\Installer\8963e0.msp
c:\windows\Installer\8ad0fc.msp
c:\windows\Installer\8cacd1.msp
c:\windows\Installer\8dc4a9.msp
c:\windows\Installer\90999.msp
c:\windows\Installer\918eb.msp
c:\windows\Installer\9e2848.msp
c:\windows\Installer\9f2ca8.msp
c:\windows\Installer\a20ad8.msi
c:\windows\Installer\a248ad.msp
c:\windows\Installer\a344e0.msp
c:\windows\Installer\a609bc.msp
c:\windows\Installer\a8abb.msp
c:\windows\Installer\aad391.msp
c:\windows\Installer\b48c17.msp
c:\windows\Installer\b49c73.msp
c:\windows\Installer\b744cf.msp
c:\windows\Installer\bf6485.msp
c:\windows\Installer\c574d4.msp
c:\windows\Installer\c753fc.msp
c:\windows\Installer\cb5c0f.msp
c:\windows\Installer\cc0399.msp
c:\windows\Installer\cd12b7.msp
c:\windows\Installer\d2102f.msp
c:\windows\Installer\d66291.msp
c:\windows\Installer\d73fb2.msp
c:\windows\Installer\d7eff7.msp
c:\windows\Installer\df4559.msp
c:\windows\Installer\e0b0df.msp
c:\windows\Installer\e163c4.msp
c:\windows\Installer\e897c3.msp
c:\windows\Installer\efd28.msp
c:\windows\Installer\f04d07.msp
c:\windows\Installer\f50807.msp
c:\windows\Installer\f79837.msp
c:\windows\Installer\fd325.msp
c:\windows\Installer\fe8e61.msp
c:\windows\kb913800.exe
c:\windows\system32\drivers\9f20db4c.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Drivers\pdmfy.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
C:\xcrashdump.dat
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_npf
-------\Service_npf
-------\Service_9f20db4c


((((((((((((((((((((((((( Files Created from 2009-08-02 to 2009-09-02 )))))))))))))))))))))))))))))))
.

2009-09-01 03:21 . 2008-05-23 00:29 98816 ----a-w- c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\yahoo!\Mail\attach\msn.exe
2009-08-31 00:03 . 2009-09-01 17:50 94016 -c--a-w- c:\windows\system32\dllcache\agp440.sys
2009-08-30 23:46 . 2009-08-30 23:46 29465 ----a-w- c:\windows\system32\mset.exe
2009-08-30 23:46 . 2009-08-30 23:46 29465 ----a-w- c:\documents and settings\yanette\mset.exe
2009-08-30 23:38 . 2004-08-04 07:56 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2009-08-30 23:30 . 2008-06-10 20:04 31048 ----a-w- c:\windows\system32\drivers\point32.sys
2009-08-30 23:29 . 2009-08-30 23:30 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-08-30 23:28 . 2008-06-09 20:12 18504 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2009-08-30 23:26 . 2009-08-30 23:28 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2009-08-30 20:45 . 2009-08-30 20:45 117760 ----a-w- c:\documents and settings\yanette\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-30 05:22 . 2009-08-30 22:05 120 ----a-w- c:\windows\Bgopohekafom.dat
2009-08-20 01:06 . 2009-08-20 01:06 -------- d-sh--w- c:\documents and settings\Lizette\PrivacIE
2009-08-20 01:05 . 2009-08-20 01:05 -------- d-sh--w- c:\documents and settings\Lizette\IETldCache
2009-08-20 01:05 . 2009-08-20 01:05 -------- d-----w- c:\documents and settings\Lizette\Tracing
2009-08-12 01:02 . 2009-08-12 01:02 -------- d-----w- c:\windows\ServicePackFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-02 02:25 . 2006-12-09 20:51 28982 ----a-w- c:\windows\hpoins03.dat
2009-09-02 01:51 . 2006-12-07 00:43 -------- d-----w- c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\MSN6
2009-09-02 01:37 . 2006-12-07 00:37 -------- d-----w- c:\documents and settings\yanette\Application Data\MSN6
2009-09-01 17:50 . 2006-06-21 09:33 94016 ----a-w- c:\windows\system32\drivers\AGP440.SYS
2009-09-01 17:25 . 2009-03-07 01:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-01 17:22 . 2009-06-12 22:08 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-01 02:52 . 2006-12-04 01:04 -------- d-----w- c:\program files\Trend Micro
2009-09-01 01:18 . 2008-12-25 20:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-31 03:50 . 2006-12-09 19:29 -------- d-----w- c:\documents and settings\Omar\Application Data\MSN6
2009-08-30 23:38 . 2009-08-30 23:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-08-30 19:37 . 2008-06-09 03:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-30 19:36 . 2006-08-09 16:12 -------- d-----w- c:\program files\Common Files\AOL
2009-08-30 17:29 . 2009-01-23 04:15 -------- d-----w- c:\program files\American Airlines DealFinder
2009-08-06 15:23 . 2006-12-09 20:52 -------- d-----w- c:\program files\HP
2009-08-05 09:11 . 2006-06-17 09:23 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 20:36 . 2009-03-07 01:13 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 20:36 . 2009-03-07 01:13 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-01 15:30 . 2009-06-12 23:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-25 20:09 . 2007-06-09 01:16 -------- d-----w- c:\program files\LimeWire
2009-07-25 20:08 . 2008-01-05 22:01 -------- d-----w- c:\program files\Incomplete
2009-07-21 05:07 . 2008-11-06 05:11 -------- d-----w- c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\Move Networks
2009-07-21 05:07 . 2009-07-21 05:07 965456 ----a-w- c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\Move Networks\MoveMediaPlayer_win_mozilla_071303000005.exe
2009-07-17 18:55 . 2006-06-17 09:23 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 01:50 . 2009-04-30 00:36 0 ----a-w- c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\MSN6\MSNCoreFiles.NEW.{9D6EAA4F-27B2-4407-AC72-4BBD2FCB6ED1}\txduser.dll
2009-07-14 06:43 . 2006-06-17 09:24 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-25 18:36 . 2006-06-17 09:23 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2006-06-17 09:23 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2006-06-17 09:23 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2006-06-17 09:23 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2006-06-17 09:23 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2006-06-17 09:23 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2006-06-17 09:23 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2006-06-17 09:23 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2006-06-17 09:23 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2006-06-17 09:23 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2006-06-17 09:23 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2006-06-17 09:23 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:17 . 2006-06-17 09:23 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:17 . 2006-06-17 09:23 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:17 . 2006-06-17 09:23 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:17 . 2006-06-17 09:23 729600 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:17 . 2006-06-17 09:23 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:17 . 2006-06-17 09:23 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-22 11:49 . 2006-06-17 09:23 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2006-06-17 09:23 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2006-06-17 09:23 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2006-06-17 09:23 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:35 . 2006-06-17 09:23 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-21 03:57 . 2009-06-12 18:27 18186048 -c--a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\msgup900_2162_us_v2.exe
2009-06-16 14:55 . 2006-06-17 09:23 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2006-06-17 09:23 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 23:57 . 2006-06-19 04:25 61768 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-12 11:50 . 2006-06-17 09:23 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 11:50 . 2006-06-17 09:23 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2006-06-17 09:23 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2006-06-17 09:23 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 20:57 . 2009-06-05 20:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-05 18:42 . 2009-03-29 22:09 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 18:42 . 2008-01-04 01:45 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 07:42 . 2006-06-17 09:35 655872 ----a-w- c:\windows\system32\mstscax.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-05-13 22:34 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-02-23 16384]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-24 1830128]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2007-11-16 166304]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2003-07-01 188416]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2003-07-01 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-31 185896]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 335872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-02 77312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-09-18 1519616]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-12-09 550912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]

c:\documents and settings\Lizette\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-8-21 147456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-2-23 169472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-12 15:02 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=c:\windows\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 6:27 PM 29808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/4/2008 2:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 2:50 PM 55024]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [6/12/2009 4:36 PM 55152]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [12/14/2007 11:40 PM 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\AntiVirus 2007\components\TmProxy.exe [1/10/2007 8:19 PM 566872]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/7/2009 9:32 PM 24652]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [5/25/2009 11:51 AM 1205760]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 2:50 PM 7408]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 5:12 PM 10664]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-09-02 c:\windows\Tasks\wrSpySweeper_L6C27573675FA4A63937F16544EE9EA29.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-12-08 22:40]

2009-09-02 c:\windows\Tasks\wrSpySweeper_L6C27573675FA4A63937F16544EE9EA29.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-12-08 22:40]

2009-09-02 c:\windows\Tasks\wrSpySweeper_L9644CFEF3FCE4B168997DD2B00C765D6.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-12-08 22:40]

2009-09-02 c:\windows\Tasks\wrSpySweeper_L9644CFEF3FCE4B168997DD2B00C765D6.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-12-08 22:40]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-filehippo.com - c:\program files\filehippo.com\UpdateChecker.exe
HKCU-Run-Aim6 - c:\program files\AIM6\aim6.exe
HKCU-Run-mset - c:\documents and settings\Owner.YOUR-DC3E0B8F38\mset.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5228
mSearch Bar = hxxp://us.rd.yahoo.com/clientapps/AutoSearch/SearchBarLM/YSetSearch/2008/08/26/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Search
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?d209a59c4da94ef0b832999bf707858a
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?d209a59c4da94ef0b832999bf707858a
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
FF - ProfilePath - c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\mcw9nge9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&type=Web&orig=IMC-FF&qry=
FF - plugin: c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\mcw9nge9.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000005.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-01 19:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\OWNER~1.YOU\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,f8,8b,45,2d,2d,0b,44,98,74,09,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,f8,8b,45,2d,2d,0b,44,98,74,09,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,f8,8b,45,2d,2d,0b,44,98,74,09,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d3,f8,8b,45,2d,2d,0b,44,98,74,09,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@DACL=(02 0000)
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(8160)
c:\docume~1\OWNER~1.YOU\LOCALS~1\TempIadHide3.dll
c:\program files\Common Files\Motive\McciContextHook_DSR.dll
c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\hpzipm12.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Trend Micro\AntiVirus 2007\tavsvc.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Trend Micro\AntiVirus 2007\tavui.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\LVComS.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-09-02 19:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-02 02:29

Pre-Run: 187,094,577,152 bytes free
Post-Run: 188,469,383,168 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

602 --- E O F --- 2009-08-30 06:16

Hello.

Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
  
• Please double-click OTM.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\yahoo!\Mail\attach\msn.exe
  c:\windows\system32\mset.exe
  c:\documents and settings\yanette\mset.exe
  c:\windows\Bgopohekafom.dat
  
  
  
• Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

I am not on my computer but as soon i as i get on i will do this and then post it. Thanks

========== FILES ==========
c:\documents and settings\Owner.YOUR-DC3E0B8F38\Application Data\yahoo!\Mail\attach\msn.exe moved successfully.
c:\windows\system32\mset.exe moved successfully.
c:\documents and settings\yanette\mset.exe moved successfully.
c:\windows\Bgopohekafom.dat moved successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 09022009_163650

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

Thanks very much for everything the computer is running great now thanks for your help