the computer boots right to windows recovery mode. the only way to get to windows is to use the last configuration that worked option. also some web pages come up blank, i cant turn the firewall on or update windows and i cant seem to download avg antivirus properly. thanks for the help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:40 PM, on 12/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\RUNDLL32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://d-a-l.com/help/showthread.php?t=32403
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SetDefaultPrinter] c:\hp\bin\cloaker.exe c:\windows\system32\cmd.exe /c c:\hp\bin\defaultprinter\SetDefaultPrinter.cmd
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [RunOnce2Upd] "C:\WINDOWS\system32\KB_963493.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaE ngineMain
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4Duet\plugin\ bin\PCHButton.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Help and Support.lnk = C:\Program Files\Verizon Online\Help Support\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\Sen dTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Reso...s.10.6.0.6.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/C...CamControl.ocx
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
O20 - Winlogon Notify: ddabb - C:\WINDOWS\system32\ddabb.dll (file missing)
O20 - Winlogon Notify: partnershipreg - C:\WINDOWS\
O20 - Winlogon Notify: rqrqqop - rqrqqop.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - Unknown owner - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - Unknown owner - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (file missing)
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\program files\common files\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: OneCare Firewall (msfwsvc) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (file missing)
O23 - Service: OneCare AntiSpyware and AntiVirus (OneCareMP) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)
O24 - Desktop Component 0: (no name) - http://pffcu.org/images/newlogo2.jpg
O24 - Desktop Component 1: (no name) - http://us.i1.yimg.com/us.yimg.com/i/...bg2/vz/top.gif

--
End of file - 11414 bytes

Ad-Aware 2007
Adobe Acrobat - Reader 6.0.2 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Adobe Reader 7.0
Agere Systems PCI Soft Modem
AIM 6
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
AVG 7.5
Blackhawk Striker from Hewlett-Packard Desktops (remove only)
Blasterball 2 Remix from Hewlett-Packard Desktops (remove only)
Bounce Symphony from Hewlett-Packard Desktops (remove only)
CCleaner (remove only)
Crystal Maze from Hewlett-Packard Desktops (remove only)
Help and Support Additions
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
HP Deskjet Preloaded Printer Drivers
HP Image Zone 4.2
HP Organize
HP PSC & OfficeJet 4.0
HP Software Update
HP Unload DLL Patch
ImageMixer VCD/DVD2 for OLYMPUS
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
KBD
LimeWire 4.10.9
LiveUpdate 1.90 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Works 7.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
muvee autoProducer 3.5 magicMoments - HPD
NVIDIA GART Driver
OLYMPUS Master
Orbital from Hewlett-Packard Desktops (remove only)
Overball from Hewlett-Packard Desktops (remove only)
PC-Doctor for Windows
Polar Bowler from Hewlett-Packard Desktops (remove only)
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2004
QuickTime
RealPlayer
Road Ready Streetwise from Hewlett-Packard Desktops (remove only)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Shrek 2 Ogre Bowler from Hewlett-Packard Desktops (remove only)
Slyder from Hewlett-Packard Desktops (remove only)
Sonic RecordNow!
Spybot - Search & Destroy
SpywareBlaster v3.5.1
SpywareGuard v2.2
Tradewinds from Hewlett-Packard Desktops (remove only)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB922582)
Update for Windows XP (KB923845)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Updates from HP
Viewpoint Media Player
WeatherBug
Where in the World is Carmen Sandiego?
WildTangent GameChannel (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781

Welcome,

Please uninstall ffrom add/remove:

Viewpoint Media Player

Reboot



I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:

1. Run Spybot-S&D
2. Go to the Mode menu, and make sure "Advanced Mode" is selected
3. On the left hand side, choose Tools -> Resident
4. Uncheck "Resident TeaTimer" and OK any prompts

You can reenable TeaTimer once your system is clean.



If you have previously downloaded ComboFix,please delete that version now.

Now download COMBOFIX and save to your desktop:

Note:

It is IMPORTANT that it is saved directly to your desktop

Close any open browsers.

Disconnect from the Internet.

Double click on combofix.exe and follow the prompts.

When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Note:
Do not mouseclick combofix's window while it's running.

That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Sorry it took so long to reply.

Still booted to windwos rcovery mode and internet seems slower, although i was only on the d-a-l site and that seemed slow on another computer today too.

Here is the log. Let me know if there is anything else you need me to post. Thanks again for the help.

ComboFix 07-12-21.4 - HP_Owner 2007-12-22 15:22:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.191 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\Guest.DINNINGROOM\Application Data\SpamBlocker
C:\Documents and Settings\Guest\Start Menu\Programs\Startup\.lnk
C:\Documents and Settings\MEGAN\Application Data\SpamBlocker
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\Wallpaper\Party Horns.jpg
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\RunOnce2.t__
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_KYFI59


((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 )))))))))))))))))))))))))))))))
.

2007-12-13 08:33 . 2007-12-13 08:33 <DIR> d-------- C:\WINDOWS\wt
2007-12-13 03:01 . 2007-12-13 03:03 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-12-12 22:49 . 2007-12-12 22:49 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-12 22:49 . 2007-12-12 22:51 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\AVG7
2007-12-12 22:48 . 2007-12-12 22:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-12 22:24 . 2007-12-12 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-12 22:16 . 2007-12-12 22:16 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-12 03:16 . 2007-12-22 15:08 <DIR> d-------- C:\WINDOWS\LastGood
2007-12-11 22:46 . 2007-12-11 22:46 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-11 22:46 . 2007-12-11 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-11 22:05 . 2007-12-12 22:19 <DIR> d-------- C:\Program Files\SpywareGuard
2007-12-11 22:02 . 2007-12-11 22:14 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-11 22:02 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-12-11 21:55 . 2007-12-11 21:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-09 20:55 . 2007-12-09 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-09 20:45 . 2007-12-09 20:45 <DIR> d-------- C:\Program Files\CCleaner
2007-12-09 19:50 . 2007-12-13 21:49 <DIR> d-------- C:\Security
2007-12-02 16:37 . 2007-12-02 16:37 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Aim
2007-12-02 16:24 . 2007-12-02 16:24 212 --a------ C:\WINDOWS\Retrieve7.INI
2007-12-02 16:00 . 2007-12-02 16:00 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\InterVideo
2007-12-02 13:37 . 2007-12-02 13:37 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-02 13:28 . 2007-12-02 13:30 <DIR> d-------- C:\Program Files\AIM6
2007-12-02 13:09 . 2007-12-08 19:01 <DIR> d-------- C:\Program Files\AOL 9.1
2007-12-02 11:49 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-02 11:49 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-02 11:49 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-01 16:48 . 2007-12-01 16:48 3,684 --a------ C:\WINDOWS\system32\OEMINFO.PNF
2007-12-01 16:27 . 2007-10-10 18:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-01 16:27 . 2007-04-17 04:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-01 16:27 . 2007-03-08 00:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-01 16:27 . 2007-10-10 18:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-01 16:27 . 2007-10-10 18:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-01 16:27 . 2007-10-10 18:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-01 16:27 . 2007-10-10 18:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-01 16:27 . 2007-10-10 18:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-01 16:27 . 2007-10-10 05:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-01 15:54 . 2007-12-01 15:54 <DIR> d-------- C:\WINDOWS\system32\bits
2007-12-01 15:53 . 2007-03-29 07:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2007-12-01 15:53 . 2007-03-29 07:56 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2007-12-01 15:24 . 2007-12-09 19:24 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-11-30 15:51 . 2007-11-30 17:58 <DIR> d-------- C:\Program Files\Common Files\Verizon Online
2007-11-30 15:51 . 2003-05-29 20:05 49,210 --a------ C:\WINDOWS\system32\vzServices.dll
2007-11-30 08:16 . 2007-11-30 08:16 <DIR> d-------- C:\Program Files\PC-Doctor for Windows
2007-11-30 08:16 . 2003-04-10 16:04 139,264 --a------ C:\WINDOWS\system32\JavaAccessBridge.dll
2007-11-30 08:16 . 2004-04-15 20:30 86,016 --a------ C:\WINDOWS\system32\PcdrKernelModeServices.dll
2007-11-30 08:16 . 2003-04-10 16:04 77,824 --a------ C:\WINDOWS\system32\WindowsAccessBridge.dll
2007-11-30 08:16 . 2004-04-15 20:32 65,536 --a------ C:\WINDOWS\system32\ProgressTrace.dll
2007-11-30 08:16 . 2003-04-10 16:04 28,672 --a------ C:\WINDOWS\system32\JAWTAccessBridge.dll
2007-11-30 08:16 . 2004-04-15 20:30 21,024 --a------ C:\WINDOWS\system32\drivers\pcdrsrvc.pkms
2007-11-22 21:52 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-22 20:16 --------- d-----w C:\Program Files\Viewpoint
2007-12-22 20:16 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Viewpoint
2007-12-22 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-10 00:45 --------- d-----w C:\Program Files\Google
2007-12-09 17:17 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\WeatherBug
2007-12-09 00:03 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-09 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-09 00:01 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AOL
2007-12-02 23:24 3,885 ----a-w C:\WINDOWS\viassary-hp.reg
2007-12-02 21:37 --------- d-----w C:\Program Files\AIM
2007-12-02 21:36 --------- d-----w C:\Program Files\AOD
2007-12-02 18:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-30 22:19 --------- d-----w C:\Program Files\Common Files\Motive
2007-11-30 21:29 --------- d-----w C:\Program Files\WildTangent
2007-11-30 21:20 --------- d-----w C:\Program Files\Help and Support Additions
2007-11-30 17:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-30 17:33 --------- d-----w C:\Program Files\Symantec
2007-11-30 17:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-30 13:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-24 01:26 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2007-11-18 02:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-11-17 22:32 --------- d-----w C:\Program Files\Common Files\McAfee
2007-11-17 22:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-17 22:32 --------- d-----w C:\Documents and Settings\Administrator.YOUR-AE066C3A9B\Application Data\Viewpoint
2007-11-17 22:32 --------- d-----w C:\Documents and Settings\Administrator.YOUR-AE066C3A9B\Application Data\Motive
2007-11-16 00:54 --------- d-----w C:\Program Files\McAfee.com
2007-11-16 00:54 --------- d-----w C:\Program Files\McAfee
2007-11-15 22:23 --------- d-----w C:\Documents and Settings\Administrator.YOUR-AE066C3A9B\Application Data\AOL
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-01 01:17 --------- d-----w C:\Documents and Settings\MEGAN.YOUR-AE066C3A9B\Application Data\acccore
2007-10-24 11:11 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Flickr
2007-10-22 11:32 --------- d-----w C:\Program Files\Java
2007-01-18 15:01 12,577 -c--a-w C:\Program Files\Common Files\freecell.jpg
2005-12-10 15:26 6,944 -c--a-w C:\Documents and Settings\All Users\Application Data\ypinfo.bin
2004-08-04 12:00 8,151 -c--a-w C:\Program Files\Common Files\FREECELL.CH_
2004-08-04 12:00 55,296 -c--a-w C:\Program Files\Common Files\freecell.exe
2004-08-04 12:00 27,395 -c--a-w C:\Program Files\Common Files\FREECELL.EX_
2004-08-04 12:00 2,201 -c--a-w C:\Program Files\Common Files\FREECELL.HL_
2004-08-04 12:00 15,803 -c--a-w C:\Program Files\Common Files\freecell.chm
2004-08-04 12:00 12,457 -c--a-w C:\Program Files\Common Files\freecell.hlp
2006-01-15 23:12 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
2007-05-21 23:09 1,500,218 --sha-w C:\WINDOWS\system32\bbadd.bak1
2007-06-06 10:30 1,586,280 --sha-w C:\WINDOWS\system32\bbadd.bak2
2007-06-08 03:23 1,463,296 --sha-w C:\WINDOWS\system32\bbadd.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\Pavilion\XP HWWBF4Duet\plugin\bin\PCHButton.exe" [2004-08-07 16:35]
"Sonic RecordNow!"="" []
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.ex e" [2004-11-08 16:13]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" []
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 14:51]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-07 16:03]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" []
"VTTimer"="VTTimer.exe" []
"AGRSMMSG"="AGRSMMSG.exe" []
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 11:58 C:\WINDOWS\SOUNDMAN.EXE]
"SetDefaultPrinter"="c:\hp\bin\cloaker.exe" [1999-11-07 09:11]
"AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 14:55]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 13:02]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-05 18:05 C:\WINDOWS\ALCWZRD.EXE]
"WildTangent CDA"="RUNDLL32.exe" [2004-08-04 14:00 C:\WINDOWS\system32\rundll32.exe]
"WT GameChannel"="C:\Program Files\WildTangent\Apps\GameChannel.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-12 22:48]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-12 22:49]

C:\Documents and Settings\Shannon\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-02-16 16:55:37]
TrueAssistant.lnk - C:\Program Files\TrueAssistant\TrueAssistant.exe [2005-04-02 07:35:00]

C:\Documents and Settings\Administrator.YOUR-AE066C3A9B\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

C:\Documents and Settings\Bridget\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-02-16 16:55:37]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddabb]
C:\WINDOWS\system32\ddabb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrqqop]
rqrqqop.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-12-14 02:45:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-30 13:24:58 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
************************************************** ************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 15:39:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\drivers\Kyfi59.sys 185344 bytes executable
C:\WINDOWS\system32\drivers\symavc32.sys 178688 bytes executable

scan completed successfully
hidden files: 2

************************************************** ************************
.
Completion time: 2007-12-22 15:41:10 - machine was rebooted
.
2007-12-14 08:01:37 --- E O F ---

DAL site is very slow for me also, seems unstable and hard to post because of it.

Combofix is showing some vundo trojan files


Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.



Go here to learn how to show hidden files/folders:

http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5

Re-hide after we are done



Scan these suspicious files please:



Go to next site:
http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:


C:\WINDOWS\imsins.BAK


Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.


If that one is to busy here is another option:


http://virusscan.jotti.org

And

http://www.kaspersky.com/scanforvirus.html


Do the same for this:

C:\WINDOWS\Retrieve7.INI


You can delete this folder if still present:

C:\Program Files\Viewpoint


New combofix log please with continued feedback on how things are now please.

vundo fix didn;t find anything. i scanned the two folders with kapersky the first option gave no results after at least an hour) and it said they were clean. the computer still boots to the recovery console. certian web page items do not show up... like windows update (the whole thing) and the button to download firefox is not there. also for some strange reason some folders, like the c drive, go to search when you double click them... i have to right click and choose open to open them. aslo certain parts of avg do not work, like the updater, the resident shield and the email scanner. here is the combo, vudo and hjt logs. thanks again for the help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:26 PM, on 12/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\RUNDLL32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://d-a-l.com/help/showthread.php?t=54511
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SetDefaultPrinter] c:\hp\bin\cloaker.exe c:\windows\system32\cmd.exe /c c:\hp\bin\defaultprinter\SetDefaultPrinter.cmd
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaE ngineMain
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4Duet\plugin\ bin\PCHButton.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Help and Support.lnk = C:\Program Files\Verizon Online\Help Support\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\Sen dTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Reso...s.10.6.0.6.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/C...CamControl.ocx
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
O20 - Winlogon Notify: ddabb - C:\WINDOWS\system32\ddabb.dll (file missing)
O20 - Winlogon Notify: rqrqqop - rqrqqop.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - Unknown owner - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - Unknown owner - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (file missing)
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\program files\common files\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: OneCare Firewall (msfwsvc) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (file missing)
O23 - Service: OneCare AntiSpyware and AntiVirus (OneCareMP) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)
O24 - Desktop Component 0: (no name) - http://pffcu.org/images/newlogo2.jpg
O24 - Desktop Component 1: (no name) - http://us.i1.yimg.com/us.yimg.com/i/...bg2/vz/top.gif

--
End of file - 10413 bytes

ComboFix 07-12-21.4 - HP_Owner 2007-12-27 21:09:01.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.154 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\KYFI59.sys
C:\WINDOWS\system32\drivers\symavc32.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_KYFI59


((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))
.

2007-12-27 18:04 . 2007-12-27 18:04 <DIR> d-------- C:\VundoFix Backups
2007-12-13 08:33 . 2007-12-27 17:39 <DIR> d-------- C:\WINDOWS\wt
2007-12-13 03:01 . 2007-12-13 03:03 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-12-12 22:49 . 2007-12-12 22:49 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-12 22:49 . 2007-12-12 22:51 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\AVG7
2007-12-12 22:48 . 2007-12-12 22:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-12 22:24 . 2007-12-12 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-12 22:16 . 2007-12-12 22:16 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-11 22:46 . 2007-12-11 22:46 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-11 22:46 . 2007-12-11 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-11 22:05 . 2007-12-12 22:19 <DIR> d-------- C:\Program Files\SpywareGuard
2007-12-11 22:02 . 2007-12-11 22:14 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-11 22:02 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-12-11 21:55 . 2007-12-11 21:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-09 20:55 . 2007-12-09 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-09 20:45 . 2007-12-09 20:45 <DIR> d-------- C:\Program Files\CCleaner
2007-12-09 19:50 . 2007-12-13 21:49 <DIR> d-------- C:\Security
2007-12-02 16:37 . 2007-12-02 16:37 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Aim
2007-12-02 16:24 . 2007-12-02 16:24 212 --a------ C:\WINDOWS\Retrieve7.INI
2007-12-02 16:00 . 2007-12-02 16:00 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\InterVideo
2007-12-02 13:37 . 2007-12-02 13:37 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-02 13:28 . 2007-12-02 13:30 <DIR> d-------- C:\Program Files\AIM6
2007-12-02 13:09 . 2007-12-08 19:01 <DIR> d-------- C:\Program Files\AOL 9.1
2007-12-02 11:49 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-02 11:49 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-02 11:49 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-01 16:48 . 2007-12-01 16:48 3,684 --a------ C:\WINDOWS\system32\OEMINFO.PNF
2007-12-01 16:27 . 2007-10-10 18:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-01 16:27 . 2007-04-17 04:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-01 16:27 . 2007-03-08 00:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-01 16:27 . 2007-10-10 18:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-01 16:27 . 2007-10-10 18:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-01 16:27 . 2007-10-10 18:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-01 16:27 . 2007-10-10 18:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-01 16:27 . 2007-10-10 18:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-01 16:27 . 2007-10-10 05:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-01 15:54 . 2007-12-01 15:54 <DIR> d-------- C:\WINDOWS\system32\bits
2007-12-01 15:53 . 2007-03-29 07:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2007-12-01 15:53 . 2007-03-29 07:56 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2007-12-01 15:24 . 2007-12-09 19:24 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-11-30 15:51 . 2007-11-30 17:58 <DIR> d-------- C:\Program Files\Common Files\Verizon Online
2007-11-30 15:51 . 2003-05-29 20:05 49,210 --a------ C:\WINDOWS\system32\vzServices.dll
2007-11-30 08:16 . 2007-11-30 08:16 <DIR> d-------- C:\Program Files\PC-Doctor for Windows
2007-11-30 08:16 . 2003-04-10 16:04 139,264 --a------ C:\WINDOWS\system32\JavaAccessBridge.dll
2007-11-30 08:16 . 2004-04-15 20:30 86,016 --a------ C:\WINDOWS\system32\PcdrKernelModeServices.dll
2007-11-30 08:16 . 2003-04-10 16:04 77,824 --a------ C:\WINDOWS\system32\WindowsAccessBridge.dll
2007-11-30 08:16 . 2004-04-15 20:32 65,536 --a------ C:\WINDOWS\system32\ProgressTrace.dll
2007-11-30 08:16 . 2003-04-10 16:04 28,672 --a------ C:\WINDOWS\system32\JAWTAccessBridge.dll
2007-11-30 08:16 . 2004-04-15 20:30 21,024 --a------ C:\WINDOWS\system32\drivers\pcdrsrvc.pkms

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-22 20:44 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\WeatherBug
2007-12-22 20:16 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Viewpoint
2007-12-22 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-10 00:45 --------- d-----w C:\Program Files\Google
2007-12-09 00:03 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-09 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-09 00:01 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AOL
2007-12-02 23:24 3,885 ----a-w C:\WINDOWS\viassary-hp.reg
2007-12-02 21:37 --------- d-----w C:\Program Files\AIM
2007-12-02 21:36 --------- d-----w C:\Program Files\AOD
2007-12-02 18:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-30 22:19 --------- d-----w C:\Program Files\Common Files\Motive
2007-11-30 21:29 --------- d-----w C:\Program Files\WildTangent
2007-11-30 21:20 --------- d-----w C:\Program Files\Help and Support Additions
2007-11-30 17:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-30 17:33 --------- d-----w C:\Program Files\Symantec
2007-11-30 17:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-30 13:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-24 01:26 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2007-11-18 02:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-11-17 22:32 --------- d-----w C:\Program Files\Common Files\McAfee
2007-11-17 22:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-17 22:32 --------- d-----w C:\Documents and Settings\Administrator.YOUR-AE066C3A9B\Application Data\Viewpoint
2007-11-17 22:32 --------- d-----w C:\Documents and Settings\Administrator.YOUR-AE066C3A9B\Application Data\Motive
2007-11-16 00:54 --------- d-----w C:\Program Files\McAfee.com
2007-11-16 00:54 --------- d-----w C:\Program Files\McAfee
2007-11-15 22:23 --------- d-----w C:\Documents and Settings\Administrator.YOUR-AE066C3A9B\Application Data\AOL
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-01 01:17 --------- d-----w C:\Documents and Settings\MEGAN.YOUR-AE066C3A9B\Application Data\acccore
2007-01-18 15:01 12,577 -c--a-w C:\Program Files\Common Files\freecell.jpg
2005-12-10 15:26 6,944 -c--a-w C:\Documents and Settings\All Users\Application Data\ypinfo.bin
2004-08-04 12:00 8,151 -c--a-w C:\Program Files\Common Files\FREECELL.CH_
2004-08-04 12:00 55,296 -c--a-w C:\Program Files\Common Files\freecell.exe
2004-08-04 12:00 27,395 -c--a-w C:\Program Files\Common Files\FREECELL.EX_
2004-08-04 12:00 2,201 -c--a-w C:\Program Files\Common Files\FREECELL.HL_
2004-08-04 12:00 15,803 -c--a-w C:\Program Files\Common Files\freecell.chm
2004-08-04 12:00 12,457 -c--a-w C:\Program Files\Common Files\freecell.hlp
2006-01-15 23:12 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
2007-05-21 23:09 1,500,218 --sha-w C:\WINDOWS\system32\bbadd.bak1
2007-06-06 10:30 1,586,280 --sha-w C:\WINDOWS\system32\bbadd.bak2
2007-06-08 03:23 1,463,296 --sha-w C:\WINDOWS\system32\bbadd.ini2
.

((((((((((((((((((((((((((((( snapshot@2007-12-22_15.40.44.64 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-08-20 10:04:41 193,024 ------w C:\WINDOWS\system32\msrating.dll
+ 2007-10-10 23:55:58 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2007-08-20 10:04:42 232,960 ------w C:\WINDOWS\system32\webcheck.dll
+ 2007-10-10 2300 232,960 ------w C:\WINDOWS\system32\webcheck.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\Pavilion\XP HWWBF4Duet\plugin\bin\PCHButton.exe" [2004-08-07 16:35]
"Sonic RecordNow!"="" []
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.ex e" [2004-11-08 16:13]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" []
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 14:51]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-07 16:03]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" []
"VTTimer"="VTTimer.exe" []
"AGRSMMSG"="AGRSMMSG.exe" []
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 11:58 C:\WINDOWS\SOUNDMAN.EXE]
"SetDefaultPrinter"="c:\hp\bin\cloaker.exe" [1999-11-07 09:11]
"AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 14:55]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 13:02]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-05 18:05 C:\WINDOWS\ALCWZRD.EXE]
"WildTangent CDA"="RUNDLL32.exe" [2004-08-04 14:00 C:\WINDOWS\system32\rundll32.exe]
"WT GameChannel"="C:\Program Files\WildTangent\Apps\GameChannel.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-12 22:48]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-12 22:49]

C:\Documents and Settings\Shannon\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-02-16 16:55:37]
TrueAssistant.lnk - C:\Program Files\TrueAssistant\TrueAssistant.exe [2005-04-02 07:35:00]

C:\Documents and Settings\Administrator.YOUR-AE066C3A9B\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

C:\Documents and Settings\Bridget\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-02-16 16:55:37]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddabb]
C:\WINDOWS\system32\ddabb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrqqop]
rqrqqop.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-12-14 02:45:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-30 13:24:58 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
************************************************** ************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 21:18:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-12-27 21:19:20 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-22 15:41
.
2007-12-27 22:43:41 --- E O F ---




VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 6:04:42 PM 12/27/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

Please disable SpywareGuard, as it may interfere with some of our HijackThis fixes:

1. Right click the SpywareGuard icon in the System Tray at the bottom-right corner of the screen and open the program.
2. Then go to Menu > File > Exit.
3. Then confirm the program is closed.

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\bbadd.bak1
C:\WINDOWS\system32\bbadd.bak2
C:\WINDOWS\system32\bbadd.ini2
C:\WINDOWS\system32\rqrqqop.dll
C:\WINDOWS\system32\ddabb.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddabb]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrqqop]

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.






This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.


Also...



Please download and install SUPERAntiSpyware Trial Pro Edition http://www.superantispyware.com/superantispyware.html

* Load SUPERAntiSpyware and click the Check for Updates button.
* Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!


IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.

* Open SUPERAntiSpyware and click the Scan your Computer button.
* Check Perform Complete Scan and then click Next.
* SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
* Make sure that they all have a check next to them, and then click Next.
* Click Finish and you will be taken back to the main interface.
* It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
* I'll need a log afterwards of what has been found.
* To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
* Please post the results of the [color=blue]SUPERAntiSpyware[/b] log in your next reply.

Still booting to windows recovery console and things are still missing on the internet (like the button to download firefox, windows update etc.). Here are the latest logs. Thanks again.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:07 PM, on 1/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://d-a-l.com/help/showthread.php?t=54511
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SetDefaultPrinter] c:\hp\bin\cloaker.exe c:\windows\system32\cmd.exe /c c:\hp\bin\defaultprinter\SetDefaultPrinter.cmd
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4Duet\plugin\ bin\PCHButton.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Help and Support.lnk = C:\Program Files\Verizon Online\Help Support\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\Sen dTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Reso...s.10.6.0.6.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/C...CamControl.ocx
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - Unknown owner - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - Unknown owner - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (file missing)
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\program files\common files\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: OneCare Firewall (msfwsvc) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (file missing)
O23 - Service: OneCare AntiSpyware and AntiVirus (OneCareMP) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)
O24 - Desktop Component 0: (no name) - http://pffcu.org/images/newlogo2.jpg
O24 - Desktop Component 1: (no name) - http://us.i1.yimg.com/us.yimg.com/i/...bg2/vz/top.gif

--
End of file - 9787 bytes

ComboFix 08-01-03.3 - HP_Owner 2008-01-02 18:17:42.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.187 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\bbadd.bak1
C:\WINDOWS\system32\bbadd.bak2
C:\WINDOWS\system32\bbadd.ini2
C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\rqrqqop.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bbadd.bak1
C:\WINDOWS\system32\bbadd.bak2
C:\WINDOWS\system32\bbadd.ini2
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.

2008-01-02 18:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 18:08 . 2008-01-02 18:14 <DIR> d-------- C:\WINDOWS\LastGood
2007-12-27 21:49 . 2007-12-27 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-13 08:33 . 2007-12-27 17:39 <DIR> d-------- C:\WINDOWS\wt
2007-12-13 03:01 . 2007-12-13 03:03 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-12-12 22:16 . 2007-12-12 22:16 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-11 22:46 . 2007-12-11 22:46 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-11 22:46 . 2007-12-11 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-11 22:05 . 2007-12-12 22:19 <DIR> d-------- C:\Program Files\SpywareGuard
2007-12-11 22:02 . 2007-12-11 22:14 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-11 22:02 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-12-11 21:55 . 2007-12-11 21:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-09 20:55 . 2007-12-09 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-09 20:45 . 2007-12-09 20:45 <DIR> d-------- C:\Program Files\CCleaner
2007-12-09 19:50 . 2008-01-02 18:09 <DIR> d-------- C:\Security

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-28 02:44 --------- d-----w C:\Program Files\AIM
2007-12-28 02:44 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Aim
2007-12-22 20:44 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\WeatherBug
2007-12-22 20:16 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Viewpoint
2007-12-22 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-10 00:45 --------- d-----w C:\Program Files\Google
2007-12-10 00:24 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2007-12-09 00:03 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-09 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-09 00:01 --------- d-----w C:\Program Files\AOL 9.1
2007-12-09 00:01 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AOL
2007-12-02 23:24 3,885 ----a-w C:\WINDOWS\viassary-hp.reg
2007-12-02 21:36 --------- d-----w C:\Program Files\AOD
2007-12-02 21:00 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\InterVideo
2007-12-02 18:37 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-02 18:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-30 22:58 --------- d-----w C:\Program Files\Common Files\Verizon Online
2007-11-30 22:19 --------- d-----w C:\Program Files\Common Files\Motive
2007-11-30 21:29 --------- d-----w C:\Program Files\WildTangent
2007-11-30 21:20 --------- d-----w C:\Program Files\Help and Support Additions
2007-11-30 17:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-30 17:33 --------- d-----w C:\Program Files\Symantec
2007-11-30 17:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-30 13:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-30 13:16 --------- d-----w C:\Program Files\PC-Doctor for Windows
2007-11-24 01:26 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2007-11-18 02:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-11-17 22:32 --------- d-----w C:\Program Files\Common Files\McAfee
2007-11-17 22:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-17 22:32 --------- d-----w C:\Documents and Settings\Administrator.YOUR-AE066C3A9B\Application Data\Viewpoint
2007-11-17 22:32 --------- d-----w C:\Documents and Settings\Administrator.YOUR-AE066C3A9B\Application Data\Motive
2007-11-16 00:54 --------- d-----w C:\Program Files\McAfee.com
2007-11-16 00:54 --------- d-----w C:\Program Files\McAfee
2007-11-15 22:23 --------- d-----w C:\Documents and Settings\Administrator.YOUR-AE066C3A9B\Application Data\AOL
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 17:45 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-10-27 17:45 348,160 ------w C:\WINDOWS\system32\msvcr71.dll
2007-10-26 03:36 8,454,656 ----a-w C:\WINDOWS\system32\shell32(4)(2).dll
2007-01-18 15:01 12,577 -c--a-w C:\Program Files\Common Files\freecell.jpg
2005-12-10 15:26 6,944 -c--a-w C:\Documents and Settings\All Users\Application Data\ypinfo.bin
2004-08-04 12:00 8,151 -c--a-w C:\Program Files\Common Files\FREECELL.CH_
2004-08-04 12:00 55,296 -c--a-w C:\Program Files\Common Files\freecell.exe
2004-08-04 12:00 27,395 -c--a-w C:\Program Files\Common Files\FREECELL.EX_
2004-08-04 12:00 2,201 -c--a-w C:\Program Files\Common Files\FREECELL.HL_
2004-08-04 12:00 15,803 -c--a-w C:\Program Files\Common Files\freecell.chm
2004-08-04 12:00 12,457 -c--a-w C:\Program Files\Common Files\freecell.hlp
2006-01-15 23:12 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Acme.PCHButton"="C:\PROGRA~1\HELPAN~1\Pavilion\XP HWWBF4Duet\plugin\bin\PCHButton.exe" [2004-08-07 16:35 159744]
"Sonic RecordNow!"="" []
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.ex e" [2004-11-08 16:13 1597440]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 14:51 118784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-07 16:03 180269]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [ ]
"VTTimer"="VTTimer.exe" []
"AGRSMMSG"="AGRSMMSG.exe" []
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 11:58 73728 C:\WINDOWS\SOUNDMAN.EXE]
"SetDefaultPrinter"="c:\hp\bin\cloaker.exe" [1999-11-07 09:11 27136]
"AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" [ ]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 14:55 155648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 13:02 61440]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-05 18:05 2550272 C:\WINDOWS\ALCWZRD.EXE]
"WildTangent CDA"="C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll" [2004-05-10 19:40 64512]
"WT GameChannel"="C:\Program Files\WildTangent\Apps\GameChannel.exe" [ ]

C:\Documents and Settings\Shannon\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-02-16 16:55:37]
TrueAssistant.lnk - C:\Program Files\TrueAssistant\TrueAssistant.exe [2005-04-02 07:35:00]

C:\Documents and Settings\Administrator.YOUR-AE066C3A9B\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

C:\Documents and Settings\Bridget\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-02-16 16:55:37]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\OneCareMP]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-12-28 02:45:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-30 13:24:58 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 1859
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-01-03 18:22:43
ComboFix-quarantined-files.txt 2008-01-03 23:22:35
ComboFix2.txt 2007-12-28 02:19:21
ComboFix3.txt 2007-12-22 20:41:10
.
2008-01-02 23:10:02 --- E O F ---

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/03/2008 at 08:23 PM

Application Version : 3.9.1008

Core Rules Database Version : 3371
Trace Rules Database Version: 1366

Scan type : Complete Scan
Total Scan Time : 00:55:52

Memory items scanned : 428
Memory threats detected : 0
Registry items scanned : 6662
Registry threats detected : 0
File items scanned : 58686
File threats detected : 394

Adware.HotBar/SpamBlockerUtility (Low Risk)
C:\Program Files\SpamBlockerUtility_Icons\Keep-your-PC-private.ico
C:\Program Files\SpamBlockerUtility_Icons\Software_Online_8.i co
C:\Program Files\SpamBlockerUtility_Icons\wallpapere1.ico
C:\Program Files\SpamBlockerUtility_Icons

Adware.Tracking Cookie
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@1-click[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@2o7[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@4.adb rite[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@ad.yi eldmanager[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@adbri te[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@adbri te[3].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@adleg end[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@adopt .euroclick[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@ads.a dbrite[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@ads.a ddynamix[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@ads.a s4x.tmcs[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@ads.m ediamayhemcorp[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@ads.p ointroll[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@adtec h[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@adver tising[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@atdmt[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@atwol a[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@blues treak[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@casal emedia[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@cbs.1 12.2o7[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@doubl eclick[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@edge. ru4[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@ehg-ubid.hitbox[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@fastc lick[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@hitbo x[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@imrwo rldwide[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@inter click[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@media .adrevolver[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@media plex[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@nexta g[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@overt ure[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@partn er2profit[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@perf. overture[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@preci sionclick[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@publi shers.clickbooth[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@quest ionmarket[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@realm edia[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@servi ng-sys[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@statc ounter[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@tacod a[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@track ing.bidmonarch[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@trade doubler[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@traff icmp[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@viamt vcom.112.2o7[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@www.a ddfreestats[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@www.b urstbeacon[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@www.b urstnet[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@www.g oogleadservices[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@www.g oogleadservices[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Cookies\bridget@zedo[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Local Settings\Temp\Cookies\bridget@2o7[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Local Settings\Temp\Cookies\bridget@a.websponsors[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Local Settings\Temp\Cookies\bridget@ad.yieldmanager[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Local Settings\Temp\Cookies\bridget@adbrite[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Local Settings\Temp\Cookies\bridget@adrevolver[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Local Settings\Temp\Cookies\bridget@adrevolver[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Local Settings\Temp\Cookies\bridget@advertising[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Local Settings\Temp\Cookies\bridget@atdmt[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Local Settings\Temp\Cookies\bridget@belnk[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Local Settings\Temp\Cookies\bridget@casalemedia[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Local Settings\Temp\Cookies\bridget@dist.belnk[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Local Settings\Temp\Cookies\bridget@doubleclick[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Local Settings\Temp\Cookies\bridget@fastclick[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Local Settings\Temp\Cookies\bridget@geo.precisionclick[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Local Settings\Temp\Cookies\bridget@maxserving[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Local Settings\Temp\Cookies\bridget@mediaplex[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Local Settings\Temp\Cookies\bridget@questionmarket[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Local Settings\Temp\Cookies\bridget@realmedia.co[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Local Settings\Temp\Cookies\bridget@realmedia[2].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Local Settings\Temp\Cookies\bridget@tradedoubler[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Local Settings\Temp\Cookies\bridget@trafficmp[1].txt
C:\Documents and Settings\Bridget.DINNINGROOM\Local Settings\Temp\Cookies\bridget@tribalfusion[1].txt
C:\Documents and Settings\Daddy\Cookies\daddy@2o7[2].txt
C:\Documents and Settings\Daddy\Cookies\daddy@a.websponsors[2].txt
C:\Documents and Settings\Daddy\Cookies\daddy@ad-logics[1].txt
C:\Documents and Settings\Daddy\Cookies\daddy@ad.yieldmanager[1].txt
C:\Documents and Settings\Daddy\Cookies\daddy@adopt.specificclick[2].txt
C:\Documents and Settings\Daddy\Cookies\daddy@adorigin[2].txt
C:\Documents and Settings\Daddy\Cookies\daddy@adrevolver[2].txt
C:\Documents and Settings\Daddy\Cookies\daddy@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Daddy\Cookies\daddy@ads.pointroll[2].txt
C:\Documents and Settings\Daddy\Cookies\daddy@adv.webmd[1].txt
C:\Documents and Settings\Daddy\Cookies\daddy@apmebf[1].txt
C:\Documents and Settings\Daddy\Cookies\daddy@atdmt[2].txt
C:\Documents and Settings\Daddy\Cookies\daddy@atwola[2].txt
C:\Documents and Settings\Daddy\Cookies\daddy@belnk[1].txt
C:\Documents and Settings\Daddy\Cookies\daddy@bs.serving-sys[1].txt
C:\Documents and Settings\Daddy\Cookies\daddy@burstnet[2].txt
C:\Documents and Settings\Daddy\Cookies\daddy@casalemedia[2].txt
C:\Documents and Settings\Daddy\Cookies\daddy@citi.bridgetrack[1].txt
C:\Documents and Settings\Daddy\Cookies\daddy@commission-junction[2].txt
C:\Documents and Settings\Daddy\Cookies\daddy@dist.belnk[2].txt
C:\Documents and Settings\Daddy\Cookies\daddy@edge.ru4[1].txt
C:\Documents and Settings\Daddy\Cookies\daddy@ehg.hitbox[1].txt
C:\Documents and Settings\Daddy\Cookies\daddy@fastclick[2].txt
C:\Documents and Settings\Daddy\Cookies\daddy@icc.intellisrv[2].txt
C:\Documents and Settings\Daddy\Cookies\daddy@mediaplex[1].txt
C:\Documents and Settings\Daddy\Cookies\daddy@neworleansexpresshote l[1].txt
C:\Documents and Settings\Daddy\Cookies\daddy@nextag[1].txt
C:\Documents and Settings\Daddy\Cookies\daddy@nude-adult-vacations.yohere.walks.pila[2].txt
C:\Documents and Settings\Daddy\Cookies\daddy@phg.hitbox[1].txt
C:\Documents and Settings\Daddy\Cookies\daddy@revsci[2].txt
C:\Documents and Settings\Daddy\Cookies\daddy@roiservice[2].txt
C:\Documents and Settings\Daddy\Cookies\daddy@sales.liveperson[1].txt
C:\Documents and Settings\Daddy\Cookies\daddy@server.iad.liveperson[1].txt
C:\Documents and Settings\Daddy\Cookies\daddy@serving-sys[2].txt
C:\Documents and Settings\Daddy\Cookies\daddy@tradedoubler[1].txt
C:\Documents and Settings\Daddy\Cookies\daddy@trafficmp[1].txt
C:\Documents and Settings\Daddy\Cookies\daddy@umstreet.adbureau[1].txt
C:\Documents and Settings\Daddy\Cookies\daddy@z1.adserver[1].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@1-click[1].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@a.webspon sors[2].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@adbrite[2].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@adinterax[1].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@adopt.spe cificclick[1].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@ads.as4x. tmcs[2].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@ads.web.a ol[1].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@adv.webmd[1].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@atdmt[2].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@atwola[1].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@bluestrea k[1].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@bs.servin g-sys[2].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@c.enhance[1].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@data1.per f.overture[2].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@data2.per f.overture[2].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@data3.per f.overture[1].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@dealtime[1].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@edge.ru4[2].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@ehg-publiciswest.hitbox[2].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@ehg-verizoncommunications.hitbox[2].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@fastclick[1].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@hitbox[1].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@icc.intel lisrv[2].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@interclic k[2].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@microsoft office.112.2o7[1].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@mywebsear ch[2].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@nextag[1].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@overture[1].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@partner2p rofit[2].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@questionm arket[2].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@sales.liv eperson[2].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@serving-sys[1].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@specificc lick[2].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@stat.deal time[1].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@statcount er[2].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@stats.loa d[1].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@www.traff icstrategies[2].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@yfdmedia[1].txt
C:\Documents and Settings\Daddy.DINNINGROOM\Cookies\daddy@z1.adserv er[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@67.15.239[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@67.15.239[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@67.15.239[3].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@67.15.239[5].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@67.15.239[6].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@a.websponsors[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@adinterax[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@adlegend[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@adrevolver[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@adrevolver[3].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@ads.as4x.tmcs[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@ads.associatedcontent[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@ads.godtube[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@ads.lasvegas[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@ads.monster[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@adserver[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@advertising[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@aff.primaryads[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@anat.tacoda[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@apmebf[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@atwola[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@azjmp[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@azoogleads[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@bestmanage2[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@bizrate[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@bs.serving-sys[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@burstnet[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@clickit[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@cpvfeed[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@dealtime[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@drivecleaner[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@e-2dj6wfkocnazalo.stats.esomniture[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@e-2dj6wjlyagc5scp.stats.esomniture[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@ehg-verizon.hitbox[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@enhance[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@fastclick[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@go.drivecleaner[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@heavycom.122.2o7[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@hitbox[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@hornymatches[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@klik.klikadvertising[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@mediaplex[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@metareward[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@nextag[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@orlando.yahoo.idx.pru4cor ners[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@orlando.yahoo.pru4corners[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@overture[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@partner2profit[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@perf.overture[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@pro-market[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@qksrv[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@revsci[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@richmedia.yahoo[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@roiservice[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@sales.liveperson[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@serving-sys[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@spamblockerutility[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@stat.dealtime[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@statcounter[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@stats.drivecleaner[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@stats.privacyprotector[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@tacoda[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@toseeka[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@track.searchignite[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@tracker.icerocket[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@trafficmp[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@upspiral[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@winantivirus[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@www.burstbeacon[2].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@www.burstnet[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@www.drivecleaner[1].txt
C:\Documents and Settings\DADDY.YOUR-AE066C3A9B\Cookies\daddy@www.hornymatches[1].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@a.webspon sors[2].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@adinterax[2].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@adrevolve r[1].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@adrevolve r[3].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@ads.addyn amix[1].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@ads.monst er[1].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@apmebf[1].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@atlas.fix ionmedia[1].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@azjmp[2].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@casalemed ia[1].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@cbs.112.2 o7[1].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@cc.bridge track[1].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@doublecli ck[2].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@edge.ru4[1].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@fastclick[1].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@hitbox[2].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@nextag[1].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@partner2p rofit[1].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@perf.over ture[1].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@questionm arket[1].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@sexstorie spost[1].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@sextracke r[1].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@tacoda[2].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@thejoewyl dband.tripod[2].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@totalvid. 122.2o7[1].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@tribalfus ion[2].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@tripod[1].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@try.starw are[1].txt
C:\Documents and Settings\Guest.DINNINGROOM\Cookies\guest@www.burst beacon[2].txt
C:\Documents and Settings\Guest.YOUR-AE066C3A9B\Cookies\guest@2o7[2].txt
C:\Documents and Settings\Guest.YOUR-AE066C3A9B\Cookies\guest@67.15.239[2].txt
C:\Documents and Settings\Guest.YOUR-AE066C3A9B\Cookies\guest@67.15.239[3].txt
C:\Documents and Settings\Guest.YOUR-AE066C3A9B\Cookies\guest@67.15.239[4].txt
C:\Documents and Settings\Guest.YOUR-AE066C3A9B\Cookies\guest@67.15.239[5].txt
C:\Documents and Settings\Guest.YOUR-AE066C3A9B\Cookies\guest@67.15.239[6].txt
C:\Documents and Settings\Guest.YOUR-AE066C3A9B\Cookies\guest@adinterax[2].txt
C:\Documents and Settings\Guest.YOUR-AE066C3A9B\Cookies\guest@adopt.euroclick[2].txt
C:\Documents and Settings\Guest.YOUR-AE066C3A9B\Cookies\guest@adopt.specificclick[1].txt
C:\Documents and Settings\Guest.YOUR-AE066C3A9B\Cookies\guest@apmebf[2].txt
C:\Documents and Settings\Guest.YOUR-AE066C3A9B\Cookies\guest@atwola[1].txt
C:\Documents and Settings\Guest.YOUR-AE066C3A9B\Cookies\guest@expclicks[2].txt
C:\Documents and Settings\Guest.YOUR-AE066C3A9B\Cookies\guest@findwhat[1].txt
C:\Documents and Settings\Guest.YOUR-AE066C3A9B\Cookies\guest@mediaplex[2].txt
C:\Documents and Settings\Guest.YOUR-AE066C3A9B\Cookies\guest@overture[2].txt
C:\Documents and Settings\Guest.YOUR-AE066C3A9B\Cookies\guest@realmedia[2].txt
C:\Documents and Settings\Guest.YOUR-AE066C3A9B\Cookies\guest@richmedia.yahoo[2].txt
C:\Documents and Settings\Guest.YOUR-AE066C3A9B\Cookies\guest@serving-sys[1].txt
C:\Documents and Settings\Guest.YOUR-AE066C3A9B\Cookies\guest@specificclick[1].txt
C:\Documents and Settings\Guest.YOUR-AE066C3A9B\Cookies\guest@statcounter[1].txt
C:\Documents and Settings\Guest.YOUR-AE066C3A9B\Cookies\guest@toseeka[2].txt
C:\Documents and Settings\Guest.YOUR-AE066C3A9B\Cookies\guest@trafficmp[1].txt
C:\Documents and Settings\Guest.YOUR-AE066C3A9B\Cookies\guest@tribalfusion[2].txt
C:\Documents and Settings\Guest.YOUR-AE066C3A9B\Cookies\guest@zedo[2].txt
C:\Documents and Settings\MEGAN\Cookies\megan@2o7[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@2o7[2].txt
C:\Documents and Settings\MEGAN\Cookies\megan@a.websponsors[2].txt
C:\Documents and Settings\MEGAN\Cookies\megan@adbrite[2].txt
C:\Documents and Settings\MEGAN\Cookies\megan@adcentriconline[2].txt
C:\Documents and Settings\MEGAN\Cookies\megan@adecn[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@adinterax[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@adknowledge[2].txt
C:\Documents and Settings\MEGAN\Cookies\megan@adopt.euroclick[2].txt
C:\Documents and Settings\MEGAN\Cookies\megan@adopt.specificclick[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@adrevolver[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@ads.cartoonnetwork[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@ads.freeonlinegames[2].txt
C:\Documents and Settings\MEGAN\Cookies\megan@ads.glispa[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@ads.monster[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@ads.pointroll[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@ads.realtechnetwork[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@ads.revsci[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@ads2.drivelinemedia[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@adverticum[2].txt
C:\Documents and Settings\MEGAN\Cookies\megan@atwola[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@audiomixer.oddcast[2].txt
C:\Documents and Settings\MEGAN\Cookies\megan@audit.median[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@azjmp[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@bluestreak[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@casalemedia[2].txt
C:\Documents and Settings\MEGAN\Cookies\megan@citi.bridgetrack[2].txt
C:\Documents and Settings\MEGAN\Cookies\megan@dealtime[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@dist.belnk[2].txt
C:\Documents and Settings\MEGAN\Cookies\megan@doubleclick[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@edge.ru4[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@ehg-dig.hitbox[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@ehg-zazzle.hitbox[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@filmloop.adbureau[2].txt
C:\Documents and Settings\MEGAN\Cookies\megan@financialcontent.adve rtserve[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@fl01.ct2.comclick[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@h.starware[2].txt
C:\Documents and Settings\MEGAN\Cookies\megan@hitbox[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@login.tracking101[2].txt
C:\Documents and Settings\MEGAN\Cookies\megan@msnportal.112.2o7[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@nbads[2].txt
C:\Documents and Settings\MEGAN\Cookies\megan@onlinerewardcenter[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@optimost[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@overture[2].txt
C:\Documents and Settings\MEGAN\Cookies\megan@partner2profit[2].txt
C:\Documents and Settings\MEGAN\Cookies\megan@precisionclick[2].txt
C:\Documents and Settings\MEGAN\Cookies\megan@pro-market[2].txt
C:\Documents and Settings\MEGAN\Cookies\megan@revsci[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@server.cpmstar[2].txt
C:\Documents and Settings\MEGAN\Cookies\megan@sky.advertarium.com[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@smileycentral[2].txt
C:\Documents and Settings\MEGAN\Cookies\megan@stat.dealtime[2].txt
C:\Documents and Settings\MEGAN\Cookies\megan@statse.webtrendslive[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@stats[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@tacoda[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@teentrendsgirls.every thinggirl[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@tradedoubler[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@tripod[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@www.burstbeacon[2].txt
C:\Documents and Settings\MEGAN\Cookies\megan@www.cibleclick[1].txt
C:\Documents and Settings\MEGAN\Cookies\megan@www.smartadserver[2].txt
C:\Documents and Settings\MEGAN\Cookies\megan@z1.adserver[1].txt
C:\Documents and Settings\Shannon.DINNINGROOM\Cookies\shannon@2o7[2].txt
C:\Documents and Settings\Shannon.DINNINGROOM\Cookies\shannon@ad.yi eldmanager[1].txt
C:\Documents and Settings\Shannon.DINNINGROOM\Cookies\shannon@adopt .euroclick[1].txt
C:\Documents and Settings\Shannon.DINNINGROOM\Cookies\shannon@adrev olver[2].txt
C:\Documents and Settings\Shannon.DINNINGROOM\Cookies\shannon@ads.w eb.aol[1].txt
C:\Documents and Settings\Shannon.DINNINGROOM\Cookies\shannon@atdmt[2].txt
C:\Documents and Settings\Shannon.DINNINGROOM\Cookies\shannon@host-d.oddcast[1].txt
C:\Documents and Settings\Shannon.DINNINGROOM\Cookies\shannon@host-d.oddcast[2].txt
C:\Documents and Settings\Shannon.DINNINGROOM\Cookies\shannon@imrwo rldwide[2].txt
C:\Documents and Settings\Shannon.DINNINGROOM\Cookies\shannon@media plex[1].txt
C:\Documents and Settings\Shannon.DINNINGROOM\Cookies\shannon@partn er2profit[2].txt
C:\Documents and Settings\Shannon.DINNINGROOM\Cookies\shannon@preci sionclick[2].txt
C:\Documents and Settings\Shannon.DINNINGROOM\Cookies\shannon@redux ads.valuead[2].txt
C:\Documents and Settings\Shannon.DINNINGROOM\Cookies\shannon@revsc i[2].txt
C:\Documents and Settings\Shannon.DINNINGROOM\Cookies\shannon@sound track[2].txt
C:\Documents and Settings\Shannon.DINNINGROOM\Cookies\shannon@trade doubler[2].txt
C:\Documents and Settings\Shannon.DINNINGROOM\Cookies\shannon@triba lfusion[1].txt
C:\USERDATA\Cookies\hp_owner@2o7[1].txt
C:\USERDATA\Cookies\hp_owner@ad.yieldmanager[2].txt
C:\USERDATA\Cookies\hp_owner@adinterax[2].txt
C:\USERDATA\Cookies\hp_owner@adopt.specificclick[2].txt
C:\USERDATA\Cookies\hp_owner@ads.pointroll[2].txt
C:\USERDATA\Cookies\hp_owner@ads.web.aol[2].txt
C:\USERDATA\Cookies\hp_owner@advertising[2].txt
C:\USERDATA\Cookies\hp_owner@ar.atwola[1].txt
C:\USERDATA\Cookies\hp_owner@atdmt[2].txt
C:\USERDATA\Cookies\hp_owner@atwola[2].txt
C:\USERDATA\Cookies\hp_owner@azoogleads[1].txt
C:\USERDATA\Cookies\hp_owner@doubleclick[1].txt
C:\USERDATA\Cookies\hp_owner@edge.ru4[2].txt
C:\USERDATA\Cookies\hp_owner@ehg-dig.hitbox[2].txt
C:\USERDATA\Cookies\hp_owner@ehg-foxsports.hitbox[2].txt
C:\USERDATA\Cookies\hp_owner@financialcontent.adve rtserve[1].txt
C:\USERDATA\Cookies\hp_owner@hitbox[2].txt
C:\USERDATA\Cookies\hp_owner@interclick[2].txt
C:\USERDATA\Cookies\hp_owner@linksynergy[2].txt
C:\USERDATA\Cookies\hp_owner@mediaplex[2].txt
C:\USERDATA\Cookies\hp_owner@microsoftwga.112.2o7[1].txt
C:\USERDATA\Cookies\hp_owner@mymedia.myfoxphilly[2].txt
C:\USERDATA\Cookies\hp_owner@overture[2].txt
C:\USERDATA\Cookies\hp_owner@questionmarket[2].txt
C:\USERDATA\Cookies\hp_owner@revsci[1].txt
C:\USERDATA\Cookies\hp_owner@s.clickability[2].txt
C:\USERDATA\Cookies\hp_owner@specificclick[1].txt
C:\USERDATA\Cookies\hp_owner@statse.webtrendslive[2].txt
C:\USERDATA\Cookies\hp_owner@tacoda[2].txt
C:\USERDATA\Cookies\hp_owner@zedo[2].txt

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\RQSTV.INI

Trojan.Unknown Origin
C:\WINDOWS\TEMPF.TXT

Trace.Known Threat Sources
C:\Documents and Settings\Daddy\Local Settings\Temporary Internet Files\Content.IE5\GVDV6MRX\a178af76[1].js
C:\Documents and Settings\Daddy\Local Settings\Temporary Internet Files\Content.IE5\XIKYBLTC\prompt_ie_xpsp2[1].js
C:\Documents and Settings\Daddy\Local Settings\Temporary Internet Files\Content.IE5\JD7FEOTK\steps_v2[1].swf
C:\Documents and Settings\Daddy\Local Settings\Temporary Internet Files\Content.IE5\PZ1FDYZP\init[2].js

There isn't anymore malware showing in your logs.


If you are trying to uninstall Mcafee use the uninstaller below:

Mcafee uninstaller:

http://service.mcafee.com/FAQDocumen...c=4105&partner

Maybe you can install AVG now after Mcafee stuff is gone

Don't be on the internet without some kind of virus protection





Run hijackthis and click on "scan system only" button and put checks next to these:If still present


O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)

O23 - Service: McAfee E-mail Proxy (Emproxy) - Unknown owner - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe (file missing)
O23 - Service: McAfee HackerWatch Service - Unknown owner - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (file missing)
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\program files\common files\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)


Everything closed out but hijackthis and click on "fix checked"


Reboot your PC





Do an online scan (scan only tool) with Kaspersky WebScanner
[Internet Explorer required]


Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
  • Scan using the following Anti-Virus database:
    - Extended (if available otherwise Standard)
  • Scan Options:
    - Scan Archives
    - Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.

Post the results of the scan back here please and a new hijackthis log.

the link for the mcafee remover didnt work but i found the uninstaller at http://download.mcafee.com/products/...tches/MCPR.exe and ran it. then i used hjt to erase the things you said to erase. i then tried to download and install avg again but on the install it says that there is another antivirus installed on the computer, there isnt one that i know of. at this point do you think i should consider returning the computer to the state it was in when purchased? or do you think there is hope of fixing it? anyway thanks for all of the help here is the latest hjt log




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:06 PM, on 1/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://d-a-l.com/help/showthread.php?t=54511
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SetDefaultPrinter] c:\hp\bin\cloaker.exe c:\windows\system32\cmd.exe /c c:\hp\bin\defaultprinter\SetDefaultPrinter.cmd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4Duet\plugin\ bin\PCHButton.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Help and Support.lnk = C:\Program Files\Verizon Online\Help Support\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\Sen dTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} - http://o.aolcdn.com/pictures/ap/Reso...s.10.6.0.6.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/C...CamControl.ocx
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OneCare Firewall (msfwsvc) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (file missing)
O23 - Service: OneCare AntiSpyware and AntiVirus (OneCareMP) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: Windows Live OneCare (winss) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (file missing)
O24 - Desktop Component 0: (no name) - http://pffcu.org/images/newlogo2.jpg
O24 - Desktop Component 1: (no name) - http://us.i1.yimg.com/us.yimg.com/i/...bg2/vz/top.gif

--
End of file - 7542 bytes