In the recent few days i have been scanning my computer to find the following Malwares and Spyware:
-Dropper.agent.dgo
-Vundo and Vundonade (I dont know the exact name of that last 1)
-Tons of tracker cookies

My computer is running Very Very slow and i can hardly acess the internet.
Also i am missing some files such as sstgr.exe and ejromsxm.dll, also one of the corrupt files is opnljhe.dll which happens to be in my system32.I have tried to delete them numerous times but they keep appearing when i boot up my system again.

I have Spybot, Avg anti virus,and Mcafee

My most recent Highjackthis log

Logfile of HijackThis v1.99.1
Scan saved at 7:28:31 PM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\BFU\BFU.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [EleFunAnimatedWallpaper] "C:\Program Files\EleFun Multimedia\Silent Lagoon Wallpaper\Silent Lagoon.exe"
O4 - HKLM\..\Run: [FlashGet] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [6c8b1c13] rundll32.exe "C:\WINDOWS\system32\ejromsxm.dll",b
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant .exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O4 - HKCU\..\RunOnce: [SpybotDeletingB1095] command /c del "C:\WINDOWS\system32\sstqr.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3177] cmd /c del "C:\WINDOWS\system32\sstqr.dll_old"
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

Any help will be GREATLY APPRECIATED!
All Thanks, Sagemaster44

Welcome,

If you have previously downloaded ComboFix,please delete that version now.

Now download ComboFix and save to your desktop:

Note:

It is IMPORTANT that it is saved directly to your desktop

Close any open browsers.

Disconnect from the Internet.

Please do not re-connect your machine back to the Internet until Combofix has completely finished.

Double click on combofix.exe and follow the prompts.

When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Note:
Do not mouseclick combofix's window while it's running.

That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.


Please download and install the latest version of HijackThis v2.0.2:

CLICK HERE to download the HijackThis Installer:http://www.trendsecure.com/portal/en...HJTInstall.exe

1. Save HJTInstall.exe to your desktop.
2. Double-click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
8. Come back here to this thread and paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Thank you for the reply but over the night i had tried to reformat my computer only to find when the xp installation had started it said i did not have a hard drive...
But i will scan and get back to you in under the hour.

I have followed your instructions and here are the results-

ComboFix 08-01-09.2 - My name 2008-01-10 15:45:11.1 - NTFSx86

Running from: C:\Documents and Settings\nick napolitano\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\{3C8B1~1
C:\Program Files\myglobalsearch
C:\WINDOWS\system32\cnfelvgn.ini
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mxsmorje.ini
C:\WINDOWS\system32\opnljhe.dll
C:\WINDOWS\system32\RCX58.tmp
C:\WINDOWS\system32\rqtss.ini
C:\WINDOWS\system32\rqtss.ini2
C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\system32\UpMedia

.
((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))
.

2008-01-10 15:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-09 19:59 . 2008-01-10 15:53 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer
2008-01-09 19:59 . 2008-01-09 19:59 <DIR> d-------- C:\Documents and Settings\nick napolitano\Application Data\Sammsoft
2008-01-09 18:42 . 2008-01-09 18:42 <DIR> d----c--- C:\bintheredunthat
2008-01-09 18:22 . 2008-01-09 18:24 <DIR> d----c--- C:\BFU
2008-01-09 18:13 . 2008-01-09 18:13 <DIR> d-------- C:\Documents and Settings\nick napolitano\Application Data\Grisoft
2008-01-09 18:13 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-09 15:24 . 2008-01-09 17:55 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-08 23:00 . 2006-12-15 03:09 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-01-08 22:56 . 2008-01-08 22:56 0 --a------ C:\WINDOWS\system32\RENAB.tmp
2008-01-08 22:56 . 2008-01-08 22:56 0 --a------ C:\WINDOWS\system32\RENAA.tmp
2008-01-08 22:56 . 2008-01-08 22:56 0 --a------ C:\WINDOWS\system32\RENA9.tmp
2008-01-08 22:39 . 2008-01-08 22:39 <DIR> d----c--- C:\VundoFix Backups
2008-01-08 20:25 . 2008-01-08 20:40 <DIR> d-------- C:\Documents and Settings\nick napolitano\Application Data\AVG7
2008-01-08 20:25 . 2008-01-08 20:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-08 20:25 . 2008-01-08 20:25 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-08 20:25 . 2008-01-08 20:37 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-03 18:27 . 2007-12-15 06:48 90,112 --a------ C:\WINDOWS\system32\XCoreLib.dll
2007-12-29 16:00 . 2008-01-10 15:41 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-23 01:15 . 2008-01-08 23:29 <DIR> d-------- C:\Program Files\QuickTime
2007-12-23 01:14 . 2007-12-23 01:14 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-23 01:14 . 2007-12-23 01:14 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-12 15:28 . 2007-12-12 15:28 <DIR> d-------- C:\Program Files\Bethesda Softworks
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-10 20:54 3,584 ----a-w C:\WINDOWS\system32\sstqr.exe
2008-01-10 20:52 344,576 ----a-w C:\WINDOWS\system32\sstqr.dll
2008-01-10 20:35 --------- d-----w C:\Documents and Settings\nick napolitano\Application Data\SiteAdvisor
2008-01-10 20:27 --------- d-----w C:\Program Files\McAfee
2008-01-10 00:13 --------- d-----w C:\Program Files\Dell Support
2008-01-09 21:06 --------- d-----w C:\Program Files\Zango Programs
2008-01-09 00:04 --------- d-----w C:\Program Files\iTunes
2008-01-08 02:27 15,360 ----a-w C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-08 02:27 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-01-07 01:18 --------- d-----w C:\Program Files\CursorXP
2008-01-01 19:18 4,444 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-30 04:30 --------- d-----w C:\Program Files\SwiftSwitch
2007-12-26 19:54 --------- d-----w C:\Program Files\SCAR 3.12
2007-12-19 03:02 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-12 20:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-05 13:54 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-12-03 21:39 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-03 21:38 --------- d-----w C:\Program Files\Windows Live Favorites
2007-12-03 21:38 --------- d-----w C:\Program Files\Windows Live
2007-12-03 21:37 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-03 21:35 --------- dc----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-25 03:07 --------- d-----w C:\Documents and Settings\nick napolitano\Application Data\InstallShield Installation Information
2007-11-25 02:52 --------- d-----w C:\Program Files\Unreal Tournament 3
2007-11-25 00:57 --------- d-----w C:\Documents and Settings\nick napolitano\Application Data\uTorrent
2007-11-23 22:05 --------- d-----w C:\Documents and Settings\nick napolitano\Application Data\Webroot
2007-11-23 22:03 --------- dc----w C:\Documents and Settings\All Users\Application Data\Geek Squad
2007-11-20 21:35 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-20 21:35 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-18 22:42 --------- d-----w C:\Program Files\Yahoo!
2007-11-18 22:41 --------- dc----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-18 22:41 --------- d--h--r C:\Documents and Settings\nick napolitano\Application Data\yahoo!
2007-11-18 22:38 --------- d-----w C:\Program Files\Stardock
2007-11-18 22:38 --------- d-----w C:\Program Files\MUSICMATCH
2007-11-18 22:38 --------- d-----w C:\Program Files\Common Files\Stardock
2007-11-14 07:26 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 21:34 --------- d-----w C:\Documents and Settings\nick napolitano\Application Data\mIRC
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 09:55 3,065,856 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:40 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-18 16:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-11 05:57 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 05:57 666,112 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 05:57 617,984 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 05:57 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 05:57 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 05:57 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 05:57 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 05:57 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 05:57 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 05:57 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 05:57 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 05:57 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 05:57 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 05:57 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 05:57 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 05:57 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 05:57 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 10:48 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-04-07 01:56 13,195 ----a-w C:\Documents and Settings\nick napolitano\zguicfgw.dat
2006-08-19 00:18 40 ----a-w C:\Documents and Settings\nick napolitano\language.dat
.

Code:

<pre>
----a-w         2,463,744 2008-01-10 20:53:07  C:\Program Files\Advanced Registry Optimizer\aro .exe
----a-w           128,000 2008-01-06 14:35:03  C:\Program Files\CursorXP\CursorXP .exe
----a-w            68,856 2008-01-07 19:44:14  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w           579,072 2008-01-09 03:25:51  C:\Program Files\Grisoft\AVG7\avgcc .exe
----a-w           219,136 2008-01-09 01:30:27  C:\Program Files\Grisoft\AVG7\avgw .exe
----a-w           256,576 2008-01-09 00:04:54  C:\Program Files\iTunes\iTunesHelper .exe
----a-w            20,480 2008-01-10 20:40:56  C:\Program Files\McAfee\MBK\LogOnHook .exe
----a-w         4,838,952 2008-01-10 20:41:05  C:\Program Files\McAfee\MBK\McAfeeDataBackup .exe
----a-w         1,279,336 2008-01-09 03:25:30  C:\Program Files\McAfee\MWL\MWLGui .exe
----a-w           582,992 2008-01-10 20:40:56  C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w           286,720 2008-01-09 03:28:19  C:\Program Files\QuickTime\QTTask        .exe
----a-w           286,720 2008-01-08 03:08:42  C:\Program Files\QuickTime\QTTask       .exe
----a-w           286,720 2008-01-08 03:08:42  C:\Program Files\QuickTime\QTTask      .exe
----a-w           286,720 2008-01-08 03:08:43  C:\Program Files\QuickTime\QTTask     .exe
----a-w           286,720 2008-01-08 03:08:43  C:\Program Files\QuickTime\QTTask    .exe
----a-w           286,720 2008-01-08 03:08:44  C:\Program Files\QuickTime\QTTask   .exe
----a-w           286,720 2008-01-08 03:08:44  C:\Program Files\QuickTime\QTTask  .exe
----a-w           286,720 2008-01-08 03:08:44  C:\Program Files\QuickTime\QTTask .exe
----a-w            36,640 2008-01-09 04:28:54  C:\Program Files\SiteAdvisor\6253\SiteAdv .exe
----a-w           365,568 2008-01-10 20:40:43  C:\Program Files\Unlocker\UnlockerAssistant     .exe
----a-w           365,568 2008-01-10 20:27:22  C:\Program Files\Unlocker\UnlockerAssistant    .exe
----a-w           365,568 2008-01-10 19:45:30  C:\Program Files\Unlocker\UnlockerAssistant   .exe
----a-w            15,872 2008-01-10 00:41:34  C:\Program Files\Unlocker\UnlockerAssistant  .exe
----a-w            15,872 2008-01-10 01:16:11  C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w         3,256,320 2008-01-09 01:30:39  C:\Program Files\Veoh Networks\Veoh\VeohClient .exe
----a-w         5,724,184 2008-01-09 01:33:09  C:\Program Files\Windows Live\Messenger\MsnMsgr                   .Exe
----a-w         5,724,184 2008-01-09 00:48:21  C:\Program Files\Windows Live\Messenger\MsnMsgr                  .Exe
----a-w         5,724,184 2008-01-08 23:21:43  C:\Program Files\Windows Live\Messenger\MsnMsgr                 .Exe
----a-w         5,724,184 2008-01-08 22:04:49  C:\Program Files\Windows Live\Messenger\MsnMsgr                .Exe
----a-w         5,724,184 2008-01-08 02:27:58  C:\Program Files\Windows Live\Messenger\MsnMsgr               .Exe
----a-w         5,724,184 2008-01-08 03:11:07  C:\Program Files\Windows Live\Messenger\MsnMsgr              .Exe
----a-w         5,724,184 2008-01-08 03:11:08  C:\Program Files\Windows Live\Messenger\MsnMsgr             .Exe
----a-w         5,724,184 2008-01-08 03:11:10  C:\Program Files\Windows Live\Messenger\MsnMsgr            .Exe
----a-w         5,724,184 2008-01-08 03:11:14  C:\Program Files\Windows Live\Messenger\MsnMsgr           .Exe
----a-w         5,724,184 2008-01-08 03:11:15  C:\Program Files\Windows Live\Messenger\MsnMsgr          .Exe
----a-w         5,724,184 2008-01-08 03:11:17  C:\Program Files\Windows Live\Messenger\MsnMsgr         .Exe
----a-w         5,724,184 2008-01-08 03:11:18  C:\Program Files\Windows Live\Messenger\MsnMsgr        .Exe
----a-w         5,724,184 2008-01-08 03:11:19  C:\Program Files\Windows Live\Messenger\MsnMsgr       .Exe
----a-w         5,724,184 2008-01-08 03:11:21  C:\Program Files\Windows Live\Messenger\MsnMsgr      .Exe
----a-w         5,724,184 2008-01-08 03:11:22  C:\Program Files\Windows Live\Messenger\MsnMsgr     .Exe
----a-w         5,724,184 2008-01-08 03:11:24  C:\Program Files\Windows Live\Messenger\MsnMsgr    .Exe
----a-w         5,724,184 2008-01-08 03:11:25  C:\Program Files\Windows Live\Messenger\MsnMsgr   .Exe
----a-w         5,724,184 2008-01-08 03:11:27  C:\Program Files\Windows Live\Messenger\MsnMsgr  .Exe
----a-w         5,724,184 2008-01-08 03:11:28  C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w            15,360 2008-01-10 20:41:09  C:\WINDOWS\system32\ctfmon .exe
</pre>

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{539B6280-D0AB-4BA9-8D41-A89298C45C93}]
2008-01-10 15:52 344576 --a------ C:\WINDOWS\system32\sstqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a7a6ea47-45ae-4d76-ba2f-05339b6d4f39}]
C:\WINDOWS\system32\flnthpcw.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr .exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-07 21:27 15360]
"coalpoll"="C:\DOCUME~1\NICKNA~1\APPLIC~1\KINDDV~1 \VcGrid.exe" [ ]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [ ]
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro .exe" [2008-01-10 15:53 2463744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [ ]
"Amazing3DAquariumWallpaper"="" []
"EleFunAnimatedWallpaper"="C:\Program Files\EleFun Multimedia\Silent Lagoon Wallpaper\Silent Lagoon.exe" [ ]
"FlashGet"="C:\Program Files\FlashGet\FlashGet.exe" [ ]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [ ]
"MWLExe"="C:\Program Files\Mcafee\MWL\MWLGui.exe" [2008-01-10 15:53 2895872]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" [ ]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [ ]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [ ]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [ ]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-26 11:13 8466432]
"nwiz"="nwiz.exe" [2007-07-26 11:13 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2007-07-26 11:13 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
"6c8b1c13"="C:\WINDOWS\system32\ejromsxm.dll" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [ ]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant .exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 06:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\nick napolitano\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50]
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-10-13 22:02:53]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-07-29 21:19:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 14:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\sstqr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~ 1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\sstqr

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Program Files\BearShare\BearShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
--a--c--- 2005-12-30 16:42 61440 c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a--c--- 2008-01-09 20:08 332800 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 02:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 17:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 15:01 67584 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2005-12-30 17:09 168448 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2005-06-17 08:56 139264 C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 11:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 11:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2007-08-18 03:12 394576 C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-07-26 11:13 8466432 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]
--a------ 2004-11-11 11:26 26112 C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-07 22:08 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-12-30 17:01 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a--c--- 2005-03-23 01:20 339968 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-10 20:00:00 C:\WINDOWS\Tasks\A20243CE9185C0A2.job"
- c:\docume~1\nickna~1\applic~1\kinddv~1\grim fork bind.exe
"2008-01-03 22:45:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-10 20:55:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-02-14 14:00:54 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-12-01 06:00:14 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 15:52:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopDeskbar2.dll
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopHyper.dll
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
-> C:\Program Files\Unlocker\UnlockerHook.dll
-> C:\WINDOWS\system32\sstqr.dll
.
Completion time: 2008-01-10 15:57:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-10 20:57:11
.
2008-01-09 20:15:11 --- E O F ---

And the Hijackthis log-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:51 PM, on 1/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Unlocker\UnlockerAssistant .exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://chucknorris.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - <default> - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\sstqr.exe
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [EleFunAnimatedWallpaper] "C:\Program Files\EleFun Multimedia\Silent Lagoon Wallpaper\Silent Lagoon.exe"
O4 - HKLM\..\Run: [FlashGet] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [6c8b1c13] rundll32.exe "C:\WINDOWS\system32\ejromsxm.dll",b
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant .exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [coalpoll] C:\DOCUME~1\NICKNA~1\APPLIC~1\KINDDV~1\VcGrid.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro .exe -rem
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-21-2478699818-2032293987-2452194089-1005\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe (User '?')
O4 - HKUS\S-1-5-21-2478699818-2032293987-2452194089-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2478699818-2032293987-2452194089-1005\..\Run: [coalpoll] C:\DOCUME~1\NICKNA~1\APPLIC~1\KINDDV~1\VcGrid.exe (User '?')
O4 - HKUS\S-1-5-21-2478699818-2032293987-2452194089-1005\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide (User '?')
O4 - HKUS\S-1-5-21-2478699818-2032293987-2452194089-1005\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro .exe -rem (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-2478699818-2032293987-2452194089-1005 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - S-1-5-21-2478699818-2032293987-2452194089-1005 Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 10837 bytes

Thank you all in advance

Also id like to add during reboot it says im missig some dll files and a few others in system32 just wanted to let you guys know
Thank you!

Uninstall BearShare from add/remove program if present!!


This particular version of Vundo is a nasty one. In the next run of combofix, we will attempt to replace the infected files that showed up in the Code box. This may not work completely, so you may have to re-install some programmes.

You also have a LOP infection as well as the serious Vundo infection!!

Try not to reboot your computer any more then needed please!!



Open notepad(Must be NotePad) and copy/paste the text in the quotebox below into it:NOT THE WORD QUOTE

File::
C:\WINDOWS\system32\sstqr.exe
C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\system32\RENAB.tmp
C:\WINDOWS\system32\RENAA.tmp
C:\WINDOWS\system32\RENA9.tmp
C:\WINDOWS\system32\ejromsxm.dll
C:\WINDOWS\Tasks\A20243CE9185C0A2.job

Folder::
C:\Program Files\Zango Programs
c:\docume~1\nickna~1\applic~1\kinddv~1
C:\VundoFix Backups
C:\Program Files\BearShare

Renv::
----a-w 2,463,744 2008-01-10 20:53:07 C:\Program Files\Advanced Registry Optimizer\aro .exe
----a-w 128,000 2008-01-06 14:35:03 C:\Program Files\CursorXP\CursorXP .exe
----a-w 68,856 2008-01-07 19:44:14 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier .exe
----a-w 579,072 2008-01-09 03:25:51 C:\Program Files\Grisoft\AVG7\avgcc .exe
----a-w 219,136 2008-01-09 01:30:27 C:\Program Files\Grisoft\AVG7\avgw .exe
----a-w 256,576 2008-01-09 00:04:54 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 20,480 2008-01-10 20:40:56 C:\Program Files\McAfee\MBK\LogOnHook .exe
----a-w 4,838,952 2008-01-10 20:41:05 C:\Program Files\McAfee\MBK\McAfeeDataBackup .exe
----a-w 1,279,336 2008-01-09 03:25:30 C:\Program Files\McAfee\MWL\MWLGui .exe
----a-w 582,992 2008-01-10 20:40:56 C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w 286,720 2008-01-09 03:28:19 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-08 03:08:42 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-08 03:08:42 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-08 03:08:43 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-08 03:08:43 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-08 03:08:44 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-08 03:08:44 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-08 03:08:44 C:\Program Files\QuickTime\QTTask .exe
----a-w 36,640 2008-01-09 04:28:54 C:\Program Files\SiteAdvisor\6253\SiteAdv .exe
----a-w 365,568 2008-01-10 20:40:43 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-01-10 20:27:22 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-01-10 19:45:30 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 15,872 2008-01-10 00:41:34 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 15,872 2008-01-10 01:16:11 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 3,256,320 2008-01-09 01:30:39 C:\Program Files\Veoh Networks\Veoh\VeohClient .exe
----a-w 5,724,184 2008-01-09 01:33:09 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-09 00:48:21 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-08 2343 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-08 22:04:49 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-08 02:27:58 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-08 03:11:07 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-08 03:11:08 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-08 03:11:10 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-08 03:11:14 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-08 03:11:15 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-08 03:11:17 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-08 03:11:18 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-08 03:11:19 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-08 03:11:21 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-08 03:11:22 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-08 03:11:24 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-08 03:11:25 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-08 03:11:27 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 5,724,184 2008-01-08 03:11:28 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
----a-w 15,360 2008-01-10 20:41:09 C:\WINDOWS\system32\ctfmon .exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{539B6280-D0AB-4BA9-8D41-A89298C45C93}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a7a6ea47-45ae-4d76-ba2f-05339b6d4f39}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"coalpoll"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"BearShare"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"6c8b1c13"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.






This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

Questions is that punk head supposed to be in the script? Also i will update the latest logs as soon as possible i am in school right now so i will have them for you shortly also i will not deviate from any of your instructions.

I don't think you will have to worry about that, I did not put it there and not sure how to get rid of it.

I will check into it and see if there is a way to prevent that from happening, for now just follow instructions please.

Will do logs will be posted within the hour.
Thanks a ton

Ok done with both logs here they are first the Combofix one:

ComboFix 08-01-09.2 - nick napolitano 2008-01-11 15:30:33.2 - NTFSx86

Running from: C:\Documents and Settings\nick napolitano\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\nick napolitano\Desktop\CFScript.txt

FILE
C:\WINDOWS\system32\ejromsxm.dll
C:\WINDOWS\system32\RENA9.tmp
C:\WINDOWS\system32\RENAA.tmp
C:\WINDOWS\system32\RENAB.tmp
C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\system32\sstqr.exe
C:\WINDOWS\Tasks\A20243CE9185C0A2.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\nickna~1\applic~1\kinddv~1
c:\docume~1\nickna~1\applic~1\kinddv~1\0
c:\docume~1\nickna~1\applic~1\kinddv~1\1980B86D
C:\Program Files\Zango Programs
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\rqtss.ini.bad
C:\VundoFix Backups\rqtss.ini2.bad
C:\VundoFix Backups\sstqr.dll.bad
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\RENA9.tmp
C:\WINDOWS\system32\RENAA.tmp
C:\WINDOWS\system32\RENAB.tmp
C:\WINDOWS\system32\rqtss.ini
C:\WINDOWS\system32\rqtss.ini2
C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\Tasks\A20243CE9185C0A2.job

.
((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))
.

2008-01-11 15:18 . 2008-01-11 15:18 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-01-10 15:58 . 2008-01-10 15:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-10 15:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-09 19:59 . 2008-01-11 15:30 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer
2008-01-09 19:59 . 2008-01-09 19:59 <DIR> d-------- C:\Documents and Settings\nick napolitano\Application Data\Sammsoft
2008-01-09 18:42 . 2008-01-09 18:42 <DIR> d----c--- C:\bintheredunthat
2008-01-09 18:22 . 2008-01-09 18:24 <DIR> d----c--- C:\BFU
2008-01-09 18:13 . 2008-01-09 18:13 <DIR> d-------- C:\Documents and Settings\nick napolitano\Application Data\Grisoft
2008-01-09 18:13 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-09 15:24 . 2008-01-09 17:55 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-08 23:00 . 2006-12-15 03:09 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-01-08 20:25 . 2008-01-08 20:40 <DIR> d-------- C:\Documents and Settings\nick napolitano\Application Data\AVG7
2008-01-08 20:25 . 2008-01-08 20:25 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-08 20:25 . 2008-01-08 20:25 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-08 20:25 . 2008-01-08 20:37 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-03 18:27 . 2007-12-15 06:48 90,112 --a------ C:\WINDOWS\system32\XCoreLib.dll
2007-12-29 16:00 . 2008-01-11 15:11 15,360 --a------ C:\WINDOWS\system32\dllcache\ctfmon.exe
2007-12-29 16:00 . 2008-01-11 15:11 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2007-12-23 01:15 . 2008-01-11 15:30 <DIR> d-------- C:\Program Files\QuickTime
2007-12-23 01:14 . 2007-12-23 01:14 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-23 01:14 . 2007-12-23 01:14 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-12 15:28 . 2007-12-12 15:28 <DIR> d-------- C:\Program Files\Bethesda Softworks
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-11 20:30 --------- d-----w C:\Program Files\iTunes
2008-01-11 20:30 --------- d-----w C:\Program Files\CursorXP
2008-01-11 20:28 --------- d-----w C:\Documents and Settings\nick napolitano\Application Data\SiteAdvisor
2008-01-11 20:18 --------- d-----w C:\Program Files\McAfee
2008-01-10 00:13 --------- d-----w C:\Program Files\Dell Support
2007-12-30 04:30 --------- d-----w C:\Program Files\SwiftSwitch
2007-12-26 19:54 --------- d-----w C:\Program Files\SCAR 3.12
2007-12-23 02:49 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Applicati on Data\SiteAdvisor
2007-12-19 03:02 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-12 20:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-05 13:54 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-12-03 21:39 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-03 21:38 --------- d-----w C:\Program Files\Windows Live Favorites
2007-12-03 21:38 --------- d-----w C:\Program Files\Windows Live
2007-12-03 21:37 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-03 21:35 --------- dc----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-25 03:07 --------- d-----w C:\Documents and Settings\nick napolitano\Application Data\InstallShield Installation Information
2007-11-25 02:52 --------- d-----w C:\Program Files\Unreal Tournament 3
2007-11-25 00:57 --------- d-----w C:\Documents and Settings\nick napolitano\Application Data\uTorrent
2007-11-23 22:05 --------- d-----w C:\Documents and Settings\nick napolitano\Application Data\Webroot
2007-11-23 22:03 --------- dc----w C:\Documents and Settings\All Users\Application Data\Geek Squad
2007-11-20 21:35 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-20 21:35 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-18 22:42 --------- d-----w C:\Program Files\Yahoo!
2007-11-18 22:41 --------- dc----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-18 22:41 --------- d--h--r C:\Documents and Settings\nick napolitano\Application Data\yahoo!
2007-11-18 22:38 --------- d-----w C:\Program Files\Stardock
2007-11-18 22:38 --------- d-----w C:\Program Files\MUSICMATCH
2007-11-18 22:38 --------- d-----w C:\Program Files\Common Files\Stardock
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 21:34 --------- d-----w C:\Documents and Settings\nick napolitano\Application Data\mIRC
2007-04-07 01:56 13,195 ----a-w C:\Documents and Settings\nick napolitano\zguicfgw.dat
2006-08-19 00:18 40 ----a-w C:\Documents and Settings\nick napolitano\language.dat
.

Code:

<pre>
----a-w            68,856 2008-01-07 19:44:14  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w           286,720 2008-01-09 03:28:19  C:\Program Files\QuickTime\QTTask        .exe
----a-w           286,720 2008-01-08 03:08:42  C:\Program Files\QuickTime\QTTask       .exe
----a-w           286,720 2008-01-08 03:08:42  C:\Program Files\QuickTime\QTTask      .exe
----a-w           286,720 2008-01-08 03:08:43  C:\Program Files\QuickTime\QTTask     .exe
----a-w           286,720 2008-01-08 03:08:43  C:\Program Files\QuickTime\QTTask    .exe
----a-w           286,720 2008-01-08 03:08:44  C:\Program Files\QuickTime\QTTask   .exe
----a-w           286,720 2008-01-08 03:08:44  C:\Program Files\QuickTime\QTTask  .exe
----a-w           365,568 2008-01-10 20:40:43  C:\Program Files\Unlocker\UnlockerAssistant     .exe
----a-w           365,568 2008-01-10 20:27:22  C:\Program Files\Unlocker\UnlockerAssistant    .exe
----a-w           365,568 2008-01-10 19:45:30  C:\Program Files\Unlocker\UnlockerAssistant   .exe
----a-w            15,872 2008-01-10 00:41:34  C:\Program Files\Unlocker\UnlockerAssistant  .exe
----a-w         5,724,184 2008-01-09 01:33:09  C:\Program Files\Windows Live\Messenger\MsnMsgr                   .Exe
----a-w         5,724,184 2008-01-09 00:48:21  C:\Program Files\Windows Live\Messenger\MsnMsgr                  .Exe
----a-w         5,724,184 2008-01-08 23:21:43  C:\Program Files\Windows Live\Messenger\MsnMsgr                 .Exe
----a-w         5,724,184 2008-01-08 22:04:49  C:\Program Files\Windows Live\Messenger\MsnMsgr                .Exe
----a-w         5,724,184 2008-01-08 02:27:58  C:\Program Files\Windows Live\Messenger\MsnMsgr               .Exe
----a-w         5,724,184 2008-01-08 03:11:07  C:\Program Files\Windows Live\Messenger\MsnMsgr              .Exe
----a-w         5,724,184 2008-01-08 03:11:08  C:\Program Files\Windows Live\Messenger\MsnMsgr             .Exe
----a-w         5,724,184 2008-01-08 03:11:10  C:\Program Files\Windows Live\Messenger\MsnMsgr            .Exe
----a-w         5,724,184 2008-01-08 03:11:14  C:\Program Files\Windows Live\Messenger\MsnMsgr           .Exe
----a-w         5,724,184 2008-01-08 03:11:15  C:\Program Files\Windows Live\Messenger\MsnMsgr          .Exe
----a-w         5,724,184 2008-01-08 03:11:17  C:\Program Files\Windows Live\Messenger\MsnMsgr         .Exe
----a-w         5,724,184 2008-01-08 03:11:18  C:\Program Files\Windows Live\Messenger\MsnMsgr        .Exe
----a-w         5,724,184 2008-01-08 03:11:19  C:\Program Files\Windows Live\Messenger\MsnMsgr       .Exe
----a-w         5,724,184 2008-01-08 03:11:21  C:\Program Files\Windows Live\Messenger\MsnMsgr      .Exe
----a-w         5,724,184 2008-01-08 03:11:22  C:\Program Files\Windows Live\Messenger\MsnMsgr     .Exe
----a-w         5,724,184 2008-01-08 03:11:24  C:\Program Files\Windows Live\Messenger\MsnMsgr    .Exe
----a-w         5,724,184 2008-01-08 03:11:25  C:\Program Files\Windows Live\Messenger\MsnMsgr   .Exe
----a-w         5,724,184 2008-01-08 03:11:27  C:\Program Files\Windows Live\Messenger\MsnMsgr  .Exe
</pre>

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr .exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-11 15:11 15360]
"coalpoll"="C:\DOCUME~1\NICKNA~1\APPLIC~1\KINDDV~1 \VcGrid.exe" [ ]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [ ]
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro.exe" [2008-01-11 15:11 2084480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [ ]
"Amazing3DAquariumWallpaper"="" []
"EleFunAnimatedWallpaper"="C:\Program Files\EleFun Multimedia\Silent Lagoon Wallpaper\Silent Lagoon.exe" [ ]
"FlashGet"="C:\Program Files\FlashGet\FlashGet.exe" [ ]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [ ]
"MWLExe"="C:\Program Files\Mcafee\MWL\MWLGui.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" [ ]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-01-10 15:40 582992]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [ ]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [ ]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-26 11:13 8466432]
"nwiz"="nwiz.exe" [2007-07-26 11:13 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2007-07-26 11:13 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
"6c8b1c13"="C:\WINDOWS\system32\ejromsxm.dll" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [ ]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant .exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 06:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\nick napolitano\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50]
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-10-13 22:02:53]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-07-29 21:19:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 14:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~ 1.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
--a--c--- 2005-12-30 16:42 61440 c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a--c--- 2008-01-09 20:08 332800 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 02:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 17:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 15:01 67584 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2005-12-30 17:09 168448 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2005-06-17 08:56 139264 C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 11:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 11:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--a------ 2008-01-10 15:40 582992 c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2007-08-18 03:12 394576 C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-07-26 11:13 8466432 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]
--a------ 2004-11-11 11:26 26112 C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-07 22:08 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-12-30 17:01 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a--c--- 2005-03-23 01:20 339968 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - 0109651200082789MCINSTCLEANUP
.
Contents of the 'Scheduled Tasks' folder
"2008-01-03 22:45:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-10 21:53:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-02-14 14:00:54 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-12-01 06:00:14 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 15:37:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopDeskbar2.dll
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopHyper.dll
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
.
Completion time: 2008-01-11 15:41:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-11 20:41:01
ComboFix2.txt 2008-01-10 20:57:16
.
2008-01-09 20:15:11 --- E O F ---

And now the latesty Highjack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:42:04 PM, on 1/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://chucknorris.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [EleFunAnimatedWallpaper] "C:\Program Files\EleFun Multimedia\Silent Lagoon Wallpaper\Silent Lagoon.exe"
O4 - HKLM\..\Run: [FlashGet] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [6c8b1c13] rundll32.exe "C:\WINDOWS\system32\ejromsxm.dll",b
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant .exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [coalpoll] C:\DOCUME~1\NICKNA~1\APPLIC~1\KINDDV~1\VcGrid.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-21-2478699818-2032293987-2452194089-1005\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe (User '?')
O4 - HKUS\S-1-5-21-2478699818-2032293987-2452194089-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2478699818-2032293987-2452194089-1005\..\Run: [coalpoll] C:\DOCUME~1\NICKNA~1\APPLIC~1\KINDDV~1\VcGrid.exe (User '?')
O4 - HKUS\S-1-5-21-2478699818-2032293987-2452194089-1005\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide (User '?')
O4 - HKUS\S-1-5-21-2478699818-2032293987-2452194089-1005\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-2478699818-2032293987-2452194089-1005 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - S-1-5-21-2478699818-2032293987-2452194089-1005 Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0109651200082789) (0109651200082789mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\010965~1.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 12147 bytes


There are both of them i didnt have bearshare installed but i searched found folders that were there and deleted them.
Thanks a ton for the help!