Log Help[INACTIVE]

[wanted]

Hello and Welcome to BT.

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Also do not bump your topics, as it looks like some one is already helping you. We look for topics with 0 replies.

Step 1

Download Deckard's System Scanner (DSS) to your Desktop.

• Close all applications and windows.
  
• Double-click on DSS.exe to run it, and follow the prompts.
  
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
  

Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

I am having the same problem...please see my files delow:

Main.txt

Deckard's System Scanner v20070905.67

Run by colleen on 2007-10-14 00:23:34

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --

91: 2007-10-14 04:23:45 UTC - RP137 - Deckard's System Scanner Restore Point

90: 2007-10-11 17:35:53 UTC - RP136 - Software Distribution Service 3.0

89: 2007-10-10 00:57:09 UTC - RP135 - System Checkpoint

88: 2007-10-08 08:39:29 UTC - RP134 - System Checkpoint

87: 2007-10-06 21:06:28 UTC - RP133 - System Checkpoint

-- First Restore Point --

1: 2007-07-20 07:01:28 UTC - RP47 - Software Distribution Service 3.0

Backed up registry hives.

Performed disk cleanup.

Total Physical Memory: 254 MiB (512 MiB recommended).

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1

Scan saved at 2007-10-14 00:35:12

Platform: Windows XP Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (6.00.2900.2180)

Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\LogMeIn\x86\ramaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Video Add-on\isfmntr.exe

C:\Program Files\Video Add-on\isfmm.exe

C:\Documents and Settings\colleen\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: H - {040FA520-78C6-41ce-81D0-9E733ABC1A29} - C:\WINDOWS\system32\comi.dll (file missing)

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: XML Helper - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xhelper.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {B45FC20D-6906-4E72-AA59-392CC61FDAA9} - C:\WINDOWS\system32\reginix86b.dll

O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Video Add-on\isfmdl.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: IE Custom Tools - {23ED2206-856D-461A-BBCF-1C2466AC5AE3} - C:\Program Files\Video Add-on\ictmdl.dll

O4 - HKEY_LOCAL_MACHINE\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\mswsock.dll

O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\winrnr.dll

O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\mswsock.dll

O15 - Trusted Zone: http://www.pandora.com (HKCU)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} () - http://fpdownload.macromedia.com/pub/shock...director/sw.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/...erInstaller.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-384dc90fd38b7580.spaces.live.co...ad/MsnPUpld.cab

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin.cab

O16 - DPF: {FDD6CEF8-3C6E-42E0-BC7B-D730085CFABC} (Jaxtr Outlook Importer) - http://jaxtr.com/user/activex/JaxtrOutlookImporter.CAB

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll

O20 - Winlogon Notify: crypt32chain - C:\WINDOWS\system32\crypt32.dll

O20 - Winlogon Notify: cryptnet - C:\WINDOWS\system32\cryptnet.dll

O20 - Winlogon Notify: cscdll - C:\WINDOWS\system32\cscdll.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\system32\igfxdev.dll

O20 - Winlogon Notify: ScCertProp - C:\WINDOWS\system32\wlnotify.dll

O20 - Winlogon Notify: Schedule - C:\WINDOWS\system32\wlnotify.dll

O20 - Winlogon Notify: sclgntfy - C:\WINDOWS\system32\sclgntfy.dll

O20 - Winlogon Notify: SensLogn - C:\WINDOWS\system32\WlNotify.dll

O20 - Winlogon Notify: termsrv - C:\WINDOWS\system32\wlnotify.dll

O20 - Winlogon Notify: wlballoon - C:\WINDOWS\system32\wlnotify.dll

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: designers - {f0c5ef8b-f4bb-4612-9ea8-361fff3da3d5} - C:\WINDOWS\system32\sttwrd.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"

O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe -service

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 mchInjDrv (madCodeHook DLL injection driver) - c:\windows\system32\drivers\mchinjdrv.sys

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>

R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>

R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

R3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

R3 ialm - c:\windows\system32\drivers\ialmnt5.sys <Not Verified; Intel Corporation; Intel Graphics Accelerator Drivers for Windows NT®>

R3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>

R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>

S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys

S3 hamachi_oem (PlayLinc Adapter) - c:\windows\system32\drivers\gan_adapter.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver, OEM>

S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>

S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S3 dlcc_device - c:\windows\system32\dlcccoms.exe -service <Not Verified; ; Printer Communication System>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2007-10-14 00:00:01 350 --a------ C:\WINDOWS\Tasks\At49.job

2007-10-14 00:00:00 350 --a------ C:\WINDOWS\Tasks\At25.job

2007-10-14 00:00:00 350 --a------ C:\WINDOWS\Tasks\At1.job

2007-10-13 23:00:00 350 --a------ C:\WINDOWS\Tasks\At72.job

2007-10-13 23:00:00 350 --a------ C:\WINDOWS\Tasks\At48.job

2007-10-13 23:00:00 350 --a------ C:\WINDOWS\Tasks\At24.job

2007-10-13 22:00:00 350 --a------ C:\WINDOWS\Tasks\At71.job

2007-10-13 22:00:00 350 --a------ C:\WINDOWS\Tasks\At47.job

2007-10-13 22:00:00 350 --a------ C:\WINDOWS\Tasks\At23.job

2007-10-13 21:00:05 350 --a------ C:\WINDOWS\Tasks\At70.job

2007-10-13 21:00:05 350 --a------ C:\WINDOWS\Tasks\At46.job

2007-10-13 21:00:04 350 --a------ C:\WINDOWS\Tasks\At22.job

2007-10-13 20:00:03 350 --a------ C:\WINDOWS\Tasks\At69.job

2007-10-13 20:00:03 350 --a------ C:\WINDOWS\Tasks\At45.job

2007-10-13 20:00:02 350 --a------ C:\WINDOWS\Tasks\At21.job

2007-10-13 19:00:02 350 --a------ C:\WINDOWS\Tasks\At68.job

2007-10-13 19:00:01 350 --a------ C:\WINDOWS\Tasks\At44.job

2007-10-13 19:00:01 350 --a------ C:\WINDOWS\Tasks\At20.job

2007-10-13 18:00:02 350 --a------ C:\WINDOWS\Tasks\At67.job

2007-10-13 18:00:02 350 --a------ C:\WINDOWS\Tasks\At43.job

2007-10-13 18:00:01 350 --a------ C:\WINDOWS\Tasks\At19.job

2007-10-13 17:00:11 350 --a------ C:\WINDOWS\Tasks\At66.job

2007-10-13 17:00:11 350 --a------ C:\WINDOWS\Tasks\At42.job

2007-10-13 17:00:09 350 --a------ C:\WINDOWS\Tasks\At18.job

2007-10-13 16:00:02 350 --a------ C:\WINDOWS\Tasks\At65.job

2007-10-13 16:00:01 350 --a------ C:\WINDOWS\Tasks\At41.job

2007-10-13 16:00:00 350 --a------ C:\WINDOWS\Tasks\At17.job

2007-10-13 15:00:00 350 --a------ C:\WINDOWS\Tasks\At64.job

2007-10-13 15:00:00 350 --a------ C:\WINDOWS\Tasks\At40.job

2007-10-13 15:00:00 350 --a------ C:\WINDOWS\Tasks\At16.job

2007-10-13 14:00:00 350 --a------ C:\WINDOWS\Tasks\At63.job

2007-10-13 14:00:00 350 --a------ C:\WINDOWS\Tasks\At39.job

2007-10-13 14:00:00 350 --a------ C:\WINDOWS\Tasks\At15.job

2007-10-13 06:00:00 350 --a------ C:\WINDOWS\Tasks\At7.job

2007-10-13 06:00:00 350 --a------ C:\WINDOWS\Tasks\At55.job

2007-10-13 06:00:00 350 --a------ C:\WINDOWS\Tasks\At31.job

2007-10-13 05:00:01 350 --a------ C:\WINDOWS\Tasks\At6.job

2007-10-13 05:00:00 350 --a------ C:\WINDOWS\Tasks\At54.job

2007-10-13 05:00:00 350 --a------ C:\WINDOWS\Tasks\At30.job

2007-10-13 04:00:13 350 --a------ C:\WINDOWS\Tasks\At53.job

2007-10-13 04:00:11 350 --a------ C:\WINDOWS\Tasks\At5.job

2007-10-13 04:00:08 350 --a------ C:\WINDOWS\Tasks\At29.job

2007-10-13 03:00:05 350 --a------ C:\WINDOWS\Tasks\At52.job

2007-10-13 03:00:05 350 --a------ C:\WINDOWS\Tasks\At4.job

2007-10-13 03:00:04 350 --a------ C:\WINDOWS\Tasks\At28.job

2007-10-13 02:00:01 350 --a------ C:\WINDOWS\Tasks\At51.job

2007-10-13 02:00:00 350 --a------ C:\WINDOWS\Tasks\At3.job

2007-10-13 02:00:00 350 --a------ C:\WINDOWS\Tasks\At27.job

2007-10-13 01:00:03 350 --a------ C:\WINDOWS\Tasks\At50.job

2007-10-13 01:00:02 350 --a------ C:\WINDOWS\Tasks\At26.job

2007-10-13 01:00:02 350 --a------ C:\WINDOWS\Tasks\At2.job

2007-10-13 00:01:40 568 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - colleen.job

2007-10-12 17:34:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2007-10-10 13:00:00 350 --a------ C:\WINDOWS\Tasks\At62.job

2007-10-10 13:00:00 350 --a------ C:\WINDOWS\Tasks\At38.job

2007-10-10 13:00:00 350 --a------ C:\WINDOWS\Tasks\At14.job

2007-10-10 12:00:00 350 --a------ C:\WINDOWS\Tasks\At61.job

2007-10-10 12:00:00 350 --a------ C:\WINDOWS\Tasks\At37.job

2007-10-10 12:00:00 350 --a------ C:\WINDOWS\Tasks\At13.job

2007-10-10 09:00:01 350 --a------ C:\WINDOWS\Tasks\At58.job

2007-10-10 09:00:01 350 --a------ C:\WINDOWS\Tasks\At34.job

2007-10-10 09:00:01 350 --a------ C:\WINDOWS\Tasks\At10.job

2007-10-10 08:00:02 350 --a------ C:\WINDOWS\Tasks\At9.job

2007-10-10 08:00:02 350 --a------ C:\WINDOWS\Tasks\At57.job

2007-10-10 08:00:01 350 --a------ C:\WINDOWS\Tasks\At33.job

2007-10-10 07:00:00 350 --a------ C:\WINDOWS\Tasks\At8.job

2007-10-10 07:00:00 350 --a------ C:\WINDOWS\Tasks\At56.job

2007-10-10 07:00:00 350 --a------ C:\WINDOWS\Tasks\At32.job

2007-10-08 11:00:00 350 --a------ C:\WINDOWS\Tasks\At60.job

2007-10-08 11:00:00 350 --a------ C:\WINDOWS\Tasks\At36.job

2007-10-08 11:00:00 350 --a------ C:\WINDOWS\Tasks\At12.job

2007-10-02 10:00:03 350 --a------ C:\WINDOWS\Tasks\At59.job

2007-10-02 10:00:02 350 --a------ C:\WINDOWS\Tasks\At35.job

2007-10-02 10:00:02 350 --a------ C:\WINDOWS\Tasks\At11.job

2007-09-23 09:00:01 386 --a------ C:\WINDOWS\Tasks\rpc.job

-- Files created between 2007-09-14 and 2007-10-14 -----------------------------

2007-10-13 18:03:05 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2007-10-13 18:01:35 0 d-------- C:\Program Files\Video Add-on

2007-09-30 14:57:53 0 d-------- C:\Documents and Settings\TT\Contacts

2007-09-26 18:52:32 0 d-------- C:\WINDOWS\VirtualEar

2007-09-26 18:52:32 65536 --a------ C:\WINDOWS\system32\Audio3d.dll <Not Verified; Sensaura Ltd; Sensaura>

2007-09-26 18:52:31 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>

2007-09-26 18:52:30 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>

2007-09-26 18:35:42 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser.COLLEEN-47668B4\Templates

2007-09-26 18:35:42 0 dr------- C:\Documents and Settings\LogMeInRemoteUser.COLLEEN-47668B4\Start Menu

2007-09-26 18:35:42 0 dr-h----- C:\Documents and Settings\LogMeInRemoteUser.COLLEEN-47668B4\SendTo

2007-09-26 18:35:42 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser.COLLEEN-47668B4\Recent

2007-09-26 18:35:42 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser.COLLEEN-47668B4\PrintHood

2007-09-26 18:35:42 262144 --ah----- C:\Documents and Settings\LogMeInRemoteUser.COLLEEN-47668B4\NTUSER.DAT

2007-09-26 18:35:42 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser.COLLEEN-47668B4\NetHood

2007-09-26 18:35:42 0 d-------- C:\Documents and Settings\LogMeInRemoteUser.COLLEEN-47668B4\My Documents

2007-09-26 18:35:42 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser.COLLEEN-47668B4\Local Settings

2007-09-26 18:35:42 0 d-------- C:\Documents and Settings\LogMeInRemoteUser.COLLEEN-47668B4\Favorites

2007-09-26 18:35:42 0 d-------- C:\Documents and Settings\LogMeInRemoteUser.COLLEEN-47668B4\Desktop

2007-09-26 18:35:42 0 d---s---- C:\Documents and Settings\LogMeInRemoteUser.COLLEEN-47668B4\Cookies

2007-09-26 18:35:42 0 dr-h----- C:\Documents and Settings\LogMeInRemoteUser.COLLEEN-47668B4\Application Data

2007-09-26 18:35:42 0 d---s---- C:\Documents and Settings\LogMeInRemoteUser.COLLEEN-47668B4\Application Data\Microsoft

2007-09-26 18:32:07 0 d-------- C:\Program Files\LogMeIn

2007-09-26 11:09:45 0 d-------- C:\Documents and Settings\colleen\Application Data\Apple Computer

2007-09-26 11:00:09 0 d-------- C:\Program Files\Common Files\Apple

2007-09-26 10:42:26 0 d-------- C:\Program Files\Apple Software Update

2007-09-26 10:42:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple

2007-09-26 10:32:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2007-09-23 19:05:59 0 d-------- C:\Program Files\MSN Messenger

2007-09-20 03:03:03 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-09-18 21:32:27 0 d-------- C:\Documents and Settings\colleen\Contacts

2007-09-18 21:29:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar

2007-09-18 21:26:00 0 d-------- C:\Program Files\Windows Live Toolbar

2007-09-18 21:22:31 0 d------c- C:\WINDOWS\system32\DRVSTORE

2007-09-16 20:11:05 0 d-------- C:\Documents and Settings\colleen\Application Data\MSNInstaller

2007-09-15 10:17:54 0 --a------ C:\WINDOWS\nsreg.dat

2007-09-15 10:17:07 0 d-------- C:\Documents and Settings\TT\Application Data\Mozilla

2007-09-14 14:08:26 0 d--hs---- C:\found.001

-- Find3M Report ---------------------------------------------------------------

2007-10-14 00:24:37 0 d-------- C:\Program Files\Common Files\Symantec Shared

2007-10-11 13:55:43 12800 --a-s---- C:\WINDOWS\system32\sttwrd.dll

2007-09-30 17:26:52 0 d-------- C:\Program Files\MySpace

2007-09-26 18:52:31 0 d-------- C:\Program Files\Analog Devices

2007-09-26 15:50:09 0 d-------- C:\Program Files\Real

2007-09-26 11:00:09 0 d-------- C:\Program Files\Common Files

2007-09-22 22:32:57 0 d-------- C:\Program Files\Common Files\Real

2007-09-22 22:32:04 0 d-------- C:\Documents and Settings\colleen\Application Data\Real

2007-09-21 20:34:24 0 d-------- C:\Program Files\poolsv

2007-09-18 13:35:51 0 d-------- C:\Program Files\Symantec

2007-09-13 14:02:29 0 d--h----- C:\Program Files\InstallShield Installation Information

2007-09-10 19:29:14 0 d-------- C:\Program Files\Yahoo!

2007-09-10 19:10:13 0 d-------- C:\Documents and Settings\colleen\Application Data\Yahoo!

2007-09-08 02:42:15 0 d-------- C:\Program Files\Google

2007-09-01 22:54:44 0 d-------- C:\Documents and Settings\colleen\Application Data\Google

2007-08-25 05:31:53 0 d-------- C:\Program Files\Modem Helper

2007-08-21 02:15:44 683520 --a------ C:\WINDOWS\system32\inetcomm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

2007-07-29 07:03:54 1156 --a------ C:\WINDOWS\mozver.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{040FA520-78C6-41ce-81D0-9E733ABC1A29}]

C:\WINDOWS\system32\comi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]

C:\WINDOWS\xhelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B45FC20D-6906-4E72-AA59-392CC61FDAA9}]

07/05/2003 11:54 PM 152064 --a------ C:\WINDOWS\system32\reginix86b.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFE15135-C591-4000-A55E-A50E5F9F82BC}]

10/14/2007 12:22 AM 11776 --a------ C:\Program Files\Video Add-on\isfmdl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 06:30 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoActiveDesktop"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"start"=C:\Program Files\Video Add-on\isfmntr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{f0c5ef8b-f4bb-4612-9ea8-361fff3da3d5}"= C:\WINDOWS\system32\sttwrd.dll [10/11/2007 01:55 PM 12800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

LMIinit.dll 05/25/2007 03:22 PM 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiSpyGolden 5.1]

"C:\Program Files\AntiSpyGolden 5.1\AntiSpyGolden 5.1.exe" /h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiVirGear 3.8]

"C:\Program Files\AntiVirGear 3.8\AntiVirGear 3.8.exe" /h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClientGW]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eSnips]

"C:\Program Files\eSnips\ClientGW.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

"C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]

"C:\Program Files\Norton Internet Security\osCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]

"C:\Program Files\Spyware Doctor\SDTrayApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusRanger]

C:\Program Files\VirusRanger\VirusRanger.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]

"C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

*Newly Created Service* - COMHOST

-- End of Deckard's System Scanner: finished at 2007-10-14 00:37:40 ------------

Extra

Deckard's System Scanner v20070905.67

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0

Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.53GHz

Percentage of Memory in Use: 51%

Physical Memory (total/avail): 253.98 MiB / 122.3 MiB

Pagefile Memory (total/avail): 624.99 MiB / 373.94 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1975.2 MiB

A: is Removable (No Media)

C: is Fixed (NTFS) - 37.24 GiB total, 27.14 GiB free.

D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD400BB-75JHC0 - 37.25 GiB - 1 partition

\PARTITION0 (bootable) - Installable File System - 37.24 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton Internet Security v2007 (Symantec Corporation)

AV: Norton Internet Security v2007 (Symantec Corporation)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"

"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"

"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\colleen\Application Data

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=COLLEEN-47668B4

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\colleen

LOGONSERVER=\\COLLEEN-47668B4

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=0401

ProgramFiles=C:\Program Files

PROMPT=$P$G

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\colleen\LOCALS~1\Temp

TMP=C:\DOCUME~1\colleen\LOCALS~1\Temp

USERDOMAIN=COLLEEN-47668B4

USERNAME=colleen

USERPROFILE=C:\Documents and Settings\colleen

windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

colleen (admin)

TT (admin)

LogMeInRemoteUser (admin)

LogMeInRemoteUser.COLLEEN-47668B4 (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock

AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}

Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}

Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}

AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}

Broadcom Driver Installer --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033

ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}

Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf

Dell Photo AIO Printer 924 --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlccUNST.EXE -NOLICENSE

Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"

DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER

DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

IE Custom Tools --> "C:\Program Files\Video Add-on\ictun.exe"

IE Safety Features --> "C:\Program Files\Video Add-on\isfun.exe"

Imikimi Plugin 0.3.0 --> MsiExec.exe /I{3E99B1F8-61B7-4317-AB38-855810CCE5C3}

Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572

Intel® PRO Network Adapters and Drivers --> Prounstl.exe

Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U

LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}

LogMeIn --> MsiExec.exe /I{3FEC3A5B-60FF-4626-B425-08E09B121A15}

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel

Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\colleen\Application Data\Move Networks\ie_bin\Uninst.exe

Move Networks Player for Internet Explorer --> "C:\Documents and Settings\colleen\Application Data\Move Networks\ie_bin\unins000.exe"

Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}

MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe

Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}

Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}

Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}

Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}

Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}

Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}

Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}

Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_0_1_86\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X

Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\100\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly

SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}

SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}

Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{1707BF02-0F5C-4A6C-8F17-053BB73E443F}

Verizon Online DSL --> C:\Program Files\Common Files\SupportSoft\Verizon\vzuninstall.exe /starthidden

Verizon Online Help and Support --> C:\PROGRA~1\Verizon\UNWISE.EXE C:\PROGRA~1\Verizon\INSTALL.LOG

Video Add-on --> C:\Program Files\Video Add-on\uninst.exe

Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}

Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}

Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Safety Alert --> C:\Documents and Settings\colleen\Local Settings\Temp\laf1.exe /del

Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll

-- Application Event Log -------------------------------------------------------

Event Record #/Type13014 / Error

Event Submitted/Written: 10/14/2007 00:24:32 AM

Event ID/Source: 8 / crypt32

Event Description:

Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type12995 / Error

Event Submitted/Written: 10/14/2007 00:02:04 AM

Event ID/Source: 1002 / Application Hang

Event Description:

Hanging application firefox.exe, version 1.8.20070.25881, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type12987 / Success

Event Submitted/Written: 10/13/2007 11:00:52 PM

Event ID/Source: 12001 / usnjsvc

Event Description:

The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type12961 / Success

Event Submitted/Written: 10/13/2007 10:49:42 PM

Event ID/Source: 12001 / usnjsvc

Event Description:

The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type12916 / Success

Event Submitted/Written: 10/13/2007 10:33:17 PM

Event ID/Source: 12001 / usnjsvc

Event Description:

The Messenger Sharing USN Journal Reader service started successfully.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type23854 / Error

Event Submitted/Written: 10/14/2007 00:00:01 AM

Event ID/Source: 7901 / Schedule

Event Description:

The At49.job command failed to start due to the following error:

%%2147942402

Event Record #/Type23853 / Error

Event Submitted/Written: 10/14/2007 00:00:01 AM

Event ID/Source: 7901 / Schedule

Event Description:

The At25.job command failed to start due to the following error:

%%2147942402

Event Record #/Type23852 / Error

Event Submitted/Written: 10/14/2007 00:00:00 AM

Event ID/Source: 7901 / Schedule

Event Description:

The At1.job command failed to start due to the following error:

%%2147942402

Event Record #/Type23836 / Error

Event Submitted/Written: 10/13/2007 11:00:00 PM

Event ID/Source: 7901 / Schedule

Event Description:

The At72.job command failed to start due to the following error:

%%2147942402

Event Record #/Type23835 / Error

Event Submitted/Written: 10/13/2007 11:00:00 PM

Event ID/Source: 7901 / Schedule

Event Description:

The At48.job command failed to start due to the following error:

%%2147942402

-- End of Deckard's System Scanner: finished at 2007-10-14 00:37:40 ------------

[Andro1d]

Hello and Welcome to BT.

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Sorry for the delay, we have been quite busy around here.

Download ComboFix from Here or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
  
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
  

Note: Do not mouseclick combofix's window while its running. That may cause it to stall