yea this message comes in saying: services and controller app has encountered a problem and needs to close

c/windows/system 32/services.exe terminated unexpectedly with status code 1073741819. the system will now shut down and restart

can someone tell me what this is?!

Welcome to PC Guide kevster16.

It could be a virus from searching google for "status code 1073741819", the spyware people can advice you more.
If so please read How to Create and Post a Hijackthis Log (http://www.pcguide.com/vb/showthread.php?t=60009) and post it in this section of the forum Applications and Security (http://www.pcguide.com/vb/forumdisplay.php?f=34)

yea this message comes in saying: services and controller app has encountered a problem and needs to close

c/windows/system 32/services.exe terminated unexpectedly with status code 1073741819. the system will now shut down and restart

can someone tell me what this is?!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:50 AM, on 12/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\TEMP\CC769D84.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\PhanTim3\PhanTim3.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=oN7sc-J3cYqSaYalOBoXhpFgf5M
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {40498DEF-8B13-44A6-A1A7-69DFE36E9210} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL (file missing)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

Hi,
Can also be caused by McAfee apparently..:confused:
LINK (http://techrepublic.com.com/5208-6230-0.html?forumID=102&threadID=203038&messageID=2332267)

Fred..;)

c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Mode Load Mpeg Less] C:\Documents and Settings\All Users\Application Data\two setup mode load\Roam soft.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [hjyufsdf] C:\WINDOWS\TEMP\CC769D84.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LOCKSGRID] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\JUGSMI~1\ProcPlan .exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [PhanTim31] "C:\Program Files\PhanTim3\PhanTim3.exe" 1
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: RollerCoaster Tycoon 3_ Wild Registration.lnk = C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Temp\{989DBA4F-F483-4344-88FC-D2FBC77103AD}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - [url]http://favorites.live.com/quickadd.aspx[/url]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)
O9 - Extra 'Tools' menuitem: Congoo Toolbar - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - [url]http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab[/url]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14164 bytes


what now? lol

interesting, but i took off McAfee so yea thats prolly not the problem

http://www.pcguide.com/vb/showthread.php?t=61349

oh n when i click on media center this error message comes n says: to run this application, you first must install one of the following versions of the .NET Framework: v1.1.4322

Whoa...this was getting a bit confusing... I combined the two threads...

It's Okay to post a HJT log into a thread that already exists if the request logically follows the troubleshooting process. If the whole thread needs to be moved to a more appropriate forum the mods will take care of that.

but guys what about my problem!?

You have LOP and some other infections... Did you install MessengerPlus3 and then remove it?? If so, you will need to reinstall it and then uninstall it... If not, we will need to use another approach to remove LOP... We will address the other issues after your respond to this...

Meanwhile, you are running WeatherBug which is ad supported and has a history of malware activity... I would not tolerate it on my computer, but you can simply uninstall it if you choose to remove it...

You also have parts of MyWebSearch... Some parts are clearly malware, but you have the parts that are less clear... I suggest uninstalling it as well...

You also have PhanTim3 which has some malware properties and I suggest removing it unless it is crucial for you...

If you take any action, please post a fresh HJT log after reboot...

hey guys we have a bigger problem now my internet is not working properly i think is the fact that somthing is blocking it

is saying internet explorer cannot display the webpage

thanks,
kevin

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\TEMP\CC769D84.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=oN7sc-J3cYqSaYalOBoXhpFgf5M
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {40498DEF-8B13-44A6-A1A7-69DFE36E9210} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL (file missing)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Mode Load Mpeg Less] C:\Documents and Settings\All Users\Application Data\two setup mode load\Roam soft.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [hjyufsdf] C:\WINDOWS\TEMP\CC769D84.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LOCKSGRID] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\JUGSMI~1\ProcPlan .exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: RollerCoaster Tycoon 3_ Wild Registration.lnk = C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Temp\{989DBA4F-F483-4344-88FC-D2FBC77103AD}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - [url]http://favorites.live.com/quickadd.aspx[/url]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)
O9 - Extra 'Tools' menuitem: Congoo Toolbar - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - [url]http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab[/url]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13266 bytes

I don't know why you posted another log... Please note what you have done and what happened... Please post the entire log when you post logs...

^buddy u told me to do it, and man can u please help me figure out wats wrong with my internet! theres something stopping it, like it would try to go in but it wont work

^buddy u told me to do it, and man can u please help me figure out wats wrong with my internet! theres something stopping it, like it would try to go in but it wont work

I asked you to post the log if you changed anything... I don't know if you changed anything and you have not answered my questions... Without information I can't help you... Would you like your doctor to take out your tonsils in total darkness??

^k listen, im kinda frustrated do to the fact that my comp is so messed up!
what questions do you want me to answer?? i mean i joined this website to see if i could get some help concerning:

services and controller app has encountered a problem and needs to close

c/windows/system 32/services.exe terminated unexpectedly with status code 1073741819. the system will now shut down and restart

and theres no one in here that has given me a clear response, i downloaded "hijackthis" and i've done everything that i know and i still have the same problem!

You have LOP and some other infections... Did you install MessengerPlus3 and then remove it?? If so, you will need to reinstall it and then uninstall it... If not, we will need to use another approach to remove LOP... We will address the other issues after your respond to this...

Meanwhile, you are running WeatherBug which is ad supported and has a history of malware activity... I would not tolerate it on my computer, but you can simply uninstall it if you choose to remove it...

You also have parts of MyWebSearch... Some parts are clearly malware, but you have the parts that are less clear... I suggest uninstalling it as well...

You also have PhanTim3 which has some malware properties and I suggest removing it unless it is crucial for you...

If you take any action, please post a fresh HJT log after reboot...

This is what I asked you before... Did you install MessengerPlus3?? Are you wanting to do anything about these optional issues or did you do anything?? If you want to keep posting vague responses to my questions, this can go on for a long time... However, keep in mind that we are all volunteers here and we help because we want to, not because you are paying or have any basic right to help... If you want help, I suggest an attitude adjustment and I suggest you give me as much information as possible regarding the things I have asked and what you have done to your computer to address the problem...

^k listen im really sorry if i wasnt clear or i acted a little immature.

yea i took MessengerPlus out of my comp all i have is msn now i also took phamtim3, i don't know about weatherbug though cause i don't think thats the problem. and about my internet it would work but then after a while it would just say page cannot be displayed. so i have internet but i think there might be some program that might be blocking it. i use comcast high speed internet i called them and they told me everything is working fine. so i don't know

^nvm that post i downloaded taskmanager17 and took out this file that was not letting me connect to the internet, so everything is good! thanks for your help

Well, good luck with that... Your computer is still infected and you are running some programs that may infect it again, but it is your choice...

^yea it is running a little slow but what else can i do? like to not let my comp get infected again

Before protecting it for the future, you need to clean it for now... Run this and we will see what is left:

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop (it needs to be run from the Desktop).
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall...

^k got it,

ComboFix 07-12-21.4 - Owner 2007-12-28 12:35:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1205 [GMT -5:00]
Running from: C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Starware365
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\lottery.bmp
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\starware_toolbar_icon.bmp
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\sweepstakes.bmp
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware365\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware365\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware365\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware365\contexts\travel.xml
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\PrivacyProtector Free
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\PrivacyProtector Free\Logs\update.log
C:\Program Files\Common Files\Yazzle1718OinUninstaller.exe
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\ActiveDesktop\bin\ActiveDes ktopExe.exe
C:\Program Files\screensavers.com\SSSInstaller\bin\screensave rs.exe
C:\Program Files\screensavers.com\SSSInstaller\bin\sinstaller 3.exe
C:\Program Files\screensavers.com\SSSInstaller\bin\SSSInstall er.dll
C:\Program Files\screensavers.com\SSSUninst.exe
C:\WINDOWS\system32\xpdx.sys
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NTIO256
-------\ntio256
-------\xpdx


((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))
.

2007-12-28 10:49 . 2007-12-28 10:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-28 10:49 . 2007-12-28 10:49 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-27 16:53 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-27 15:30 . 2007-12-27 16:00 <DIR> d-------- C:\Program Files\Security Task Manager
2007-12-27 15:30 . 2007-12-27 16:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-27 13:03 . 2007-12-27 13:03 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-12-27 11:41 . 2007-12-27 11:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Support.com
2007-12-27 11:41 . 2007-12-27 11:41 1,129 --a------ C:\net_save.dna
2007-12-26 10:16 . 2007-12-26 21:41 <DIR> d-------- C:\HJT
2007-12-26 09:56 . 2007-12-26 09:56 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-12-25 22:40 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-25 21:51 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-12-25 21:49 . 2007-12-25 21:49 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-25 15:55 . 2007-12-25 15:55 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Sony Corporation
2007-12-25 15:55 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-12-25 15:55 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-12-25 15:46 . 2007-12-25 15:46 <DIR> d-------- C:\Program Files\Sony
2007-12-25 13:15 . 2007-12-26 19:26 <DIR> d-------- C:\Documents and Settings\Administrator\Apps
2007-12-25 00:04 . 2007-12-25 00:04 <DIR> d-------- C:\Program Files\Maxis
2007-12-25 00:04 . 2007-12-25 13:14 534 --a------ C:\WINDOWS\eReg.dat
2007-12-19 15:59 . 2007-12-19 15:59 <DIR> d-------- C:\Program Files\QuickTime
2007-12-19 15:58 . 2007-12-19 15:58 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-19 15:50 . 2007-12-19 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-19 15:31 . 2007-12-27 16:29 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Vista Start Menu
2007-12-19 14:58 . 2007-12-26 19:55 <DIR> d-------- C:\Program Files\PhanTim3
2007-12-16 17:28 . 2007-12-16 17:28 <DIR> d-------- C:\Screensavers.com
2007-12-15 22:25 . 2007-12-15 22:25 29,184 --a------ C:\WINDOWS\system32\sstunst2.exe
2007-12-11 21:48 . 2007-12-27 14:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\two setup mode load
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 15:38 . 2007-12-09 15:38 <DIR> d-------- C:\Program Files\7art
2007-12-09 13:28 . 2007-12-09 13:28 268 --ah----- C:\sqmdata05.sqm
2007-12-09 13:28 . 2007-12-09 13:28 244 --ah----- C:\sqmnoopt05.sqm
2007-12-09 13:25 . 2007-12-09 13:25 268 --ah----- C:\sqmdata04.sqm
2007-12-09 13:25 . 2007-12-09 13:25 244 --ah----- C:\sqmnoopt04.sqm
2007-12-09 00:10 . 2007-12-09 00:10 268 --ah----- C:\sqmdata03.sqm
2007-12-09 00:10 . 2007-12-09 00:10 244 --ah----- C:\sqmnoopt03.sqm
2007-12-08 23:34 . 2007-12-08 23:34 268 --ah----- C:\sqmdata02.sqm
2007-12-08 23:34 . 2007-12-08 23:34 244 --ah----- C:\sqmnoopt02.sqm
2007-12-08 22:42 . 2007-12-08 22:45 <DIR> d-------- C:\Program Files\Vista Buttons Trial
2007-12-08 22:21 . 2007-12-19 15:31 <DIR> d-------- C:\Program Files\Vista Start Menu
2007-12-08 21:48 . 2007-12-08 21:48 137,216 --a------ C:\WINDOWS\epuninstall.exe
2007-12-04 16:08 . 2004-08-10 14:00 716,856 --a--c--- C:\WINDOWS\system32\dllcache\imjpcus.dll
2007-11-30 22:54 . 2007-11-30 22:54 <DIR> d-------- C:\Program Files\Windows Live Favorites

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-28 17:29 --------- d-----w C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\ComcastToolbar
2007-12-28 13:00 --------- d-----w C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\AVG7
2007-12-27 19:15 --------- d-----w C:\Program Files\MSN Messenger
2007-12-27 19:03 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-27 18:03 --------- d-----w C:\Program Files\Google
2007-12-27 17:57 --------- d-----w C:\Program Files\Yahoo!
2007-12-27 16:41 --------- d-----w C:\Program Files\support.com
2007-12-27 02:20 --------- d-----w C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Yahoo!
2007-12-27 02:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-27 00:38 --------- d-----w C:\Program Files\BigFix
2007-12-26 04:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-26 00:19 806 ----a-w C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\wklnhst.dat
2007-12-25 21:49 --------- d-----w C:\Program Files\The Weather Channel FW
2007-12-25 20:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-24 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-12-21 18:47 --------- d-----w C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\WeatherBug
2007-12-19 20:50 --------- d-----w C:\Program Files\Apple Software Update
2007-12-09 04:33 --------- d-----w C:\Program Files\Paltalk Messenger
2007-12-09 04:33 --------- d-----w C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Paltalk
2007-12-01 03:54 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-27 22:34 --------- d-----w C:\Program Files\Keyfinder Advanced 2007 (Trial Version)
2007-11-24 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-11-24 14:34 --------- d-----w C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\skypePM
2007-11-24 03:45 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-21 11:56 12,254,415 ------w C:\avg7qt.dat
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 00:47 --------- d-----w C:\Program Files\Java
2006-12-27 02:54 78,432 ----a-w C:\Program Files\MF
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2006-04-07 15:02]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-16 20:17]
"Power2GoExpress"="NA" []
"Microsoft Location Finder"="C:\Program Files\Microsoft Location Finder\LocationFinder.exe" [2006-11-14 12:22]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-09-29 15:22]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"VistaStartMenu"="C:\Program Files\Vista Start Menu\VistaStartMenu.exe" [2007-12-12 06:53]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-14 04:01 C:\WINDOWS\RTHDCPL.exe]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 20:44]
"nwiz"="nwiz.exe" [2005-09-18 10:32 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-10 14:00 C:\WINDOWS\system32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 14:00 C:\WINDOWS\system32\rundll32.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 07:13]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56]
"CHotkey"="zHotkey.exe" [2004-12-08 19:57 C:\WINDOWS\zHotkey.exe]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 18:19 C:\WINDOWS\arpwrmsg.exe]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-14 11:31]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-23 10:15]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 14:49]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-22 13:50]

C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-25 15:46:19]
PowerReg Scheduler V3.exe [2006-12-18 22:15:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner.YOUR-DC3E0B8F38^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner.YOUR-DC3E0B8F38^Start Menu^Programs^Startup^RollerCoaster Tycoon 3_ Wild Registration.lnk]
path=C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Start Menu\Programs\Startup\RollerCoaster Tycoon 3_ Wild Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3_ Wild Registration.lnkStartup


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f7e6734b-27be-11db-b115-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-12-26 21:32:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-12-28 16:56:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
************************************************** ************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-12-28 12:41:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-12-28 12:42:59 - machine was rebooted [Owner]
.
2007-12-28 12:45:21 --- E O F ---

That got some, but you still have several other things in there... Please run these tools...

http://www.atribune.org/ccount/click.php?id=1

* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.

If you use Firefox browser

* Click Firefox at the top and choose:Select All
* Click the Empty Selected button.
* NOTE: If you would like to keep your saved passwords, please click
* No at the prompt.

If you use Opera browser

* Click Opera at the top and choose: Select All
* Click the Empty Selected button.
* NOTE:If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

And then.......

Download AVG Anti-Spyware from HERE (http://www.ewido.net/en/download/)
Install AVG Anti-Spyware
Double-click the icon on Desktop to launch AVG Anti-Spyware
You will need to update AVG Anti-Spyware to the latest definition files.
On the top of the main screen click Shield and then [active] to change it to inactive
On the top of the main screen click Update and then Start Update.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".


Close ALL open Windows / Programs / Folders. Run AVG Anti-Spyware with it's updated definitions: (...it's important that all windows must be closed)

* Click Scanner and then the Scan tab
* Click Complete System Scan to begin scanning.

Once the scan is complete do the following:
* If you have any infections you will prompted, then select "Apply all actions"
* Once finished, click the Save report button, then click Save Report As and save it to your Desktop. (make sure to remember where you saved that file, this is important).

Close AVG Anti-Spyware and Reboot.

and one more.................

* Download Dr.Web CureIt to the Desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.


Hopefully that will clear up most of the rest...

^dude surprisingly it only had 1 virus haha so yea we took them all off i think.

all it said on that report is that: aqsrchas.dllc:/prograp files/askbar/srchastt/1.bin;adware Msearch;Incurable. Moved:

so i think thats it right...

thanks for your help man i really appreciate it

If that is the way you want it... I asked for 2 logs and you gave me one line... I would think that by now you would want to get more confirmation that your computer is clean...

^but dude thats all they gave me haha, u just tell me what else to do n ill do it, anything to keep my comp from getting viruses! im just thanking you man

i already had AVG so i didn't download that one, but the other 2 i did exactly what you said

imma do the AVG scan now n ill see what they say

C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP322\A0082874.exe -> Adware.Comet : Ignored.
C:\qoobox\Quarantine\C\Program Files\Screensavers.com\SSSInstaller\bin\screensave rs.exe.vir -> Adware.Comet : Ignored.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP322\A0082876.dll -> Not-A-Virus.Adware.Comet : Ignored.
C:\qoobox\Quarantine\C\Program Files\Screensavers.com\SSSInstaller\bin\SSSInstall er.dll.vir -> Not-A-Virus.Adware.Comet : Ignored.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@oasc02.247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@oasc09.247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.11:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\jrkwbwvw.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\jrkwbwvw.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.43:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.47:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.19:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.20:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.21:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.22:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.23:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.25:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.26:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.27:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.37:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.40:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.30:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.50:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.24:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.44:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.45:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.46:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.26:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\jrkwbwvw.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.28:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\jrkwbwvw.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.32:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\jrkwbwvw.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.61:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.62:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.63:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.64:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.65:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.51:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.32:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.33:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.34:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.35:C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Mozilla\Firefox\Profiles\fdmek1gs.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Cookies\owner@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Did you update AVG-AS before you ran it??

You need to clear System Restore and set a new Restore Point...

Turn off System Restore
To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer and then click Properties.
2. Click the System Restore tab.
3. Select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

To turn System Restore on again, wait a few moments for the Restore Points to clear and then follow this step:
1. Clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box) and then click OK.

Then download a fresh copy of ComboFix and run it again so we can see if there is anything in your log...

^yea i updated,

i got a new log but i don't know what happened to it, i had to turn off my comp cause my internet stopped working after i did that scan. were can i look to find it

It should be in the folder where you installed ComboFix and that means it is likely to be on your Desktop... It is Combofix.txt...

ComboFix 07-12-21.4 - Owner 2007-12-28 22:25:17.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1179 [GMT -5:00]
Running from: C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Temporary Internet Files\Content.IE5\Z4GT6580\ComboFix[1].exe
.

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 )))))))))))))))))))))))))))))))
.

2007-12-28 20:36 . 2007-12-28 20:36 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Grisoft
2007-12-28 18:51 . 2007-12-28 18:54 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\DoctorWeb
2007-12-27 16:53 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-27 15:30 . 2007-12-27 16:00 <DIR> d-------- C:\Program Files\Security Task Manager
2007-12-27 15:30 . 2007-12-27 16:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-27 13:03 . 2007-12-27 13:03 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-12-27 11:41 . 2007-12-27 11:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Support.com
2007-12-27 11:41 . 2007-12-27 11:41 1,129 --a------ C:\net_save.dna
2007-12-26 10:16 . 2007-12-26 21:41 <DIR> d-------- C:\HJT
2007-12-26 09:56 . 2007-12-26 09:56 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-12-25 22:40 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-25 21:51 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-12-25 21:49 . 2007-12-25 21:49 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-25 15:55 . 2007-12-25 15:55 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Sony Corporation
2007-12-25 15:55 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-12-25 15:55 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-12-25 15:46 . 2007-12-25 15:46 <DIR> d-------- C:\Program Files\Sony
2007-12-25 13:15 . 2007-12-26 19:26 <DIR> d-------- C:\Documents and Settings\Administrator\Apps
2007-12-25 00:04 . 2007-12-25 00:04 <DIR> d-------- C:\Program Files\Maxis
2007-12-25 00:04 . 2007-12-25 13:14 534 --a------ C:\WINDOWS\eReg.dat
2007-12-19 15:59 . 2007-12-19 15:59 <DIR> d-------- C:\Program Files\QuickTime
2007-12-19 15:58 . 2007-12-19 15:58 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-19 15:50 . 2007-12-19 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-19 15:31 . 2007-12-28 22:18 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Vista Start Menu
2007-12-19 14:58 . 2007-12-26 19:55 <DIR> d-------- C:\Program Files\PhanTim3
2007-12-16 17:28 . 2007-12-16 17:28 <DIR> d-------- C:\Screensavers.com
2007-12-15 22:25 . 2007-12-15 22:25 29,184 --a------ C:\WINDOWS\system32\sstunst2.exe
2007-12-11 21:48 . 2007-12-27 14:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\two setup mode load
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 15:38 . 2007-12-09 15:38 <DIR> d-------- C:\Program Files\7art
2007-12-09 13:28 . 2007-12-09 13:28 268 --ah----- C:\sqmdata05.sqm
2007-12-09 13:28 . 2007-12-09 13:28 244 --ah----- C:\sqmnoopt05.sqm
2007-12-09 13:25 . 2007-12-09 13:25 268 --ah----- C:\sqmdata04.sqm
2007-12-09 13:25 . 2007-12-09 13:25 244 --ah----- C:\sqmnoopt04.sqm
2007-12-09 00:10 . 2007-12-09 00:10 268 --ah----- C:\sqmdata03.sqm
2007-12-09 00:10 . 2007-12-09 00:10 244 --ah----- C:\sqmnoopt03.sqm
2007-12-08 23:34 . 2007-12-08 23:34 268 --ah----- C:\sqmdata02.sqm
2007-12-08 23:34 . 2007-12-08 23:34 244 --ah----- C:\sqmnoopt02.sqm
2007-12-08 22:42 . 2007-12-08 22:45 <DIR> d-------- C:\Program Files\Vista Buttons Trial
2007-12-08 22:21 . 2007-12-19 15:31 <DIR> d-------- C:\Program Files\Vista Start Menu
2007-12-08 21:48 . 2007-12-08 21:48 137,216 --a------ C:\WINDOWS\epuninstall.exe
2007-12-04 16:08 . 2004-08-10 14:00 716,856 --a--c--- C:\WINDOWS\system32\dllcache\imjpcus.dll
2007-11-30 22:54 . 2007-11-30 22:54 <DIR> d-------- C:\Program Files\Windows Live Favorites

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-29 03:04 --------- d-----w C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\ComcastToolbar
2007-12-28 23:56 --------- d-----w C:\Program Files\Google
2007-12-28 13:00 --------- d-----w C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\AVG7
2007-12-27 19:15 --------- d-----w C:\Program Files\MSN Messenger
2007-12-27 19:03 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-27 17:57 --------- d-----w C:\Program Files\Yahoo!
2007-12-27 16:41 --------- d-----w C:\Program Files\support.com
2007-12-27 02:20 --------- d-----w C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Yahoo!
2007-12-27 02:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-27 00:38 --------- d-----w C:\Program Files\BigFix
2007-12-26 04:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-26 00:19 806 ----a-w C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\wklnhst.dat
2007-12-25 21:49 --------- d-----w C:\Program Files\The Weather Channel FW
2007-12-25 20:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-24 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-12-21 18:47 --------- d-----w C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\WeatherBug
2007-12-19 20:50 --------- d-----w C:\Program Files\Apple Software Update
2007-12-09 04:33 --------- d-----w C:\Program Files\Paltalk Messenger
2007-12-09 04:33 --------- d-----w C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Paltalk
2007-12-01 03:54 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-27 22:34 --------- d-----w C:\Program Files\Keyfinder Advanced 2007 (Trial Version)
2007-11-24 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-11-24 14:34 --------- d-----w C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\skypePM
2007-11-24 03:45 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-21 11:56 12,254,415 ------w C:\avg7qt.dat
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 00:47 --------- d-----w C:\Program Files\Java
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 06:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 06:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 06:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 06:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2006-12-27 02:54 78,432 ----a-w C:\Program Files\MF
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2006-04-07 15:02]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-16 20:17]
"Power2GoExpress"="NA" []
"Microsoft Location Finder"="C:\Program Files\Microsoft Location Finder\LocationFinder.exe" [2006-11-14 12:22]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-09-29 15:22]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"VistaStartMenu"="C:\Program Files\Vista Start Menu\VistaStartMenu.exe" [2007-12-12 06:53]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-14 04:01 C:\WINDOWS\RTHDCPL.exe]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 20:44]
"nwiz"="nwiz.exe" [2005-09-18 10:32 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-10 14:00 C:\WINDOWS\system32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 14:00 C:\WINDOWS\system32\rundll32.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 07:13]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56]
"CHotkey"="zHotkey.exe" [2004-12-08 19:57 C:\WINDOWS\zHotkey.exe]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 18:19 C:\WINDOWS\arpwrmsg.exe]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-14 11:31]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-23 10:15]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 14:49]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-22 13:50]

C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-25 15:46:19]
PowerReg Scheduler V3.exe [2006-12-18 22:15:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner.YOUR-DC3E0B8F38^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner.YOUR-DC3E0B8F38^Start Menu^Programs^Startup^RollerCoaster Tycoon 3_ Wild Registration.lnk]
path=C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Start Menu\Programs\Startup\RollerCoaster Tycoon 3_ Wild Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3_ Wild Registration.lnkStartup


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f7e6734b-27be-11db-b115-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-12-26 21:32:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-12-29 02:56:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
************************************************** ************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-12-28 22:27:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-12-28 22:27:36
C:\ComboFix2.txt ... 2007-12-28 12:43
.
2007-12-28 12:45:21 --- E O F ---

^uhhhh is that even the right log it looks like the one i did before im not sure...

oh n this is the only thing Dr.web gave me: a9srchas.dll;c:\program files\askpbar\srchastt\1.bin;Adware.Msearch;Incura ble.Moved.;

and since your helping me already u mind telling me what this is: when i click on media center this error message comes and says: to run this application, you first must install one of the following versions of the .NET Framework: v1.1.4322

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:26 PM, on 12/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=oN7sc-J3cYqSaYalOBoXhpFgf5M
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL (file missing)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe

1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: RollerCoaster Tycoon 3_ Wild Registration.lnk = C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Temp\{989DBA4F-F483-4344-88FC-D2FBC77103AD}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - [url]http://favorites.live.com/quickadd.aspx[/url]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)
O9 - Extra 'Tools' menuitem: Congoo Toolbar - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - [url]http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab[/url]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11294 bytes

You still have LOP and some other junk... I strongly recommend that you uninstall Ask.com which may be listed in your Add or Remove Programs list as MyWebSearch, MyWay, or something similar... It has spyware and adware components... Also, you said you removed PhanTim3, so I included the folder for it in the fix below...

Open Notepad and copy/paste the text in the quotebox below into it:

File::
C:\Program Files\7art

Folder::
C:\WINDOWS\msdownld.tmp
C:\Program Files\PhanTim3
C:\Screensavers.com
C:\Documents and Settings\All Users\Application Data\two setup mode load


Save this as CFScript.txt


http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Referring to the picture above, drag CFScript.txt into ComboFix.exe

Post the log in your next response...

ComboFix 07-12-21.4 - Owner 2007-12-29 17:36:56.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.845 [GMT -5:00]
Running from: C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Program Files\7art
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\two setup mode load
C:\Program Files\PhanTim3
C:\Program Files\PhanTim3\Skins\Harry Potter 5\Harry\back.jpg
C:\Program Files\PhanTim3\Skins\Harry Potter 5\Harry\custom.txt
C:\Program Files\PhanTim3\Skins\Harry Potter 5\Luna\back.jpg
C:\Program Files\PhanTim3\Skins\Harry Potter 5\Luna\custom.txt
C:\Program Files\PhanTim3\Skins\Harry Potter 5\Umbridge 1\back.jpg
C:\Program Files\PhanTim3\Skins\Harry Potter 5\Umbridge 1\custom.txt
C:\Program Files\PhanTim3\Skins\Harry Potter 5\Umbridge 2\back.jpg
C:\Program Files\PhanTim3\Skins\Harry Potter 5\Umbridge 2\custom.txt
C:\Program Files\PhanTim3\Skins\Holiday\Birthday1\back.jpg
C:\Program Files\PhanTim3\Skins\Holiday\Birthday2\back.jpg
C:\Program Files\PhanTim3\Skins\Holiday\Birthday3\back.jpg
C:\Program Files\PhanTim3\Skins\Holiday\Christmas1\back.jpg
C:\Program Files\PhanTim3\Skins\Holiday\Christmas2\back.jpg
C:\Program Files\PhanTim3\Skins\Holiday\Christmas3\back.jpg
C:\Program Files\PhanTim3\Skins\Holiday\Christmas4\back.jpg
C:\Program Files\PhanTim3\Skins\Holiday\Easter1\back.jpg
C:\Program Files\PhanTim3\Skins\Holiday\Easter2\back.jpg
C:\Program Files\PhanTim3\Skins\Holiday\Halloween1\back.jpg
C:\Program Files\PhanTim3\Skins\Holiday\Halloween2\back.jpg
C:\Program Files\PhanTim3\Skins\Holiday\Halloween3\back.jpg
C:\Program Files\PhanTim3\Skins\Holiday\NewYears1\back.jpg
C:\Program Files\PhanTim3\Skins\Holiday\Thanksgiving1\back.jp g
C:\Program Files\PhanTim3\Skins\Holiday\Valentines1\back.jpg
C:\Program Files\PhanTim3\Skins\Holiday\Valentines2\back.jpg
C:\Program Files\PhanTim3\Skins\Nintendo Wii\1\back.jpg
C:\Program Files\PhanTim3\Skins\Nintendo Wii\1\Custom.txt
C:\Program Files\PhanTim3\Skins\Nintendo Wii\2\back.jpg
C:\Program Files\PhanTim3\Skins\Nintendo Wii\2\Custom.txt
C:\Program Files\PhanTim3\Skins\Nintendo Wii\3\back.jpg
C:\Program Files\PhanTim3\Skins\Nintendo Wii\3\Custom.txt
C:\Program Files\PhanTim3\Skins\Nintendo Wii\4\back.jpg
C:\Program Files\PhanTim3\Skins\Nintendo Wii\4\Custom.txt
C:\Program Files\PhanTim3\Skins\Nintendo Wii\5\back.jpg
C:\Program Files\PhanTim3\Skins\Nintendo Wii\5\Custom.txt
C:\Program Files\PhanTim3\Skins\Nintendo Wii\Wii Loaded 1\back.jpg
C:\Program Files\PhanTim3\Skins\Nintendo Wii\Wii Loaded 1\Custom.txt
C:\Program Files\PhanTim3\Skins\Nintendo Wii\Wii Loaded 2\back.jpg
C:\Program Files\PhanTim3\Skins\Nintendo Wii\Wii Loaded 2\Custom.txt
C:\Screensavers.com
C:\Screensavers.com\ActiveDesktop\Secure\dm1EB.tmp .exe
C:\WINDOWS\msdownld.tmp

.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 )))))))))))))))))))))))))))))))
.

2007-12-28 20:36 . 2007-12-28 20:36 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Grisoft
2007-12-28 18:51 . 2007-12-28 18:54 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\DoctorWeb
2007-12-27 16:53 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-27 15:30 . 2007-12-27 16:00 <DIR> d-------- C:\Program Files\Security Task Manager
2007-12-27 15:30 . 2007-12-27 16:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-27 11:41 . 2007-12-27 11:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Support.com
2007-12-27 11:41 . 2007-12-27 11:41 1,129 --a------ C:\net_save.dna
2007-12-26 10:16 . 2007-12-29 17:13 <DIR> d-------- C:\HJT
2007-12-26 09:56 . 2007-12-26 09:56 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-12-25 22:40 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-25 21:51 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-12-25 21:49 . 2007-12-25 21:49 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-25 15:55 . 2007-12-25 15:55 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Sony Corporation
2007-12-25 15:55 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-12-25 15:55 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-12-25 15:46 . 2007-12-25 15:46 <DIR> d-------- C:\Program Files\Sony
2007-12-25 13:15 . 2007-12-26 19:26 <DIR> d-------- C:\Documents and Settings\Administrator\Apps
2007-12-25 00:04 . 2007-12-25 00:04 <DIR> d-------- C:\Program Files\Maxis
2007-12-25 00:04 . 2007-12-25 13:14 534 --a------ C:\WINDOWS\eReg.dat
2007-12-19 15:59 . 2007-12-19 15:59 <DIR> d-------- C:\Program Files\QuickTime
2007-12-19 15:58 . 2007-12-19 15:58 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-19 15:50 . 2007-12-19 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-19 15:31 . 2007-12-28 22:42 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Vista Start Menu
2007-12-15 22:25 . 2007-12-15 22:25 29,184 --a------ C:\WINDOWS\system32\sstunst2.exe
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 15:38 . 2007-12-09 15:38 <DIR> d-------- C:\Program Files\7art
2007-12-09 13:28 . 2007-12-09 13:28 268 --ah----- C:\sqmdata05.sqm
2007-12-09 13:28 . 2007-12-09 13:28 244 --ah----- C:\sqmnoopt05.sqm
2007-12-09 13:25 . 2007-12-09 13:25 268 --ah----- C:\sqmdata04.sqm
2007-12-09 13:25 . 2007-12-09 13:25 244 --ah----- C:\sqmnoopt04.sqm
2007-12-09 00:10 . 2007-12-09 00:10 268 --ah----- C:\sqmdata03.sqm
2007-12-09 00:10 . 2007-12-09 00:10 244 --ah----- C:\sqmnoopt03.sqm
2007-12-08 23:34 . 2007-12-08 23:34 268 --ah----- C:\sqmdata02.sqm
2007-12-08 23:34 . 2007-12-08 23:34 244 --ah----- C:\sqmnoopt02.sqm
2007-12-08 22:42 . 2007-12-08 22:45 <DIR> d-------- C:\Program Files\Vista Buttons Trial
2007-12-08 22:21 . 2007-12-19 15:31 <DIR> d-------- C:\Program Files\Vista Start Menu
2007-12-08 21:48 . 2007-12-08 21:48 137,216 --a------ C:\WINDOWS\epuninstall.exe
2007-12-04 16:08 . 2004-08-10 14:00 716,856 --a--c--- C:\WINDOWS\system32\dllcache\imjpcus.dll
2007-11-30 22:54 . 2007-11-30 22:54 <DIR> d-------- C:\Program Files\Windows Live Favorites

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-29 21:21 --------- d-----w C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\ComcastToolbar
2007-12-28 23:56 --------- d-----w C:\Program Files\Google
2007-12-28 13:00 --------- d-----w C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\AVG7
2007-12-27 19:15 --------- d-----w C:\Program Files\MSN Messenger
2007-12-27 19:03 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-27 17:57 --------- d-----w C:\Program Files\Yahoo!
2007-12-27 16:41 --------- d-----w C:\Program Files\support.com
2007-12-27 02:20 --------- d-----w C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Yahoo!
2007-12-27 02:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-27 00:38 --------- d-----w C:\Program Files\BigFix
2007-12-26 04:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-26 00:19 806 ----a-w C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\wklnhst.dat
2007-12-25 21:49 --------- d-----w C:\Program Files\The Weather Channel FW
2007-12-25 20:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-24 19:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-12-21 18:47 --------- d-----w C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\WeatherBug
2007-12-19 20:50 --------- d-----w C:\Program Files\Apple Software Update
2007-12-09 04:33 --------- d-----w C:\Program Files\Paltalk Messenger
2007-12-09 04:33 --------- d-----w C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\Paltalk
2007-12-01 03:54 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-27 22:34 --------- d-----w C:\Program Files\Keyfinder Advanced 2007 (Trial Version)
2007-11-24 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-11-24 14:34 --------- d-----w C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\skypePM
2007-11-24 03:45 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-21 11:56 12,254,415 ------w C:\avg7qt.dat
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 00:47 --------- d-----w C:\Program Files\Java
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 06:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 06:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 06:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 06:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2006-12-27 02:54 78,432 ----a-w C:\Program Files\MF
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2006-04-07 15:02]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-16 20:17]
"Power2GoExpress"="NA" []
"Microsoft Location Finder"="C:\Program Files\Microsoft Location Finder\LocationFinder.exe" [2006-11-14 12:22]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-09-29 15:22]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"VistaStartMenu"="C:\Program Files\Vista Start Menu\VistaStartMenu.exe" [2007-12-12 06:53]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-14 04:01 C:\WINDOWS\RTHDCPL.exe]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 20:44]
"nwiz"="nwiz.exe" [2005-09-18 10:32 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-10 14:00 C:\WINDOWS\system32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 14:00 C:\WINDOWS\system32\rundll32.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 07:13]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56]
"CHotkey"="zHotkey.exe" [2004-12-08 19:57 C:\WINDOWS\zHotkey.exe]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 18:19 C:\WINDOWS\arpwrmsg.exe]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-14 11:31]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-23 10:15]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 14:49]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-22 13:50]

C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-25 15:46:19]
PowerReg Scheduler V3.exe [2006-12-18 22:15:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner.YOUR-DC3E0B8F38^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner.YOUR-DC3E0B8F38^Start Menu^Programs^Startup^RollerCoaster Tycoon 3_ Wild Registration.lnk]
path=C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Start Menu\Programs\Startup\RollerCoaster Tycoon 3_ Wild Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3_ Wild Registration.lnkStartup


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f7e6734b-27be-11db-b115-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-12-26 21:32:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-12-29 21:56:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
************************************************** ************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-12-29 17:39:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-12-29 17:39:40
C:\ComboFix2.txt ... 2007-12-28 22:27
C:\ComboFix3.txt ... 2007-12-28 12:43
.
2007-12-28 12:45:21 --- E O F ---

You left off part of the log, but I will assume that things are working okay and declare this a done deal... Here is my standard prevention speech:

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please navigate to http://windowsupdate.microsoft.com and download all the "Critical Updates" for Windows. These will patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy (http://www.safer-networking.org/en/download)
A tutorial on using Spybot to remove spyware from your computer may be found here (http://www.bleepingcomputer.com/tutorials/tutorial43.html). Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here (http://www.bleepingcomputer.com/tutorials/tutorial49.html).

SpywareGuard (http://www.javacoolsoftware.com/spywareguard.html)
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here (http://www.bleepingcomputer.com/tutorials/tutorial50.html).

If you use Internet Explorer, it is a good idea to use IE-Spyad (http://www.spywarewarrior.com/uiuc/resource.htm) which provides protections against malicious websites.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here (http://www.mozilla.org/products/firefox/)
Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place (http://forums.spywareinfo.com/index.php?showtopic=60955)

Hopefully these steps will help to keep you error free. :)

Hey Budfred, I talked to kevster16 earlier today via msn, he told me that he was having a problem with media center, not being able to detect .NET Framework, even though automatic updates was on. Would that problem be fixed too? I theorize that it is maleware that is causing the problem, but I never had a problem like that.

^yea i been asking that like 2 times, but our good friend fred doesnt seem to answer regarding this problem.

and once again fred buddy thanks for all your help. :)

^yea i been asking that like 2 times, but our good friend fred doesnt seem to answer regarding this problem.

and once again fred buddy thanks for all your help. :)

Well, 16 ster kev, it would be strangely more likely if you asked the question in a clear way and used a modicum of respect in the process... Also, in case you didn't notice, I have been really focused on trying to clean up the malware, not trying to resolve other issues... I suggest that you start another thread to ask about this issue and that you explain it clearly and in a way that show some respect to the people you are asking for help...