Everytime I google something any of the links get redirected with some smartbizsearch url. I ran Malwarebytes several times and it did delete many problems, not this one. Hopefully someone here can help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:17 AM, on 5/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Clear History\ClearHistory.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1FC80E00-41B0-4F74-BC16-2C83ED49CAC9} - C:\Program Files\Video AX Object\bpvol.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Microsoft MSJava 32 - {43F7497C-7687-4DEA-A057-F21BD81BC896} - C:\WINDOWS\system32\msjava32.dll (file missing)
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Ptipbmf] "rundll32.exe" ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ayomzeurvg] c:\windows\system32\ayomzeurvg.exe -start
O4 - HKLM\..\Run: [dflcgy] c:\windows\system32\dflcgy.exe -start
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VER SIO~2.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Wwuo] C:\Documents and Settings\Owner\Application Data\rsae.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [dflcgy] c:\windows\system32\dflcgy.exe -start
O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe
O4 - HKCU\..\Run: [Webcam Concepts] "C:\Program Files\Webcam Concepts\webcamconcepts.exe" -silent
O4 - HKCU\..\Run: [noskrnl] C:\WINDOWS\noskrnl.exe
O4 - HKCU\..\Run: [ClearHistory] C:\Program Files\Clear History\ClearHistory.exe -hidden
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - S-1-5-18 Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'Default user')

O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: myPrintMileage.lnk = C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.smilecam.com/home/ezwebcam/eng5/common/AXWebMonProj1.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A950FDD6-B8E2-4AF2-9450-829CB6D9D6F7}: NameServer = 213.27.250.7
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12854 bytes

The rest that wouldn't fit.

Please post it all no matter how many posts it takes and post the MBAM logs.

Ok I'll put the MBAM logs but that is all HJT gave me.

MBAM Log from last scan

Malwarebytes' Anti-Malware 1.36
Database version: 2104
Windows 5.1.2600 Service Pack 3

5/16/2009 3:41:49 AM
mbam-log-2009-05-16 (03-41-49).txt

Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 270612
Time elapsed: 48 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\gxvxccounter (Trojan.DNSchanger) -> Quarantined and deleted successfully.

You still have a mess here. Please tell me where you are located. City/State/ Country.

Little Rock, Arkansas, US

Please download ComboFix by sUBs from HERE (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) or HERE (http://subs.geekstogo.com/ComboFix.exe)
You must download it to and run it from your Desktop
Physically disconnect from the internet.
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

ComboFix 09-05-21.03 - Owner 05/22/2009 8:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.580 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\Install.dat
c:\windows\system32\drivers\gxvxcdoevrnskisdxmlpwb pfqrdlyfuirwxwa.sys
c:\windows\system32\drivers\gxvxcrtilrmltivmqpuptx mkkdasxhwroblhy.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcqgrrbvitudjnkoodawahfklki jxujlax.dll
c:\windows\TEMP\slu17cd.tmp\IDS9xx86.dll
c:\windows\TEMP\slu17cd.tmp\IDSviA64.sys
c:\windows\TEMP\slu17cd.tmp\IDSvix86.sys
c:\windows\TEMP\slu17cd.tmp\IDSxpx86.dll
c:\windows\TEMP\slu17cd.tmp\symidsco.sys
c:\windows\TEMP\slu17cd.tmp\SymIDSI.dll
c:\windows\TEMP\slu1a37.tmp\CCERASER.DLL
c:\windows\TEMP\slu1a37.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu1a37.tmp\EECTRL.SYS
c:\windows\TEMP\slu1a37.tmp\ERASER.SYS
c:\windows\TEMP\slu1a37.tmp\NAVENG.SYS
c:\windows\TEMP\slu1a37.tmp\NAVENG32.DLL
c:\windows\TEMP\slu1a37.tmp\NAVEX15.SYS
c:\windows\TEMP\slu1a37.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu1a65.tmp\CCERASER.DLL
c:\windows\TEMP\slu1a65.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu1a65.tmp\EECTRL.SYS
c:\windows\TEMP\slu1a65.tmp\ERASER.SYS
c:\windows\TEMP\slu1a65.tmp\NAVENG.SYS
c:\windows\TEMP\slu1a65.tmp\NAVENG32.DLL
c:\windows\TEMP\slu1a65.tmp\NAVEX15.SYS
c:\windows\TEMP\slu1a65.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu1df4.tmp\CCERASER.DLL
c:\windows\TEMP\slu1df4.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu1df4.tmp\EECTRL.SYS
c:\windows\TEMP\slu1df4.tmp\ERASER.SYS
c:\windows\TEMP\slu1df4.tmp\NAVENG.SYS
c:\windows\TEMP\slu1df4.tmp\NAVENG32.DLL
c:\windows\TEMP\slu1df4.tmp\NAVEX15.SYS
c:\windows\TEMP\slu1df4.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu1e10.tmp\IDS9xx86.dll
c:\windows\TEMP\slu1e10.tmp\IDSviA64.sys
c:\windows\TEMP\slu1e10.tmp\IDSvix86.sys
c:\windows\TEMP\slu1e10.tmp\IDSxpx86.dll
c:\windows\TEMP\slu1e10.tmp\symidsco.sys
c:\windows\TEMP\slu1e10.tmp\SymIDSI.dll
c:\windows\TEMP\slu21e7.tmp\DEFINST.EXE
c:\windows\TEMP\slu21e7.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu21e7.tmp\NAVENG.SYS
c:\windows\TEMP\slu21e7.tmp\NAVENG32.DLL
c:\windows\TEMP\slu21e7.tmp\NAVEX15.SYS
c:\windows\TEMP\slu21e7.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu249a.tmp\CCERASER.DLL
c:\windows\TEMP\slu249a.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu249a.tmp\EECTRL.SYS

c:\windows\TEMP\slu249a.tmp\ERASER.SYS
c:\windows\TEMP\slu249a.tmp\NAVENG.SYS
c:\windows\TEMP\slu249a.tmp\NAVENG32.DLL
c:\windows\TEMP\slu249a.tmp\NAVEX15.SYS
c:\windows\TEMP\slu249a.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu24ba.tmp\CCERASER.DLL
c:\windows\TEMP\slu24ba.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu24ba.tmp\EECTRL.SYS
c:\windows\TEMP\slu24ba.tmp\ERASER.SYS
c:\windows\TEMP\slu24ba.tmp\NAVENG.SYS
c:\windows\TEMP\slu24ba.tmp\NAVENG32.DLL
c:\windows\TEMP\slu24ba.tmp\NAVEX15.SYS
c:\windows\TEMP\slu24ba.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu27bc.tmp\DEFINST.EXE
c:\windows\TEMP\slu27bc.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu27bc.tmp\NAVENG.SYS
c:\windows\TEMP\slu27bc.tmp\NAVENG32.DLL
c:\windows\TEMP\slu27bc.tmp\NAVEX15.SYS
c:\windows\TEMP\slu27bc.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu2922.tmp\CCERASER.DLL
c:\windows\TEMP\slu2922.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu2922.tmp\EECTRL.SYS
c:\windows\TEMP\slu2922.tmp\ERASER.SYS
c:\windows\TEMP\slu2922.tmp\NAVENG.SYS
c:\windows\TEMP\slu2922.tmp\NAVENG32.DLL
c:\windows\TEMP\slu2922.tmp\NAVEX15.SYS
c:\windows\TEMP\slu2922.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu29d9.tmp\CCERASER.DLL
c:\windows\TEMP\slu29d9.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu29d9.tmp\EECTRL.SYS
c:\windows\TEMP\slu29d9.tmp\ERASER.SYS
c:\windows\TEMP\slu29d9.tmp\NAVENG.SYS
c:\windows\TEMP\slu29d9.tmp\NAVENG32.DLL
c:\windows\TEMP\slu29d9.tmp\NAVEX15.SYS
c:\windows\TEMP\slu29d9.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu2a1a.tmp\CCERASER.DLL
c:\windows\TEMP\slu2a1a.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu2a1a.tmp\EECTRL.SYS
c:\windows\TEMP\slu2a1a.tmp\ERASER.SYS
c:\windows\TEMP\slu2a1a.tmp\NAVENG.SYS
c:\windows\TEMP\slu2a1a.tmp\NAVENG32.DLL
c:\windows\TEMP\slu2a1a.tmp\NAVEX15.SYS
c:\windows\TEMP\slu2a1a.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu302a.tmp\CCERASER.DLL
c:\windows\TEMP\slu302a.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu302a.tmp\EECTRL.SYS
c:\windows\TEMP\slu302a.tmp\ERASER.SYS
c:\windows\TEMP\slu302a.tmp\NAVENG.SYS
c:\windows\TEMP\slu302a.tmp\NAVENG32.DLL
c:\windows\TEMP\slu302a.tmp\NAVEX15.SYS
c:\windows\TEMP\slu302a.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu3075.tmp\CCERASER.DLL
c:\windows\TEMP\slu3075.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu3075.tmp\EECTRL.SYS
c:\windows\TEMP\slu3075.tmp\ERASER.SYS
c:\windows\TEMP\slu3075.tmp\NAVENG.SYS
c:\windows\TEMP\slu3075.tmp\NAVENG32.DLL
c:\windows\TEMP\slu3075.tmp\NAVEX15.SYS
c:\windows\TEMP\slu3075.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu48ef.tmp\CCERASER.DLL
c:\windows\TEMP\slu48ef.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu48ef.tmp\EECTRL.SYS
c:\windows\TEMP\slu48ef.tmp\ERASER.SYS
c:\windows\TEMP\slu48ef.tmp\NAVENG.SYS
c:\windows\TEMP\slu48ef.tmp\NAVENG32.DLL
c:\windows\TEMP\slu48ef.tmp\NAVEX15.SYS
c:\windows\TEMP\slu48ef.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu4a28.tmp\CCERASER.DLL
c:\windows\TEMP\slu4a28.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu4a28.tmp\EECTRL.SYS
c:\windows\TEMP\slu4a28.tmp\ERASER.SYS
c:\windows\TEMP\slu4a28.tmp\NAVENG.SYS
c:\windows\TEMP\slu4a28.tmp\NAVENG32.DLL
c:\windows\TEMP\slu4a28.tmp\NAVEX15.SYS
c:\windows\TEMP\slu4a28.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu4f70.tmp\CCERASER.DLL
c:\windows\TEMP\slu4f70.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu4f70.tmp\EECTRL.SYS
c:\windows\TEMP\slu4f70.tmp\ERASER.SYS
c:\windows\TEMP\slu4f70.tmp\NAVENG.SYS
c:\windows\TEMP\slu4f70.tmp\NAVENG32.DLL
c:\windows\TEMP\slu4f70.tmp\NAVEX15.SYS
c:\windows\TEMP\slu4f70.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu6204.tmp\CCERASER.DLL
c:\windows\TEMP\slu6204.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu6204.tmp\EECTRL.SYS
c:\windows\TEMP\slu6204.tmp\ERASER.SYS
c:\windows\TEMP\slu6204.tmp\NAVENG.SYS
c:\windows\TEMP\slu6204.tmp\NAVENG32.DLL
c:\windows\TEMP\slu6204.tmp\NAVEX15.SYS
c:\windows\TEMP\slu6204.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu648a.tmp\CCERASER.DLL
c:\windows\TEMP\slu648a.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu648a.tmp\EECTRL.SYS
c:\windows\TEMP\slu648a.tmp\ERASER.SYS
c:\windows\TEMP\slu648a.tmp\NAVENG.SYS
c:\windows\TEMP\slu648a.tmp\NAVENG32.DLL
c:\windows\TEMP\slu648a.tmp\NAVEX15.SYS
c:\windows\TEMP\slu648a.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu654c.tmp\CCERASER.DLL
c:\windows\TEMP\slu654c.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu654c.tmp\EECTRL.SYS
c:\windows\TEMP\slu654c.tmp\ERASER.SYS
c:\windows\TEMP\slu654c.tmp\NAVENG.SYS
c:\windows\TEMP\slu654c.tmp\NAVENG32.DLL
c:\windows\TEMP\slu654c.tmp\NAVEX15.SYS
c:\windows\TEMP\slu654c.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu6aba.tmp\CCERASER.DLL
c:\windows\TEMP\slu6aba.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu6aba.tmp\EECTRL.SYS
c:\windows\TEMP\slu6aba.tmp\ERASER.SYS
c:\windows\TEMP\slu6aba.tmp\NAVENG.SYS
c:\windows\TEMP\slu6aba.tmp\NAVENG32.DLL
c:\windows\TEMP\slu6aba.tmp\NAVEX15.SYS
c:\windows\TEMP\slu6aba.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu6ade.tmp\CCERASER.DLL
c:\windows\TEMP\slu6ade.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu6ade.tmp\EECTRL.SYS
c:\windows\TEMP\slu6ade.tmp\ERASER.SYS
c:\windows\TEMP\slu6ade.tmp\NAVENG.SYS
c:\windows\TEMP\slu6ade.tmp\NAVENG32.DLL
c:\windows\TEMP\slu6ade.tmp\NAVEX15.SYS
c:\windows\TEMP\slu6ade.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu6b09.tmp\CCERASER.DLL
c:\windows\TEMP\slu6b09.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu6b09.tmp\EECTRL.SYS
c:\windows\TEMP\slu6b09.tmp\ERASER.SYS
c:\windows\TEMP\slu6b09.tmp\NAVENG.SYS
c:\windows\TEMP\slu6b09.tmp\NAVENG32.DLL
c:\windows\TEMP\slu6b09.tmp\NAVEX15.SYS
c:\windows\TEMP\slu6b09.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu6b9c.tmp\CCERASER.DLL
c:\windows\TEMP\slu6b9c.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu6b9c.tmp\EECTRL.SYS
c:\windows\TEMP\slu6b9c.tmp\ERASER.SYS
c:\windows\TEMP\slu6b9c.tmp\NAVENG.SYS
c:\windows\TEMP\slu6b9c.tmp\NAVENG32.DLL
c:\windows\TEMP\slu6b9c.tmp\NAVEX15.SYS
c:\windows\TEMP\slu6b9c.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu6c93.tmp\CCERASER.DLL
c:\windows\TEMP\slu6c93.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu6c93.tmp\EECTRL.SYS
c:\windows\TEMP\slu6c93.tmp\ERASER.SYS
c:\windows\TEMP\slu6c93.tmp\NAVENG.SYS
c:\windows\TEMP\slu6c93.tmp\NAVENG32.DLL
c:\windows\TEMP\slu6c93.tmp\NAVEX15.SYS
c:\windows\TEMP\slu6c93.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu6fbe.tmp\CCERASER.DLL
c:\windows\TEMP\slu6fbe.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu6fbe.tmp\EECTRL.SYS
c:\windows\TEMP\slu6fbe.tmp\ERASER.SYS
c:\windows\TEMP\slu6fbe.tmp\NAVENG.SYS
c:\windows\TEMP\slu6fbe.tmp\NAVENG32.DLL
c:\windows\TEMP\slu6fbe.tmp\NAVEX15.SYS
c:\windows\TEMP\slu6fbe.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu789f.tmp\CCERASER.DLL
c:\windows\TEMP\slu789f.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu789f.tmp\EECTRL.SYS
c:\windows\TEMP\slu789f.tmp\ERASER.SYS
c:\windows\TEMP\slu789f.tmp\NAVENG.SYS
c:\windows\TEMP\slu789f.tmp\NAVENG32.DLL
c:\windows\TEMP\slu789f.tmp\NAVEX15.SYS
c:\windows\TEMP\slu789f.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu7967.tmp\CCERASER.DLL
c:\windows\TEMP\slu7967.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu7967.tmp\EECTRL.SYS
c:\windows\TEMP\slu7967.tmp\ERASER.SYS
c:\windows\TEMP\slu7967.tmp\NAVENG.SYS
c:\windows\TEMP\slu7967.tmp\NAVENG32.DLL
c:\windows\TEMP\slu7967.tmp\NAVEX15.SYS
c:\windows\TEMP\slu7967.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu7995.tmp\CCERASER.DLL
c:\windows\TEMP\slu7995.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu7995.tmp\EECTRL.SYS
c:\windows\TEMP\slu7995.tmp\ERASER.SYS
c:\windows\TEMP\slu7995.tmp\NAVENG.SYS
c:\windows\TEMP\slu7995.tmp\NAVENG32.DLL
c:\windows\TEMP\slu7995.tmp\NAVEX15.SYS
c:\windows\TEMP\slu7995.tmp\NAVEX32A.DLL
c:\windows\TEMP\slu7bd.tmp\CCERASER.DLL
c:\windows\TEMP\slu7bd.tmp\ECMSVR32.DLL
c:\windows\TEMP\slu7bd.tmp\EECTRL.SYS
c:\windows\TEMP\slu7bd.tmp\ERASER.SYS
c:\windows\TEMP\slu7bd.tmp\NAVENG.SYS
c:\windows\TEMP\slu7bd.tmp\NAVENG32.DLL
c:\windows\TEMP\slu7bd.tmp\NAVEX15.SYS
c:\windows\TEMP\slu7bd.tmp\NAVEX32A.DLL

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS
-------\Service_Driver
-------\Service_symavc32


((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.

2009-05-20 19:13 . 2009-05-21 14:42 -------- d-----w c:\program files\Mids Hero Designer
2009-05-19 14:12 . 2009-05-11 13:51 2051864 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-19 14:12 . 2009-05-11 13:51 354584 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-05-19 14:12 . 2009-05-11 13:51 424472 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-19 14:12 . 2009-05-11 13:51 177432 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-19 14:12 . 2009-05-11 13:51 312088 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-19 14:12 . 2009-05-11 13:51 3288344 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-19 14:12 . 2009-05-11 13:51 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-19 14:10 . 2009-05-11 13:50 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-19 14:10 . 2009-05-11 13:50 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-18 14:16 . 2009-05-18 14:16 -------- d-----w c:\program files\Trend Micro
2009-05-18 14:09 . 2009-05-18 14:15 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-13 22:02 . 2009-05-13 22:02 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\NCSoft
2009-05-13 19:38 . 2009-05-22 13:01 -------- d-----w c:\program files\City of Heroes
2009-05-13 02:30 . 2009-05-11 13:51 3399960 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-05-13 02:30 . 2009-05-11 13:51 2302232 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-05-11 17:43 . 2009-05-13 19:31 -------- d-----w c:\program files\EA GAMES
2009-05-10 15:58 . 2009-05-10 15:58 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-05-10 15:56 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-10 15:56 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-10 15:56 . 2009-05-10 15:58 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-10 15:56 . 2009-05-10 15:56 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-10 14:47 . 2009-05-10 14:47 -------- d-----w c:\program files\Bonjour
2009-05-10 14:31 . 2009-05-10 14:31 -------- d-----w c:\program files\resources
2009-05-10 14:31 . 2009-05-10 14:31 -------- d-----w c:\program files\redist
2009-05-10 14:30 . 2009-05-10 14:31 -------- d-----w c:\program files\payloads
2009-05-10 14:30 . 2009-05-10 14:30 -------- d-----w c:\program files\deployment
2009-05-10 14:30 . 2009-05-10 14:30 -------- d-----w c:\program files\Crack
2009-05-10 14:27 . 2009-05-20 14:24 -------- d-----w c:\program files\MagicISO
2009-05-05 12:00 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-05-05 12:00 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-05-05 12:00 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-05-05 12:00 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-05-05 12:00 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-05-05 12:00 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-05-05 12:00 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-05-05 12:00 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-05 12:00 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-05-05 12:00 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-05-22 13:59 . 2008-10-18 13:32 -------- d-----w c:\program files\DNA
2009-05-22 13:59 . 2008-10-18 13:32 -------- d-----w c:\documents and settings\Owner\Application Data\DNA
2009-05-22 13:29 . 2006-10-08 03:19 -------- d-----w c:\documents and settings\Owner\Application Data\BitTorrent
2009-05-18 14:15 . 2004-10-23 01:02 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-13 19:31 . 2004-10-22 22:26 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-11 13:51 . 2008-05-25 13:56 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-11 13:51 . 2008-05-25 13:56 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-11 13:51 . 2008-04-05 00:31 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-11 13:51 . 2008-05-25 13:56 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-10 14:47 . 2005-11-13 23:59 -------- d-----w c:\program files\Common Files\Adobe
2009-05-09 16:08 . 2008-05-25 13:56 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-03 16:49 . 2008-09-18 16:34 -------- d-----w c:\program files\Celtx
2009-04-08 13:31 . 2006-10-28 04:47 -------- d-----w c:\program files\Java
2009-04-08 13:29 . 2009-04-08 13:29 152576 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-07 13:49 . 2009-03-05 14:19 -------- d-----w c:\documents and settings\Owner\Application Data\U3
2009-03-24 13:08 . 2009-03-24 13:08 57344 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-69950ec9-n\Decora-SSE.dll
2009-03-24 13:08 . 2009-03-24 13:08 24064 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-7bf61411-n\Decora-D3D.dll
2009-03-24 13:08 . 2009-03-24 13:08 499712 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-65b25e92-n\msvcp71.dll
2009-03-24 13:08 . 2009-03-24 13:08 499712 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-65b25e92-n\jmc.dll
2009-03-24 13:08 . 2009-03-24 13:08 348160 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-65b25e92-n\msvcr71.dll
2009-03-21 01:08 . 2005-10-03 02:41 98304 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-10 12:32 . 2009-03-10 12:32 57344 -c--a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\37\3976f065-2c6f1f75-n\Decora-SSE.dll
2009-03-10 12:32 . 2009-03-10 12:32 315392 -c--a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-4cc0c20f-n\jogl.dll
2009-03-10 12:32 . 2009-03-10 12:32 24064 -c--a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\37\2c4a0065-28949f33-n\Decora-D3D.dll
2009-03-10 12:32 . 2009-03-10 12:32 20480 -c--a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-4cc0c20f-n\jogl_awt.dll
2009-03-10 12:32 . 2009-03-10 12:32 114688 -c--a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-4cc0c20f-n\jogl_cg.dll
2009-03-10 12:32 . 2009-03-10 12:32 20480 -c--a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-3cacfe32-n\gluegen-rt.dll
2009-03-10 12:32 . 2009-03-10 12:32 503808 -c--a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-130350f1-n\msvcp71.dll
2009-03-10 12:32 . 2009-03-10 12:32 499712 -c--a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-130350f1-n\jmc.dll
2009-03-10 12:32 . 2009-03-10 12:32 348160 -c--a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-130350f1-n\msvcr71.dll
2009-03-10 12:30 . 2009-03-10 12:30 152576 -c--a-w c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-09 10:19 . 2008-11-24 23:39 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2003-03-31 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-12-08 00:37 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-21 16:50 . 2009-02-21 16:50 4096 ----a-w c:\windows\system32\drivers\nocashio.sys
2008-03-25 03:14 . 2008-03-25 03:14 511690 ----a-w c:\program files\WinBootstrapper1.cab
2008-03-25 03:12 . 2008-03-25 03:12 1823744 ----a-w c:\program files\WinBootstrapper.msi
2008-03-25 03:02 . 2008-03-25 03:02 495 ----a-w c:\program files\Info.txt
2006-09-29 19:34 . 2006-09-29 19:34 8 --sh--r c:\windows\system32\6745941848.sys

2006-09-29 19:48 . 2006-09-29 19:34 2516 -csha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ClearHistory"="c:\program files\Clear History\ClearHistory.exe" [2007-08-16 1201152]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2004-11-07 675840]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"EnvyHFCPL"="c:\program files\Turtle Beach Catalina\EnMixCPL.exe" [2004-02-23 1757696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-03-01 15872]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-11 1947928]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Ptipbmf"="ptipbmf.dll" - c:\windows\system32\ptipbmf.dll [2003-06-20 118784]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-7-14 344064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-10-22 184320]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
myPrintMileage.lnk - c:\program files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe [2006-4-7 98304]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-2-14 389120]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-11 13:51 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]SsiEfr.e\[u]0[/u]lsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager .exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"6667:TCP"= 6667:TCP:IRC
"3783:TCP"= 3783:TCP:Voice Chat Port
"27900:TCP"= 27900:TCP:Master Server UDP Heartbeat
"28900:TCP"= 28900:TCP:Master Server List Request
"29900:TCP"= 29900:TCP:GP Connection Manager
"29901:TCP"= 29901:TCP:GP Search Manager
"13139:TCP"= 13139:TCP:Custom UDP Pings
"6515:TCP"= 6515:TCP:Dplay UDP
"6500:TCP"= 6500:TCP:Query Port
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [7/5/2006 7:46 AM 63352]
R0 viasraid;viasraid;c:\windows\system32\drivers\vias raid.sys [12/12/2003 10:49 AM 77312]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/25/2008 8:56 AM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/25/2008 8:56 AM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/4/2008 9:45 AM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/4/2008 9:45 AM 298776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/24/2008 1:04 PM 24652]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [12/6/2007 12:07 AM 390464]
S0 yinu;yinu;c:\windows\system32\drivers\medeykv.sys --> c:\windows\system32\drivers\medeykv.sys [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016]
S3 gel90xne;gel90xne;\??\c:\docume~1\Owner\LOCALS~1\T emp\gel90xne.sys --> c:\docume~1\Owner\LOCALS~1\Temp\gel90xne.sys [?]
S3 HPZs2k12;Storage Class Driver for IEEE-1284.4 (HPZ12);c:\windows\system32\drivers\HPZs2k12.sys [4/7/2006 6:00 PM 49944]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1FC80E00-41B0-4F74-BC16-2C83ED49CAC9} - c:\program files\Video AX Object\bpvol.dll
BHO-{43F7497C-7687-4DEA-A057-F21BD81BC896} - c:\windows\system32\msjava32.dll
HKCU-Run-Wwuo - c:\documents and settings\Owner\Application Data\rsae.exe
HKCU-Run-dflcgy - c:\windows\system32\dflcgy.exe
HKCU-Run-IMC - c:\program files\FriendFinder\FriendFinder Messenger 30\imc.exe
HKCU-Run-Webcam Concepts - c:\program files\Webcam Concepts\webcamconcepts.exe
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-ayomzeurvg - c:\windows\system32\ayomzeurvg.exe
HKLM-Run-dflcgy - c:\windows\system32\dflcgy.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.comcast.net/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:8080
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {A950FDD6-B8E2-4AF2-9450-829CB6D9D6F7} = 213.27.250.7
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} - hxxp://www.smilecam.com/home/ezwebcam/eng5/common/AXWebMonProj1.cab
DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - hxxp://secure2.comned.com/signuptemplates/securelogin-devel.cab
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-22 09:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-57989841-583907252-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Exp lorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-57989841-583907252-725345543-1003\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{8C02A3ED-9CFC-CEDD-AD06-234DFBA2257F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaopophdnaponohmohpcknjhfnfaea"=hex:6a,61,64,67,70,6d,6b,68,6a,6b,69,66,64,63,
6c,61,65,6d,6d,61,00,f5
"naeomnmnoflmjgpggkaoedaialcc"=hex:6a,61,64,67,70,6d,6b,68,6a,6b,69,66,64,63,
6c,61,65,6d,6d,61,00,f5

[HKEY_USERS\S-1-5-21-57989841-583907252-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1d,26,67,b5,e8,e4,38,36,2e,b5,ad,44,8a,09,00, 12,ad,ab,cd,26,3c,7e,cf,
d0,3f,08,fa,f5,cf,aa,58,5b,79,b6,28,f3,ff,9c,92,a2 ,7e,e9,69,15,93,b3,ed,f3,\
"??"=hex:08,c4,58,b4,05,d4,51,91,5b,4c,bc,0d,e9,dc,a1, e8

[HKEY_USERS\S-1-5-21-57989841-583907252-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:a7,cb,d3,04,ab,bd,8f,8f,56,2f,2d,ee,d6,34,44, 77,20,80,28,ef,0f,
ea,3c,dc,3a,f7,22,c8,15,90,30,08,78,9e,ca,61,26,be ,ca,bd,ee,84,19,23,28,1a,\
"rkeysecu"=hex:ff,fa,e0,1b,51,ec,9a,83,9c,c0,37,98,d6,ec,6d, 0c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(1076)
c:\progra~1\WINDOW~2\wmpband.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\WinZip\WZQKPICK.EXE
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2009-05-22 9:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-22 14:07

Pre-Run: 103,005,159,424 bytes free
Post-Run: 102,965,673,984 bytes free

504

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:41 AM, on 5/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Clear History\ClearHistory.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Ptipbmf] "rundll32.exe" ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VER SIO~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ClearHistory] C:\Program Files\Clear History\ClearHistory.exe -hidden
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - S-1-5-18 Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: myPrintMileage.lnk = C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - [url]http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab[/url]
O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - [url]http://www.smilecam.com/home/ezwebcam/eng5/common/AXWebMonProj1.cab[/url]
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [url]http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab[/url]
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - [url]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab[/url]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [url]http://lads.myspace.com/upload/MySpaceUploader1006.cab[/url]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url]http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab[/url]
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - [url]http://upload.facebook.com/controls/FacebookPhotoUploader3.cab[/url]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [url]http://upload.facebook.com/controls/FacebookPhotoUploader.cab[/url]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url]
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - [url]http://imlive.com/chatsource/ImlCID.cab[/url]
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - [url]http://secure2.comned.com/signuptemplates/securelogin-devel.cab[/url]
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - [url]http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{A950FDD6-B8E2-4AF2-9450-829CB6D9D6F7}: NameServer = 213.27.250.7
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11554 bytes

Please give me a new HJT log and tell me how the system is running.

By god I think the man is a genius. Not a single redirected link! I'm guessing my baby was in worse shape than I thought she was, guessing from the size of the first log?