Dear Chris:
I appreciate your help so much. Can you please look at these logs and tell me what you think? I wasn't able to find all the files that you said to find (I'm hoping that means the combo fix got rid of some of them).
Thank you for looking at this for me:
ComboFix 08-04-22.5 - Owner 2008-04-24 21:49:48.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.455 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\madara\Application Data\ShoppingReport
C:\Documents and Settings\madara\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\madara\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\madara\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\madara\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\madara\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\madara\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\madara\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\WINDOWS\system32\nsr1EB3.dll
C:\winlogon.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-03-25 to 2008-04-25 )))))))))))))))))))))))))))))))
.
2008-04-24 12:25 . 2008-04-24 12:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-18 19:33 . 2008-04-18 19:33 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-18 19:33 . 2008-04-18 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-18 10:39 . 2008-04-18 10:39 80,121 --a------ C:\WINDOWS\system32\adzgalore-remove.exe
2008-04-18 10:39 . 2008-04-18 10:40 63,892 --a------ C:\WINDOWS\system32\{2e078b9e-52cf-da35-0006-e039d4be5175}.dll-uninst.exe
2008-04-16 08:34 . 2008-04-18 11:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-16 08:34 . 2008-04-16 08:34 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-08 07:19 . 2008-04-08 07:19 329,216 --a------ C:\WINDOWS\system32\{2e078b9e-52cf-da35-0006-e039d4be5175}.dll
2008-04-05 18:15 . 2008-04-05 18:15 <DIR> d-------- C:\Program Files\eSnips
2008-04-05 18:14 . 2008-04-05 18:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-05 13:51 . 2008-04-05 13:51 <DIR> d-------- C:\Documents and Settings\madara\Application Data\Apple Computer
2008-04-05 13:28 . 2008-04-05 14:50 <DIR> d-------- C:\Documents and Settings\madara\Application Data\LimeWire
2008-04-05 13:10 . 2006-07-01 00:30 <DIR> d-------- C:\Documents and Settings\madara\WINDOWS
2008-04-05 13:10 . 2007-11-09 23:13 <DIR> d-------- C:\Documents and Settings\madara\Application Data\Symantec
2008-04-05 13:10 . 2008-04-06 13:56 <DIR> d-------- C:\Documents and Settings\madara\Application Data\Spare Backup
2008-04-05 13:10 . 2007-11-09 23:11 <DIR> d-------- C:\Documents and Settings\madara\Application Data\SampleView
2008-04-05 13:10 . 2008-04-06 22:08 <DIR> d-------- C:\Documents and Settings\madara
2008-04-05 13:10 . 2008-04-24 21:49 1,024 --ah----- C:\Documents and Settings\madara\ntuser.dat.LOG
2008-04-04 19:10 . 2008-04-04 19:10 <DIR> d-------- C:\Program Files\Photodex Presenter
2008-04-04 19:10 . 2008-04-04 19:10 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Netscape
2008-04-01 21:37 . 2008-04-01 21:37 86 --a------ C:\WINDOWS\cdplayer.ini
2008-03-31 14:08 . 2008-03-31 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-03-29 12:21 . 2008-03-29 12:21 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-03-28 13:00 . 2008-03-30 16:28 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-03-27 00:03 . 2008-03-27 00:03 419 --a------ C:\WINDOWS\BRWMARK.INI
2008-03-27 00:03 . 2008-03-27 00:03 184 --a------ C:\WINDOWS\system32\brsvc01a.bsi
2008-03-27 00:03 . 2008-03-27 00:03 30 --a------ C:\WINDOWS\system32\brss01a.ini
2008-03-27 00:03 . 2008-03-27 00:03 27 --a------ C:\WINDOWS\BRPP2KA.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 02:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-25 02:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-24 22:38 2,578 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-04-24 20:55 --------- d-----w C:\Program Files\DocQscribe
2008-04-24 16:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\Spare Backup
2008-04-18 15:49 --------- d-----w C:\Program Files\Google
2008-04-18 15:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-04-09 08:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-23 13:32 --------- d-----w C:\Program Files\QuickTime
2008-03-23 13:31 --------- d-----w C:\Program Files\Apple Software Update
2008-03-23 13:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-23 13:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-03-22 02:06 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-22 02:05 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-03-22 02:05 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-22 02:05 --------- d-----w C:\Program Files\Real
2008-03-22 02:05 --------- d-----w C:\Program Files\Common Files\Real
2008-03-20 02:23 --------- d-----w C:\Documents and Settings\Owner\Application Data\Move Networks
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 16:32 --------- d-----w C:\Program Files\OneStepSearch
2008-03-17 16:27 --------- d-----w C:\Program Files\Yahoo!
2008-03-17 16:27 --------- d-----w C:\Program Files\GamingSquared
2008-03-17 16:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\GamingSquared
2008-03-16 09:45 --------- d-----w C:\Program Files\NCH Software
2008-03-16 09:44 --------- d-----w C:\Program Files\NCH Swift Sound
2008-03-15 05:04 --------- d-----w C:\Program Files\WiFiConnector
2008-03-15 01:21 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-03-15 01:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
2008-03-15 00:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-03-14 07:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-11 18:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\DocQscribe
2008-03-11 18:24 --------- d-----w C:\Program Files\Common Files\Philips Speech Shared
2008-03-10 02:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-10 01:37 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-10 01:33 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-10 01:33 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-10 01:33 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-10 01:33 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-10 01:33 --------- d-----w C:\Program Files\Symantec
2008-03-09 22:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-03-09 20:56 --------- d-----w C:\Documents and Settings\Owner\Application Data\Template
2008-03-09 17:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSNInstaller
2008-03-07 02:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 02:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 02:32 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-11-10 04:36 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 23:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-09 20:33 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{742db8cf-0363-25ef-d935-2c798ca84003}]
2008-04-08 07:19 329216 --a------ C:\WINDOWS\system32\{2e078b9e-52cf-da35-0006-e039d4be5175}.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{971F630E-AD68-4d6e-B0C3-1C627AAC80F1}]
2008-03-03 18:26 635392 --a------ C:\Program Files\GamingSquared\Gaming2\G2IE_v1042.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 23:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 23:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 19:43 4670704]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-31 02:35 7634944]
"nwiz"="nwiz.exe" [2006-10-31 02:35 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-31 02:35 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 02:20 16844800 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-08-03 01:22 1826816 C:\WINDOWS\SkyTel.exe]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 18:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-11-29 15:22 58928]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 13:01 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 00:53 714608]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 19:04 2348584]
"Spare Backup"="C:\Program Files\Spare Backup\SpareBackup.exe" [2007-07-13 19:19 5252936]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 00:16 39792]
"G2"="C:\Program Files\GamingSquared\Gaming2\G2.exe" [2008-03-03 18:26 1215664]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-21 21:05 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"ClientGW"="" []
"eSnips"="" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2007-11-09 23:14:13 2348584]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2008-03-15 00:04:41 1073152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"msacm.smcelp32"= smcelp32.acm
"pspctrlc"= pspusbct.dll
"pspctrld"= pspveccomm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
R0 nvgts;nvgts;C:\WINDOWS\system32\DRIVERS\NVGTS.SYS [2007-08-08 22:11]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 05:27]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 04:28]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 21:10]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe" [2007-08-29 16:58]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5229887d-8f3f-11dc-8e1c-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 20:33:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-22 02:02:11 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-24 21:51:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-24 21:52:37
ComboFix-quarantined-files.txt 2008-04-25 02:52:34
Pre-Run: 142,890,594,304 bytes free
Post-Run: 143,471,874,048 bytes free
210 --- E O F --- 2008-04-09 08:02:52
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:58 PM, on 4/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\GamingSquared\Gaming2\G2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.gateway.com/g/startpage.html?Ch...DTP&M=W3644O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {742db8cf-0363-25ef-d935-2c798ca84003} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (Gaming)2 - {971F630E-AD68-4d6e-B0C3-1C627AAC80F1} - C:\Program Files\GamingSquared\Gaming2\G2IE_v1042.dll
O2 - BHO: (no name) - {994B5FB4-0103-44A6-B6B3-C73572B362BC} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [G2] "C:\Program Files\GamingSquared\Gaming2\G2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) -
http://www.photodex.com/pxplay.cabO16 - DPF: {D9E4E21E-60E0-11DA-91EB-00123F33E209} -
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 8550 bytes
Here is my log (I hope you can understand it!)
