For the last few days I have been experiencing problems with a virus. I have a blinking red triangle in my system tray that leads to pop-ups such as: Drive Cleaner, Error Safe, Privacy Protector, Spyware &Malware Protector.

I have used Norton Anti-Virus, XoftSE, SpyNoMOre, NoAdware, Malware Bot, and Registry Fix. Nothing will remove this!!!

I have a hjt log file if someone is willing to view it! Again, Please help!

Post your hjt log please.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:24:33 PM, on 5/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\Eric King\My Documents\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [MalwareBot] C:\Program Files\MalwareBot\MalwareBot.exe -boot
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/re...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/i...
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: msdns - {2568C402-C2D6-4E66-8BF8-3FA099DFDE44} - C:\WINDOWS\msdns.dll
O21 - SSODL: iedns - {C5FAD1E0-E992-43AF-B784-A62B5457A531} - C:\WINDOWS\iedns.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12575 bytes

Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.

!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!

Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

SmitFraudFix v2.179

Scan done at 19:34:27.51, Thu 05/10/2007
Run from C:\Documents and Settings\Eric King\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\IE7-WindowsXP-x86-enu.exe
c:\f991393a653e1a67f889\update\iesetup.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
c:\f991393a653e1a67f889\update\update.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\iedns.dll FOUND !
C:\WINDOWS\msdns.dll FOUND !
C:\WINDOWS\msdn32.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Eric King

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Eric King\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ERICKI~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\ERICKI~1\Desktop\Error Cleaner.url FOUND !
C:\DOCUME~1\ERICKI~1\Desktop\Privacy Protector.url FOUND !
C:\DOCUME~1\ERICKI~1\Desktop\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Dell Wireless 1390 WLAN Mini-Card - Packet Scheduler Miniport
DNS Server Search Order: 72.240.13.6
DNS Server Search Order: 72.240.13.5
DNS Server Search Order: 72.240.1.205

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7A6F5B93-A483-4CB2-8A92-15CFAF5D8818}: DhcpNameServer=72.240.13.6 72.240.13.5 72.240.1.205
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7A6F5B93-A483-4CB2-8A92-15CFAF5D8818}: DhcpNameServer=72.240.13.6 72.240.13.5 72.240.1.205
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7A6F5B93-A483-4CB2-8A92-15CFAF5D8818}: DhcpNameServer=72.240.13.6 72.240.13.5 72.240.1.205
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=72.240.13.6 72.240.13.5 72.240.1.205
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=72.240.13.6 72.240.13.5 72.240.1.205
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=72.240.13.6 72.240.13.5 72.240.1.205

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Once in Safe Mode, open the "SmitfraudFix" folder again and double-click "smitfraudfix.cmd"
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing " Y " and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if "wininet.dll " is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing "Y" and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt.

Please download ComboFix to the desktop from this link:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

Please post the log it produces.

Here is my log file for the smitfraud cleaning process. i am working on the combofix downlaod as we speak.

SmitFraudFix v2.179

Scan done at 20:02:30.75, Thu 05/10/2007
Run from C:\Documents and Settings\Eric King\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\iedns.dll Deleted
C:\WINDOWS\msdns.dll Deleted
C:\WINDOWS\msdn32.dll Deleted
C:\DOCUME~1\ERICKI~1\Desktop\Error Cleaner.url Deleted
C:\DOCUME~1\ERICKI~1\Desktop\Privacy Protector.url Deleted
C:\DOCUME~1\ERICKI~1\Desktop\Spyware?Malware Protection.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7A6F5B93-A483-4CB2-8A92-15CFAF5D8818}: DhcpNameServer=72.240.13.6 72.240.13.5 72.240.1.205
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7A6F5B93-A483-4CB2-8A92-15CFAF5D8818}: DhcpNameServer=72.240.13.6 72.240.13.5 72.240.1.205
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7A6F5B93-A483-4CB2-8A92-15CFAF5D8818}: DhcpNameServer=72.240.13.6 72.240.13.5 72.240.1.205
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=72.240.13.6 72.240.13.5 72.240.1.205
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=72.240.13.6 72.240.13.5 72.240.1.205
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=72.240.13.6 72.240.13.5 72.240.1.205

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Here is the log file from the ComboFix process.

"Eric King" - 2007-05-10 20:14:23 Service Pack 2
ComboFix 07-05.09.V - Running from: "C:\Documents and Settings\Eric King\Desktop\"

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-10 ))))))))))))))))))))))))))))))))))

2007-05-10 19:34 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-05-10 19:34 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-05-10 19:34 3,572 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-10 19:34 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-05-10 00:43 1,308,216 --a------ C:\Program Files\HiJackThis_v2.exe
2007-05-09 17:04 <DIR> d-------- C:\WINDOWS\Prefetch
2007-05-09 16:36 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-05-09 16:36 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-05-09 15:40 <DIR> d-------- C:\WINDOWS\setup.pss
2007-05-09 14:48 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-05-09 12:45 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-05-09 12:23 <DIR> d-------- C:\WINDOWS\dell
2007-05-09 10:41 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-05-09 10:40 <DIR> d-------- C:\Program Files\SpyNoMore
2007-05-09 04:26 <DIR> d-------- C:\Program Files\MalwareBot
2007-05-09 03:48 <DIR> d-------- C:\WINDOWS\McAfee.com
2007-05-09 03:14 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-08 21:51 <DIR> d-------- C:\Program Files\XoftSpySE
2007-05-08 18:17 <DIR> d-------- C:\WINDOWS\pss
2007-05-08 17:57 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-05-08 16:25 <DIR> d-------- C:\Program Files\CheckIt
2007-05-08 16:12 <DIR> d-------- C:\Program Files\Norton SystemWorks
2007-05-08 03:53 <DIR> d-------- C:\DOCUME~1\ERICKI~1\NSW2006
2007-05-07 15:45 <DIR> d-------- C:\Program Files\NoAdware5.0
2007-05-07 01:58 81,924 --a------ C:\WINDOWS\system32\msorcl32.exe
2007-04-21 15:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-04-18 10:37 <DIR> d-------- C:\Downloads

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-10 23:54:42 -------- d-----w C:\Program Files\Norton Internet Security
2007-05-10 05:03:26 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-09 20:49:20 34,380 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-05-09 18:49:05 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-05-09 14:28:46 -------- d-----w C:\Program Files\Yahoo!
2007-05-09 14:26:44 -------- d-----w C:\Program Files\MySpace
2007-05-09 06:27:22 -------- d-----w C:\Program Files\EarthLink Setup
2007-05-08 21:55:00 -------- d-----w C:\Program Files\Common Files\AOL
2007-05-08 21:54:44 -------- d-----w C:\DOCUME~1\ERICKI~1\APPLIC~1\AOL
2007-05-08 20:40:16 -------- d-----w C:\DOCUME~1\ERICKI~1\APPLIC~1\Symantec
2007-05-08 20:24:01 -------- d-----w C:\Program Files\Symantec
2007-05-08 20:23:59 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-05-08 20:23:59 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-03-28 22:51:54 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-03-28 22:51:52 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-03-28 22:51:48 189,584 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-03-28 22:51:42 24,208 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-03-28 22:51:36 31,888 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-03-28 22:51:32 28,304 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-03-28 22:51:26 97,936 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-03-28 22:51:20 12,944 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-03-28 07:31:41 -------- d-----w C:\DOCUME~1\ERICKI~1\APPLIC~1\MySpace
2007-03-22 05:24:15 -------- d-----w C:\Program Files\RegistryFix
2007-03-20 16:12:33 -------- d-----w C:\Program Files\Google
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-08 17:54:45 4,895 ----a-w C:\WINDOWS\mozver.dat
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"="C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll"
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}"="C:\Program Files\Yahoo!\Common\yiesrvc.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll"
"{9ECB9560-04F9-4bbc-943D-298DDF1699E1}"="C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll"
"{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}"="C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll"
"{AA58ED58-01DD-4d91-8333-CF10577473F7}"="c:\program files\google\googletoolbar2.dll"
"{CA6319C0-31B7-401E-A518-A07C3DB8F777}"="C:\Program Files\BAE\BAE.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"MalwareBot"="C:\\Program Files\\MalwareBot\\MalwareBot.exe -boot"
"SNM"="C:\\Program Files\\SpyNoMore\\SNM.exe /startup"
"SigmatelSysTrayApp"="stsystra.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ModemOnHold"="C:\\Program Files\\NetWaiting\\netWaiting.exe"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
WudfServiceGroup WUDFSvc\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
Shell\AutoRun\command E:\setup.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Eric King.job
C:\WINDOWS\tasks\norton system scan.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec Drmc.job
C:\WINDOWS\tasks\XoftSpySE 2.job
C:\WINDOWS\tasks\XoftSpySE.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-10 20:16:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 2007-05-10 20:16:48
C:\ComboFix-quarantined-files.txt ... 2007-05-10 20:16

It appears that everything is fine now. AMAZING!!!

Could you please give me a good description of what happened to my computer and how you fixed it?

Also, in your opinion, what programs should I be running to protect my computer?

Thank you so much for your help!!!

Because your java is out of date.

Navigate to and delete these folders, if they want delete in normal reboot into safe mode and delete them:

C:\Documents and Settings\All Users\Application Date\Trymedia

C:\Program Files\BAE

If C:\Program Files\BAE does not exist do the following:

Open notepad (Start Menu > Run > Type notepad and press "ok".

Copy and paste everything into notepad between the x's making regedit4 the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] "{CA6319C0-31B7-401E-A518-A07C3DB8F777}"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.

Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.

Download the latest version of http://java.sun.com/javase/downloads/index.jsp

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".

Click the "Download" button to the right.

Check the box that says: "Accept License Agreement". The page will refresh.

Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Close any programs you may have running - especially your web browser.

Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.

Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.

Reboot your computer once all Java components are removed

. Then from your desktop double-click on jre-1_6_0-windowsi586-p.exe to install the newest version.

Then go through this cleanuo procedure.

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode

Download and install AVG Anti-Spyware We will need this later in safe mode

Be sure to update AVG Anti- Spyware

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next, please reboot your computer in Safe Mode.

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.

AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.

Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Post the AVG AntiSpywarw report and a new Hijack This log please.

AVG Anti-Spyware - Scan Report

+ Created at: 11:24:18 PM 5/10/2007

+ Scan result:

C:\Program Files\SpyNoMore\SNM.exe -> Adware.SpyNoMore : Cleaned.
C:\Program Files\SpyNoMore\snmIeGuard.dll -> Adware.SpyNoMore : Cleaned.
C:\WINDOWS\system32\msorcl32.exe -> Not-A-Virus.Hoax.Win32.Renos.fn : Cleaned.
:mozilla.10:C:\RECYCLER\NPROTECT\00000017.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\RECYCLER\NPROTECT\00000003.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00000003.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00000009.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\RECYCLER\NPROTECT\00001260.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\RECYCLER\NPROTECT\00001430.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00001260.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\RECYCLER\NPROTECT\00001430.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00001260.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\RECYCLER\NPROTECT\00001430.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\RECYCLER\NPROTECT\00001439.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\RECYCLER\NPROTECT\00001439.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\RECYCLER\NPROTECT\00001442.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\RECYCLER\NPROTECT\00001439.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\RECYCLER\NPROTECT\00001442.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\RECYCLER\NPROTECT\00001442.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\Eric King\Application Data\Mozilla\Firefox\Profiles\3p83hse8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00001447.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\RECYCLER\NPROTECT\00001453.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\Eric King\Application Data\Mozilla\Firefox\Profiles\3p83hse8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00001447.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\RECYCLER\NPROTECT\00001453.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\Eric King\Application Data\Mozilla\Firefox\Profiles\3p83hse8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\RECYCLER\NPROTECT\00001447.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\RECYCLER\NPROTECT\00001453.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT\00000007.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT\00000012.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT\00000015.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT\00000019.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT\00001255.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT\00001264.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT\00001267.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT\00001425.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT\00000007.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT\00000009.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT\00000012.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT\00000015.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT\00000019.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT\00001255.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT\00001264.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT\00001267.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\RECYCLER\NPROTECT\00001425.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT\00000009.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT\00000012.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT\00000015.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT\00000017.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT\00000019.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT\00001255.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT\00001264.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT\00001267.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT\00001425.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\RECYCLER\NPROTECT\00000017.MOZ -> TrackingCookie.2o7 : Cleaned.
:mozilla.109:C:\RECYCLER\NPROTECT\00000001.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.110:C:\RECYCLER\NPROTECT\00000001.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.111:C:\RECYCLER\NPROTECT\00000003.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.111:C:\RECYCLER\NPROTECT\00000007.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.112:C:\RECYCLER\NPROTECT\00000003.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.112:C:\RECYCLER\NPROTECT\00000007.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.112:C:\RECYCLER\NPROTECT\00000009.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.112:C:\RECYCLER\NPROTECT\00000012.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.112:C:\RECYCLER\NPROTECT\00000015.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.112:C:\RECYCLER\NPROTECT\00000017.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.112:C:\RECYCLER\NPROTECT\00000019.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.112:C:\RECYCLER\NPROTECT\00001255.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.112:C:\RECYCLER\NPROTECT\00001260.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.112:C:\RECYCLER\NPROTECT\00001264.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.112:C:\RECYCLER\NPROTECT\00001267.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.112:C:\RECYCLER\NPROTECT\00001425.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.112:C:\RECYCLER\NPROTECT\00001430.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.113:C:\RECYCLER\NPROTECT\00000009.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.113:C:\RECYCLER\NPROTECT\00000012.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.113:C:\RECYCLER\NPROTECT\00000015.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.113:C:\RECYCLER\NPROTECT\00000017.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.113:C:\RECYCLER\NPROTECT\00000019.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.113:C:\RECYCLER\NPROTECT\00001255.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.113:C:\RECYCLER\NPROTECT\00001260.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.113:C:\RECYCLER\NPROTECT\00001264.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.113:C:\RECYCLER\NPROTECT\00001267.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.113:C:\RECYCLER\NPROTECT\00001425.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.113:C:\RECYCLER\NPROTECT\00001430.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.116:C:\Documents and Settings\Eric King\Application Data\Mozilla\Firefox\Profiles\3p83hse8.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.116:C:\RECYCLER\NPROTECT\00001439.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.117:C:\Documents and Settings\Eric King\Application Data\Mozilla\Firefox\Profiles\3p83hse8.default\cookies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.117:C:\RECYCLER\NPROTECT\00001439.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.117:C:\RECYCLER\NPROTECT\00001442.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.117:C:\RECYCLER\NPROTECT\00001447.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.117:C:\RECYCLER\NPROTECT\00001453.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.118:C:\RECYCLER\NPROTECT\00001442.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.118:C:\RECYCLER\NPROTECT\00001447.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.118:C:\RECYCLER\NPROTECT\00001453.MOZ -> TrackingCookie.Real : Cleaned.
:mozilla.11:C:\Documents and Settings\Eric King\Application Data\Mozilla\Firefox\Profiles\3p83hse8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.11:C:\RECYCLER\NPROTECT\00001453.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00001442.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00001447.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00001439.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00000009.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00000012.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.17:C:\RECYCLER\NPROTECT\00000015.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.26:C:\RECYCLER\NPROTECT\00001430.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.28:C:\RECYCLER\NPROTECT\00000003.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT\00000017.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT\00000019.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.29:C:\RECYCLER\NPROTECT\00001255.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.34:C:\RECYCLER\NPROTECT\00001260.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.6:C:\RECYCLER\NPROTECT\00000001.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.8:C:\RECYCLER\NPROTECT\00000007.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.9:C:\RECYCLER\NPROTECT\00001264.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.9:C:\RECYCLER\NPROTECT\00001267.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.9:C:\RECYCLER\NPROTECT\00001425.MOZ -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.48:C:\RECYCLER\NPROTECT\00000001.MOZ -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00000003.MOZ -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.50:C:\RECYCLER\NPROTECT\00000007.MOZ -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00000009.MOZ -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00000012.MOZ -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00000015.MOZ -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00000017.MOZ -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00000019.MOZ -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00001255.MOZ -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00001260.MOZ -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00001264.MOZ -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00001267.MOZ -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00001425.MOZ -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.51:C:\RECYCLER\NPROTECT\00001430.MOZ -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.55:C:\Documents and Settings\Eric King\Application Data\Mozilla\Firefox\Profiles\3p83hse8.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.55:C:\RECYCLER\NPROTECT\00001439.MOZ -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00001442.MOZ -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00001447.MOZ -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.56:C:\RECYCLER\NPROTECT\00001453.MOZ -> TrackingCookie.Webtrendslive : Cleaned.

::Report end

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:34:59 PM, on 5/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\Eric King\My Documents\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (file missing)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [MalwareBot] C:\Program Files\MalwareBot\MalwareBot.exe -boot
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/re...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/i...
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12544 bytes

Run Hijack This, close all windows and browsers except Hijack This, place a check to the left of this item and press "fix checked":

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (file missing)

Exit Hijack This.

How is the computer operating?

Completed the fix with hjt.

This computer is operating just fine now!!

Am I safe enough now to perform sensitive online tasks such as banking, etc.?

Glad we could help.

I seem to be having the same problem (the same errors, same inability for other cleaners to remove).

Should I follow these steps on my own system, or should I (would I be able to?) post my logs on here and such?

Thx much - Crap Weasel