I replaced my sister's motherboard on her compaq with a replacement from HP.  Computer locks up 2 minutes after startup.  Tried a non-destructive system recovery.  Computer stayed on for a 1/2 hour to a hour while I reinstalled hardware and Office XP.  It then froze again and kept freezing within 2 minutes after startup again.  Is there any command to reset all the devices?  Or am I just going to have to reformat the HDD completely?

thanks for the help, i was actually able to use Webroot to get the phishers off of her computer, but there was still an adware that I could not get off. I decided to not take any chances and am just going to restore her computer. Thanks again for the help, I told her to contact her banks and the Credit Reporting agencies.

Hey guys I need your help, I'm trying to help out a lady friend with her computer. Its got two trojan-phishers: nethelper & snifula which I found during a scan by a webroot system analyzer I got from my buddy at staples. Ive already ran her norton internet security in safe mode, I ran SuperAntiSpyware, and I ran Webroot AntiSpyware w/ Antivirus with her hard drive as a secondary drive on my computer; which did get rid one a trojan I didn't know about.

This is here HiJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 11:26:33 AM, on 5/23/2007
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Lesley King\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/hp/
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: MSDNS System - {27A7FB75-FB40-4f94-BCF6-4945BCC8BAAF} - C:\WINDOWS\tlhelper.dll
O2 - BHO: (no name) - {60FD4F58-4748-48f6-B661-5FCE71B0D907} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {bfc0caed-ad26-469c-923d-9bfa278b0333} - C:\WINDOWS\System32\irctor.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\DOCUME~1\LESLEY~1\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk870YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Kennedy King\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130915568811
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173712526522
O20 - AppInit_DLLs: 
O20 - Winlogon Notify: irctor - irctor.dll (file missing)
O20 - Winlogon Notify: kbdla3 - kbdla3.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: msdns - {6E3B3441-E6B8-42D0-8A4C-B32CCD937FA3} - C:\WINDOWS\msdns.dll
O21 - SSODL: iedns - {ECDD8580-C3E2-4BB1-AE1F-6887AA81BDFB} - C:\WINDOWS\iedns.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GearSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Services: (89)
Service Name: .NET Runtime Optimization Service v2.0.50727_X86 [Stopped],
Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Service Name: Alerter [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k LocalService
Service Name: Application Layer Gateway Service [Stopped],
Path: C:\WINDOWS\System32\alg.exe
Service Name: Application Management [Stopped],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: ASP.NET State Service [Stopped],
Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Service Name: Automatic LiveUpdate Scheduler [Running],
Path: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
Service Name: Automatic Updates [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Background Intelligent Transfer Service [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: ClipBook [Stopped],
Path: C:\WINDOWS\system32\clipsrv.exe
Service Name: COM+ Event System [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: COM+ System Application [Stopped],
Path: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Service Name: Computer Browser [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Cryptographic Services [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: DCOM Server Process Launcher [Running],
Path: C:\WINDOWS\system32\svchost -k DcomLaunch
Service Name: DHCP Client [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Distributed Link Tracking Client [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Distributed Transaction Coordinator [Stopped],
Path: C:\WINDOWS\System32\msdtc.exe
Service Name: DNS Client [Running],
Path: C:\WINDOWS\System32\svchost.exe -k NetworkService
Service Name: Error Reporting Service [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Event Log [Running],
Path: C:\WINDOWS\system32\services.exe
Service Name: Fast User Switching Compatibility [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Help and Support [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: HTTP SSL [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k HTTPFilter
Service Name: Human Interface Device Access [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: IMAPI CD-Burning COM Service [Stopped],
Path: C:\WINDOWS\System32\imapi.exe
Service Name: Indexing Service [Stopped],
Path: C:\WINDOWS\system32\cisvc.exe
Service Name: IPSEC Services [Running],
Path: C:\WINDOWS\System32\lsass.exe
Service Name: LiveUpdate [Stopped],
Path: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
Service Name: Logical Disk Manager [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Logical Disk Manager Administrative Service [Stopped],
Path: C:\WINDOWS\System32\dmadmin.exe /com
Service Name: Messenger [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: MS Software Shadow Copy Provider [Stopped],
Path: C:\WINDOWS\System32\dllhost.exe /Processid:{885BF636-8660-44E1-A51C-FC8196E48F04}
Service Name: Net Logon [Stopped],
Path: C:\WINDOWS\System32\lsass.exe
Service Name: NetMeeting Remote Desktop Sharing [Stopped],
Path: C:\WINDOWS\System32\mnmsrvc.exe
Service Name: Network Connections [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Network DDE [Stopped],
Path: C:\WINDOWS\system32\netdde.exe
Service Name: Network DDE DSDM [Stopped],
Path: C:\WINDOWS\system32\netdde.exe
Service Name: Network Location Awareness (NLA) [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Network Provisioning Service [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: NT LM Security Support Provider [Stopped],
Path: C:\WINDOWS\System32\lsass.exe
Service Name: Performance Logs and Alerts [Stopped],
Path: C:\WINDOWS\system32\smlogsvc.exe
Service Name: Plug and Play [Running],
Path: C:\WINDOWS\system32\services.exe
Service Name: Pml Driver HPZ12 [Stopped],
Path: C:\WINDOWS\System32\HPZipm12.exe
Service Name: Portable Media Serial Number Service [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Print Spooler [Running],
Path: C:\WINDOWS\system32\spoolsv.exe
Service Name: Protected Storage [Running],
Path: C:\WINDOWS\system32\lsass.exe
Service Name: QoS RSVP [Stopped],
Path: C:\WINDOWS\System32\rsvp.exe
Service Name: Remote Access Auto Connection Manager [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Remote Access Connection Manager [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Remote Desktop Help Session Manager [Stopped],
Path: C:\WINDOWS\system32\sessmgr.exe
Service Name: Remote Procedure Call (RPC) [Running],
Path: C:\WINDOWS\system32\svchost -k rpcss
Service Name: Remote Procedure Call (RPC) Locator [Stopped],
Path: C:\WINDOWS\System32\locator.exe
Service Name: Removable Storage [Stopped],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Routing and Remote Access [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Secondary Logon [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Security Accounts Manager [Stopped],
Path: C:\WINDOWS\system32\lsass.exe
Service Name: Security Center [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Server [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Shell Hardware Detection [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Smart Card [Stopped],
Path: C:\WINDOWS\System32\SCardSvr.exe
Service Name: SSDP Discovery Service [Running],
Path: C:\WINDOWS\System32\svchost.exe -k LocalService
Service Name: Symantec AppCore Service [Running],
Path: "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"
Service Name: Symantec Core LC [Running],
Path: "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
Service Name: Symantec Event Manager [Running],
Path: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Service Name: Symantec IS Password Validation [Stopped],
Path: "C:\Program Files\Norton AntiVirus\isPwdSvc.exe"
Service Name: Symantec Lic NetConnect service [Running],
Path: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Service Name: Symantec Settings Manager [Running],
Path: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Service Name: System Event Notification [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: System Restore Service [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Task Scheduler [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: TCP/IP NetBIOS Helper [Running],
Path: C:\WINDOWS\System32\svchost.exe -k LocalService
Service Name: Telephony [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Terminal Services [Running],
Path: C:\WINDOWS\System32\svchost -k DComLaunch
Service Name: Themes [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Uninterruptible Power Supply [Stopped],
Path: C:\WINDOWS\System32\ups.exe
Service Name: Universal Plug and Play Device Host [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k LocalService
Service Name: Volume Shadow Copy [Stopped],
Path: C:\WINDOWS\System32\vssvc.exe
Service Name: WAN Miniport (ATW) Service [Running],
Path: "C:\WINDOWS\wanmpsvc.exe"
Service Name: WebClient [Running],
Path: C:\WINDOWS\System32\svchost.exe -k LocalService
Service Name: Windows Audio [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Windows Firewall/Internet Connection Sharing (ICS) [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Windows Image Acquisition (WIA) [Running],
Path: C:\WINDOWS\System32\svchost.exe -k imgsvc
Service Name: Windows Installer [Stopped],
Path: C:\WINDOWS\System32\msiexec.exe /V
Service Name: Windows Management Instrumentation [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Windows Service Pack Installer update service [Stopped],
Path: C:\WINDOWS\system32\spupdsvc.exe
Service Name: Windows Time [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Wireless Zero Configuration [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: WMI Performance Adapter [Stopped],
Path: C:\WINDOWS\System32\wbem\wmiapsrv.exe
Service Name: Workstation [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Finished...

the ondemand AV said i was clean, but i checked and still found the trojan still on there

RemoveIT Pro v4 - SE (Build date: 27.2.2007) full information log file.
Generated at: 3/2/2007 on 4:48:27 PM
Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)
Author: Damjan Irgolic
http://www.incodesolutions.com
support@incodesolutions.com


Running processes: (18)
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe

Startup files:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HP Component Manager
["C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HP Software Update
["C:\Program Files\HP\HP Software Update\HPWuSchd.exe"]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Internet Explorer
[C:\WINDOWS\System32\iexplore.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ccApp
["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\osCheck
["C:\Program Files\Norton AntiVirus\osCheck.exe"]

Detail report: (65)
Clsid C:\WINDOWS\system32\crypt32.dll[efc958396a7a7ef7e6d4a52b97512e18][597504]
Clsid C:\WINDOWS\system32\cryptnet.dll[cad4aa32e7eca00c23cc39c0eb833f9d][63488]
Clsid C:\WINDOWS\system32\cscdll.dll[587729679b4fe04ce06a5c61d6c56dcd][101888]
Clsid C:\WINDOWS\system32\sclgntfy.dll[d636fa41e50671160d838ea2dace3330][20992]
Clsid c:\windows\system32\stobject.dll[297101a925ecffdcdf7f6341ffbb6c1a][121856]
Clsid C:\WINDOWS\system32\wlnotify.dll[a599e5e366c1408e48aa5d37882d4e3e][92672]
Proc C:\Program Files\America Online 8.0\aoltray.exe[5c7a3ffd590793388856b5fafb77c9c4][36940]
Proc C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe[ce045b180d34404ff3017c18d308e9c1][46736]
Proc C:\Program Files\Common Files\Symantec Shared\ccApp.exe[25be770865658cb79100117112819a7c][115816]
Proc C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[6fda95007c483c378824f86fe351aa9c][1087680]
Proc C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[fe69c498b922ce835e2e2123fbd0a272][108648]
Proc C:\Program Files\HP\HP Software Update\HPWuSchd.exe[4fea5b94c6a96860620a62e4a19bd07d][49152]
Proc C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[b75b654ee1da99876461b24597ae3ff3][241664]
Proc C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe[04e3b22bb2a6ef7cf114febd6789d39f][556544]
Proc C:\Program Files\Internet Explorer\iexplore.exe[e7484514c0464642be7b4dc2689354c8][93184]
Proc C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[0fcfbd0edaa188b3d652ddce6d16d866][198336]
Proc C:\WINDOWS\Explorer.EXE[a0732187050030ae399b241436565e64][1032192]
Proc C:\WINDOWS\system32\lsass.exe[84885f9b82f4d55c6146ebf6065d75d2][13312]
Proc C:\WINDOWS\system32\services.exe[c6ce6eec82f187615d1002bb3bb50ed4][108032]
Proc C:\WINDOWS\system32\spoolsv.exe[da81ec57acd4cdc3d4c51cf3d409af9f][57856]
Proc C:\WINDOWS\system32\svchost.exe[8f078ae4ed187aaabc0a305146de6716][14336]
Proc C:\WINDOWS\wanmpsvc.exe[909f2dc0da7f57d229a05ee90647b2c3][65536]
RegRun c:\program files\common files\symantec shared\ccapp.exe[25be770865658cb79100117112819a7c][115816]
RegRun c:\program files\hp\hp software update\hpwuschd.exe[4fea5b94c6a96860620a62e4a19bd07d][49152]
RegRun c:\program files\hp\hpcoretech\hpcmpmgr.exe[b75b654ee1da99876461b24597ae3ff3][241664]
RegRun c:\program files\norton antivirus\oscheck.exe[3602c14e8b2bf31e7b4f14c162178945][26248]
Service c:\progra~1\symantec\liveup~1\lucoms~1.exe[fb3a35318ca7f6a10fa3c3826a69affe][2528960]
Service c:\program files\common files\symantec shared\appcore\appsvc32.exe[ce045b180d34404ff3017c18d308e9c1][46736]
Service c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe[6fda95007c483c378824f86fe351aa9c][1087680]
Service c:\program files\common files\symantec shared\ccsvchst.exe [fe69c498b922ce835e2e2123fbd0a272][108648]
Service c:\program files\norton antivirus\ispwdsvc.exe[b0c93b31a0234bebaf6e636c9ede8741][79496]
Service c:\program files\symantec\liveupdate\aluschedulersvc.exe[0fcfbd0edaa188b3d652ddce6d16d866][198336]
Service c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe[d33c507942299753868204cc7642fa27][29896]
Service c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe[3c4d595e7f9b747325aef28b4adcaae5][66240]
Service c:\windows\system32\alg.exe[f1958fbf86d5c004cf19a5951a9514b7][44544]
Service c:\windows\system32\cisvc.exe[3192bd04d032a9c4a85a3278c268a13a][5632]
Service c:\windows\system32\clipsrv.exe[c8dec22c4137d7a90f8bdf41ca4b82ae][33280]
Service c:\windows\system32\dllhost.exe [dd87db7387b9eb441c5674888a0d840c][5120]
Service c:\windows\system32\dmadmin.exe [554c7cb178fe3bd12450b81ad63adbc3][224768]
Service c:\windows\system32\hpzipm12.exe[5c1cadd1cb67c0b9d8a84ec6e4d6b5cc][65795]
Service c:\windows\system32\imapi.exe[fa788520bcac0f5d9d5cde5615c0d931][150016]
Service c:\windows\system32\locator.exe[793f04a09b15e7c6c11dbdffaf06c0ab][75264]
Service c:\windows\system32\lsass.exe[84885f9b82f4d55c6146ebf6065d75d2][13312]
Service c:\windows\system32\mnmsrvc.exe[f6415361201915b9fe3896b0e4e724ff][32768]
Service c:\windows\system32\msdtc.exe[c7c3d89eb0a6f3dba622ea737fa335b1][6144]
Service c:\windows\system32\msiexec.exe [f5f0146580e7023adb963879840777f8][78848]
Service c:\windows\system32\netdde.exe[05afb5ad06462257bea7495283c86d50][111104]
Service c:\windows\system32\rsvp.exe[471b3f9741d762abe75e9deea4787e47][132608]
Service c:\windows\system32\scardsvr.exe[25d8de134df108e3dbc8d7d23b1aa58e][95744]
Service c:\windows\system32\services.exe[c6ce6eec82f187615d1002bb3bb50ed4][108032]
Service c:\windows\system32\sessmgr.exe[729798e0933076b8fcfcd9934698f164][140800]
Service c:\windows\system32\smlogsvc.exe[8b54aa346d1b1b113ffaa75501b8b1b2][89600]
Service c:\windows\system32\spoolsv.exe[da81ec57acd4cdc3d4c51cf3d409af9f][57856]
Service c:\windows\system32\spupdsvc.exe[72eb21dc82132064065cffc1417ad9ff][22752]
Service c:\windows\system32\svchost.exe [8f078ae4ed187aaabc0a305146de6716][14336]
Service c:\windows\system32\ups.exe[3f5df65b0758675f95a2d43918a740a3][18432]
Service c:\windows\system32\vssvc.exe[3ee00364ae0fd8d604f46cbaf512838a][289792]
Service c:\windows\system32\wbem\wmiapsrv.exe[ba8cecc3e813e1f7c441b20393d4f86c][126464]
Service c:\windows\wanmpsvc.exe[909f2dc0da7f57d229a05ee90647b2c3][65536]
Startup c:\documents and settings\all users\start menu\programs\startup\desktop.ini[d6a6856702e3f0953e7246a9b4a9fe35][84]
Startup c:\documents and settings\mel\start menu\programs\startup\desktop.ini[d6a6856702e3f0953e7246a9b4a9fe35][84]
Startup c:\program files\america online 8.0\aoltray.exe[5c7a3ffd590793388856b5fafb77c9c4][36940]
Startup c:\program files\common files\adobe\calibration\adobe gamma loader.exe[c2ff17734176cd15221c10044ef0ba1a][113664]
Startup c:\program files\microsoft office\office10\osa.exe[5bc65464354a9fd3beaa28e18839734a][83360]
System.ini c:\windows\system32\svchost.exe [8f078ae4ed187aaabc0a305146de6716][14336]

Startup folder: (5)
Startup name: desktop.ini
Command: C:\Documents and Settings\mel\Start Menu\Programs\Startup\desktop.ini
Startup name: adobe gamma loader.lnk
Command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Startup name: america online 8.0 tray icon.lnk
Command: C:\Program Files\America Online 8.0\aoltray.exe
Startup name: desktop.ini
Command: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Startup name: microsoft office.lnk
Command: C:\Program Files\Microsoft Office\Office10\OSA.EXE

Win.ini Startup: (1)
Path: No additional driver found!

Win.ini Startup: (1)
Path: No additional driver found!

Keyboard drivers: (1)
Name: No Keyboard Filter driver found!

-- Files created between 2007-02-01 and 2007-03-01 ------------------------------

2007-03-01 13:55:26         0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2007-03-01 13:31:56         0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-03-01 13:31:26         0 d-------- C:\Program Files\SUPERAntiSpyware<SUPERA~1>
2007-03-01 13:31:26         0 d-------- C:\Documents and Settings\mel\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>
2007-03-01 08:28:38         0 d-------- C:\WINDOWS\pss
2007-02-28 18:36:21         0 d-------- C:\Documents and Settings\mel\Application Data\Symantec
2007-02-28 14:16:17         0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-02-23 19:26:31     10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-02-18 20:26:12         0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-02-18 20:25:44         0 d-------- C:\2957082352c5ebed7493<295708~1>
2007-02-17 21:15:37         0 d--h----- C:\WINDOWS\PIF
2007-02-17 20:36:40         0 d-------- C:\Program Files\Norton AntiVirus<NORTON~1>
2007-02-17 20:34:57     48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-02-17 20:34:57    115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-02-17 20:33:52         0 d-------- C:\Program Files\Symantec
2007-02-17 20:33:49         0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-02-17 12:28:50    262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-02-17 08:19:09         0 d-------- C:\Documents and Settings\mel\Application Data\U3
2007-02-16 21:20:08         0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-16 18:02:17         0 d-------- C:\WINDOWS\Prefetch
2007-02-16 17:25:44      9216 -----n--- C:\WINDOWS\system32\proxycfg.exe
2007-02-16 17:25:44     59392 -----n--- C:\WINDOWS\system32\logman.exe
2007-02-16 17:25:18      3615 -----n--- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-02-16 17:25:18      3967 -----n--- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-02-16 17:25:18      4255 -----n--- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-02-16 17:25:17     43008 -----n--- C:\WINDOWS\system32\drivers\amdagp.sys
2007-02-16 17:25:17     42752 -----n--- C:\WINDOWS\system32\drivers\alim1541.sys
2007-02-16 17:25:17     44928 -----n--- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-02-16 17:25:17     42368 -----n--- C:\WINDOWS\system32\drivers\agp440.sys
2007-02-16 17:25:17      3775 -----n--- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-02-16 17:25:17      3711 -----n--- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-02-16 17:25:17      3135 -----n--- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-02-16 17:25:17      3647 -----n--- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-02-16 17:25:16     26367 -----n--- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-02-16 17:25:16     63663 -----n--- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-02-16 17:25:16     30671 -----n--- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-02-16 17:25:16     12047 -----n--- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-02-16 17:25:16     11615 -----n--- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-02-16 17:25:16     56623 -----n--- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-02-16 17:25:15    327040 -----n--- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-02-16 17:25:15     34735 -----n--- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-02-16 17:25:15     29455 -----n--- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-02-16 17:25:15     36463 -----n--- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-02-16 17:25:15     21343 -----n--- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-02-16 17:25:14     28672 -----n--- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-02-16 17:25:14    104960 -----n--- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-02-16 17:25:14     52224 -----n--- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-02-16 17:25:14     14336 -----n--- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-02-16 17:25:14     13824 -----n--- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-02-16 17:25:14     57856 -----n--- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-02-16 17:25:14    701440 -----n--- C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-02-16 17:25:13     25471 -----n--- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-02-16 17:25:13     11359 -----n--- C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-02-16 17:25:13     21183 -----n--- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-02-16 17:25:13     63488 -----n--- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-02-16 17:25:13     31744 -----n--- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-02-16 17:25:13     73216 -----n--- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-02-16 17:25:13     13824 -----n--- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-02-16 17:25:12     18944 -----n--- C:\WINDOWS\system32\drivers\bthusb.sys
2007-02-16 17:25:12     35456 -----n--- C:\WINDOWS\system32\drivers\bthprint.sys
2007-02-16 17:25:12    274304 -----n--- C:\WINDOWS\system32\drivers\bthport.sys
2007-02-16 17:25:12    100992 -----n--- C:\WINDOWS\system32\drivers\bthpan.sys
2007-02-16 17:25:12     38016 -----n--- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-02-16 17:25:12     17024 -----n--- C:\WINDOWS\system32\drivers\bthenum.sys
2007-02-16 17:25:12     17279 -----n--- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-02-16 17:25:12     14143 -----n--- C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-02-16 17:25:11     15104 -----n--- C:\WINDOWS\system32\drivers\hidir.sys
2007-02-16 17:25:11     25600 -----n--- C:\WINDOWS\system32\drivers\hidbth.sys
2007-02-16 17:25:11     46464 -----n--- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-02-16 17:25:11    128896 -----n--- C:\WINDOWS\system32\drivers\fltmgr.sys
2007-02-16 17:25:11     15423 -----n--- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-02-16 17:25:10   1041536 -----n--- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-02-16 17:25:10    685056 -----n--- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-02-16 17:25:10    220032 -----n--- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-02-16 17:25:09    126686 -----n--- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-02-16 17:25:09     15488 -----n--- C:\WINDOWS\system32\drivers\mssmbios.sys
2007-02-16 17:25:09     11868 -----n--- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-02-16 17:25:09     29056 -----n--- C:\WINDOWS\system32\drivers\ip6fw.sys
2007-02-16 17:25:09     36096 -----n--- C:\WINDOWS\system32\drivers\intelppm.sys
2007-02-16 17:25:09    262784 -----n--- C:\WINDOWS\system32\drivers\http.sys
2007-02-16 17:25:08     12672 -----n--- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-02-16 17:25:08    452736 -----n--- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-02-16 17:25:08   1309184 -----n--- C:\WINDOWS\system32\drivers\mtlstrm.sys
2007-02-16 17:25:07     59648 -----n--- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-02-16 17:25:07     13776 -----n--- C:\WINDOWS\system32\drivers\recagent.sys
2007-02-16 17:25:07   1897408 -----n--- C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-02-16 17:25:07    180360 -----n--- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-02-16 17:25:06     41088 -----n--- C:\WINDOWS\system32\drivers\sisagp.sys
2007-02-16 17:25:06      3901 -----n--- C:\WINDOWS\system32\drivers\siint5.dll
2007-02-16 17:25:06     10240 -----n--- C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-02-16 17:25:06     11136 -----n--- C:\WINDOWS\system32\drivers\sffdisk.sys
2007-02-16 17:25:06     67584 -----n--- C:\WINDOWS\system32\drivers\sdbus.sys
2007-02-16 17:25:06    166912 -----n--- C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-02-16 17:25:06     30080 -----n--- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-02-16 17:25:05     44672 -----n--- C:\WINDOWS\system32\drivers\uagp35.sys
2007-02-16 17:25:05      6016 -----n--- C:\WINDOWS\system32\drivers\smbali.sys
2007-02-16 17:25:05     13240 -----n--- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-02-16 17:25:05     95424 -----n--- C:\WINDOWS\system32\drivers\slnthal.sys
2007-02-16 17:25:05    404990 -----n--- C:\WINDOWS\system32\drivers\slntamr.sys
2007-02-16 17:25:05    129535 -----n--- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-02-16 17:25:04     11295 -----n--- C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-02-16 17:25:04     11807 -----n--- C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-02-16 17:25:04     13568 -----n--- C:\WINDOWS\system32\drivers\wacompen.sys
2007-02-16 17:25:04     42240 -----n--- C:\WINDOWS\system32\drivers\viaagp.sys
2007-02-16 17:25:04     11325 -----n--- C:\WINDOWS\system32\drivers\vchnt5.dll
2007-02-16 17:25:04     78464 -----n--- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-02-16 17:25:04     26624 -----n--- C:\WINDOWS\system32\drivers\usbehci.sys
2007-02-16 17:25:04     12672 -----n--- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-02-16 17:25:03     25471 -----n--- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-02-16 17:25:03     22271 -----n--- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-02-16 17:25:03     11935 -----n--- C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-02-16 17:25:03     11871 -----n--- C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-02-16 17:25:03    377984 -----n--- C:\WINDOWS\system32\ati2dvaa.dll
2007-02-16 17:25:03    229376 -----n--- C:\WINDOWS\system32\ati2cqag.dll
2007-02-16 17:25:02   1888992 -----n--- C:\WINDOWS\system32\ati3duag.dll
2007-02-16 17:25:02    870784 -----n--- C:\WINDOWS\system32\ati3d1ag.dll
2007-02-16 17:25:02    201728 -----n--- C:\WINDOWS\system32\ati2dvag.dll
2007-02-16 17:25:01     32768 -----n--- C:\WINDOWS\system32\ativtmxx.dll
2007-02-16 17:25:00     20992 -----n--- C:\WINDOWS\system32\bthci.dll
2007-02-16 17:25:00     71680 -----n--- C:\WINDOWS\system32\blastcln.exe
2007-02-16 17:25:00     14336 -----n--- C:\WINDOWS\system32\auditusr.exe
2007-02-16 17:25:00    516768 -----n--- C:\WINDOWS\system32\ativvaxx.dll
2007-02-16 17:24:59     13824 -----n--- C:\WINDOWS\system32\cmsetacl.dll
2007-02-16 17:24:59     50688 -----n--- C:\WINDOWS\system32\btpanui.dll
2007-02-16 17:24:59     30208 -----n--- C:\WINDOWS\system32\bthserv.dll
2007-02-16 17:24:56     32285 -----n--- C:\WINDOWS\system32\hsfcisp2.dll
2007-02-16 17:24:56      7168 -----n--- C:\WINDOWS\system32\hccoin.dll
2007-02-16 17:24:56     60416 -----n--- C:\WINDOWS\system32\fwcfg.dll
2007-02-16 17:24:56    193024 -----n--- C:\WINDOWS\system32\fsquirt.exe
2007-02-16 17:24:56     23040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-02-16 17:24:56     16896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-02-16 17:24:55     81920 -----n--- C:\WINDOWS\system32\ieencode.dll
2007-02-16 17:24:55     24576 -----n--- C:\WINDOWS\system32\httpapi.dll
2007-02-16 17:24:52      6144 -----n--- C:\WINDOWS\system32\kbdinbe1.dll
2007-02-16 17:24:52      7168 -----n--- C:\WINDOWS\system32\kbdfi1.dll
2007-02-16 17:24:51      7680 -----n--- C:\WINDOWS\system32\kbdsmsno.dll
2007-02-16 17:24:51      7680 -----n--- C:\WINDOWS\system32\kbdsmsfi.dll
2007-02-16 17:24:51      7168 -----n--- C:\WINDOWS\system32\kbdno1.dll
2007-02-16 17:24:51      6144 -----n--- C:\WINDOWS\system32\kbdmlt48.dll
2007-02-16 17:24:51      6144 -----n--- C:\WINDOWS\system32\kbdmlt47.dll
2007-02-16 17:24:51      5632 -----n--- C:\WINDOWS\system32\kbdmaori.dll
2007-02-16 17:24:51      6656 -----n--- C:\WINDOWS\system32\kbdinmal.dll
2007-02-16 17:24:51      6656 -----n--- C:\WINDOWS\system32\kbdinben.dll
2007-02-16 17:24:50     86016 -----n--- C:\WINDOWS\system32\mdmxsdk.dll
2007-02-16 17:24:50      7168 -----n--- C:\WINDOWS\system32\kbdukx.dll
2007-02-16 17:24:48    118784 -----n--- C:\WINDOWS\system32\msdadiag.dll
2007-02-16 17:24:46   1737856 -----n--- C:\WINDOWS\system32\mtxparhd.dll
2007-02-16 17:24:45     86016 -----n--- C:\WINDOWS\system32\p2pgasvc.dll
2007-02-16 17:24:45    116224 -----n--- C:\WINDOWS\system32\p2p.dll
2007-02-16 17:24:45   4274816 -----n--- C:\WINDOWS\system32\nv4_disp.dll
2007-02-16 17:24:44     49152 -----n--- C:\WINDOWS\system32\powercfg.exe
2007-02-16 17:24:44     48640 -----n--- C:\WINDOWS\system32\pnrpnsp.dll
2007-02-16 17:24:44    526848 -----n--- C:\WINDOWS\system32\p2psvc.dll
2007-02-16 17:24:44     88064 -----n--- C:\WINDOWS\system32\p2pnetsh.dll
2007-02-16 17:24:44    312320 -----n--- C:\WINDOWS\system32\p2pgraph.dll
2007-02-16 17:24:43    397056 -----n--- C:\WINDOWS\system32\s3gnb.dll
2007-02-16 17:24:42     73832 -----n--- C:\WINDOWS\system32\slcoinst.dll
2007-02-16 17:24:42     29184 -----n--- C:\WINDOWS\system32\sdhcinst.dll
2007-02-16 17:24:41      8192 -----n--- C:\WINDOWS\system32\smbinst.exe
2007-02-16 17:24:41     73796 -----n--- C:\WINDOWS\system32\slserv.exe
2007-02-16 17:24:41     32866 -----n--- C:\WINDOWS\system32\slrundll.exe
2007-02-16 17:24:41    188508 -----n--- C:\WINDOWS\system32\slgen.dll
2007-02-16 17:24:41    286792 -----n--- C:\WINDOWS\system32\slextspk.dll
2007-02-16 17:24:40     15872 -----n--- C:\WINDOWS\system32\w3ssl.dll
2007-02-16 17:24:40     44032 -----n--- C:\WINDOWS\system32\twext.dll
2007-02-16 17:24:40     75776 -----n--- C:\WINDOWS\system32\strmfilt.dll
2007-02-16 17:24:38     17408 -----n--- C:\WINDOWS\system32\winshfhc.dll
2007-02-16 17:24:31    108032 -----n--- C:\WINDOWS\system32\wshbth.dll
2007-02-16 17:24:31     81408 -----n--- C:\WINDOWS\system32\wscsvc.dll
2007-02-16 17:24:31     13824 -----n--- C:\WINDOWS\system32\wscntfy.exe
2007-02-16 17:24:30     50176 -----n--- C:\WINDOWS\system32\xmlprovi.dll
2007-02-16 17:24:30    129536 -----n--- C:\WINDOWS\system32\xmlprov.dll
2007-02-16 17:24:29     32866 -----n--- C:\WINDOWS\slrundll.exe
2007-02-16 17:24:21         0 d-------- C:\WINDOWS\peernet
2007-02-16 17:24:17         0 d-------- C:\WINDOWS\provisioning<PROVIS~1>
2007-02-16 17:16:52         0 d-------- C:\WINDOWS\ServicePackFiles<SERVIC~1>
2007-02-16 16:55:32         0 d-------- C:\WINDOWS\EHome
2007-02-16 16:08:30     12160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-02-16 16:08:05      9600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-02-13 12:08:22         0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-02-13 12:08:20     22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-02-13 12:08:18         0 d--h----- C:\WINDOWS\$hf_mig$
2007-02-13 12:06:12         0 d-------- C:\WINDOWS\system32\bits
2007-02-13 12:00:24    438784 -----n--- C:\WINDOWS\system32\xpob2res.dll
2007-02-13 12:00:24     18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-02-13 12:00:24      7168 -----n--- C:\WINDOWS\system32\bitsprx3.dll
2007-02-13 12:00:24      8192 -----n--- C:\WINDOWS\system32\bitsprx2.dll
2007-02-13 12:00:23    351232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-02-13 11:37:18     18200 --a------ C:\WINDOWS\system32\wups2.dll
2007-02-13 11:37:18     41240 --a------ C:\WINDOWS\system32\wups.dll
2007-02-13 11:37:16    127256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-02-13 11:37:16    194328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-02-13 11:37:14    172312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-02-13 11:37:10    465176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-02-13 11:35:21         0 d-------- C:\WINDOWS\SoftwareDistribution<SOFTWA~1>
2007-02-13 11:06:35         0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>


-- Find3M Report ----------------------------------------------------------------

2007-02-28 10:18:14         0 d-------- C:\Program Files\Mozilla Thunderbird<MOZILL~1>
2007-02-17 12:48:33         0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-02-16 19:47:18         0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-16 17:24:21         0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-02-16 17:15:53         0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-02-13 11:00:08         0 d-------- C:\Program Files\Intuit
2007-01-30 15:10:21         0 d-------- C:\Program Files\ItsDeductible2006<ITSDED~3>
2007-01-30 15:02:17         0 d-------- C:\Program Files\TurboTax
2007-01-30 14:56:27         0 d-------- C:\Documents and Settings\mel\Application Data\InstallShield<INSTAL~1>
2007-01-29 03:58:06     60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-12 17:12:09         0 d---s---- C:\Documents and Settings\mel\Application Data\Microsoft<MICROS~1>
2006-12-19 16:52:18    134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 13:16:47    333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-07 17:02:24   2174976 --a------ C:\WINDOWS\system32\wmvcore.dll


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\""
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"Microsoft Internet Explorer"="C:\\WINDOWS\\System32\\iexplore.exe"
"F-Secure Manager"="\"C:\\Program Files\\PC Protection Plus\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\PC Protection Plus\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\PC Protection Plus\\FSGUI\\FSSW.EXE\" /reboot"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
   

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService   REG_MULTI_SZ      Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService   REG_MULTI_SZ      DnsCache\0\0
rpcss   REG_MULTI_SZ      RpcSs\0\0
imgsvc   REG_MULTI_SZ      StiSvc\0\0
termsvcs   REG_MULTI_SZ      TermService\0\0
HTTPFilter   REG_MULTI_SZ      HTTPFilter\0\0
DcomLaunch   REG_MULTI_SZ      DcomLaunch\0TermService\0\0



-- End of ComboScan: finished at 2007-03-01 at 21:06:47 -------------------------


My buddy has two AVs because he had F-Secure but it let three trojans get on it, so he bought Norton and it took two of them off but not the third

ComboScan v20070226.18 run by mel on 2007-03-01 at 20:59:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis (run as mel.exe) --------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:02:05 PM, on 3/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\PCPROT~1\backweb\6731405\Program\SERVIC~1.EXE
C:\Program Files\PC Protection Plus\Anti-Virus\fsgk32st.exe
C:\Program Files\PC Protection Plus\Anti-Virus\FSGK32.EXE
C:\Program Files\PC Protection Plus\backweb\6731405\program\fsbwsys.exe
C:\Program Files\PC Protection Plus\Anti-Virus\fssm32.exe
C:\Program Files\PC Protection Plus\Common\FSMA32.EXE
C:\Program Files\PC Protection Plus\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Protection Plus\backweb\6731405\Program\fspex.exe
C:\Program Files\PC Protection Plus\Common\FCH32.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\PC Protection Plus\Common\FAMEH32.EXE
C:\Program Files\PC Protection Plus\Anti-Virus\fsqh.exe
C:\Program Files\PC Protection Plus\Anti-Virus\fsrw.exe
C:\Program Files\PC Protection Plus\FSPC\fspc.exe
C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe
C:\Program Files\PC Protection Plus\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\PC Protection Plus\Common\FSM32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\PROGRA~1\PCPROT~1\ANTI-S~1\fsaw.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\PC Protection Plus\FSGUI\fsguidll.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Documents and Settings\mel\Desktop\comboscan.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\DOCUME~1\mel\Desktop\HIJACK~1\mel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection Plus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection Plus\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\PC Protection Plus\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: adobe gamma loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: america online 8.0 tray icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: microsoft office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PC Protection Plus.lnk = C:\Program Files\PC Protection Plus\backweb\6731405\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\PC Protection Plus\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection Plus\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection Plus\Anti-Spyware\ieshield.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {42D683F6-9C1B-11D7-A860-005056C00001} (.print Client ICA Webinstall.) - http://www.entsystems.com/TPClientInstall/english/TPICAenN.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171384475716
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PC Protection Plus (BackWeb Plug-in - 6731405) - WideOpenWest - C:\PROGRA~1\PCPROT~1\backweb\6731405\Program\SERVIC~1.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection Plus\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\PC Protection Plus\backweb\6731405\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\PC Protection Plus\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Protection Plus\Common\FSMA32.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3R ac97intc (Intel(r) 82801 Audio Driver Install Service (WDM)) - C:\WINDOWS\system32\drivers\ac97intc.sys
2R ASCTRM - C:\WINDOWS\system32\drivers\asctrm.sys
1R eeCtrl (Symantec Eraser Control driver) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
3R EraserUtilRebootDrv - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2R F-Secure Filter (F-Secure File System Filter) - C:\Program Files\PC Protection Plus\Anti-Virus\win2k\FSfilter.sys
2R F-Secure Gatekeeper - C:\Program Files\PC Protection Plus\Anti-Virus\win2k\fsgk.sys
2R F-Secure Recognizer (F-Secure File System Recognizer) - C:\Program Files\PC Protection Plus\Anti-Virus\win2k\FSrec.sys
0R FSFW (F-Secure Firewall Driver) - C:\WINDOWS\system32\drivers\fsdfw.sys
3S HCF_MSFT - C:\WINDOWS\system32\drivers\HCF_MSFT.sys
3R HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\hpzid412.sys
3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys
3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys
3R i81x - C:\WINDOWS\system32\drivers\i81xnt5.sys
3S iAimFP0 - C:\WINDOWS\system32\drivers\wadv01nt.sys
3S iAimFP1 - C:\WINDOWS\system32\drivers\wadv02nt.sys
3S iAimFP2 - C:\WINDOWS\system32\drivers\wadv05nt.sys
3S iAimFP3 - C:\WINDOWS\system32\drivers\wsiintxx.sys
3S iAimFP4 - C:\WINDOWS\system32\drivers\wvchntxx.sys
3S iAimFP5 - C:\WINDOWS\system32\drivers\wadv07nt.sys
3S iAimFP6 - C:\WINDOWS\system32\drivers\wadv08nt.sys
3S iAimFP7 - C:\WINDOWS\system32\drivers\wadv09nt.sys
3S iAimTV0 - C:\WINDOWS\system32\drivers\watv01nt.sys
3S iAimTV1 - C:\WINDOWS\system32\drivers\watv02nt.sys
3S iAimTV2 - C:\WINDOWS\system32\DRIVERS\wATV03nt.sys (not found)
3S iAimTV3 - C:\WINDOWS\system32\drivers\watv04nt.sys
3S iAimTV4 - C:\WINDOWS\system32\drivers\wch7xxnt.sys
3S iAimTV5 - C:\WINDOWS\system32\drivers\watv10nt.sys
3S iAimTV6 - C:\WINDOWS\system32\drivers\watv06nt.sys
3R MODEMCSA (Unimodem Streaming Filter Device) - C:\WINDOWS\system32\drivers\MODEMCSA.sys
3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3R ms_mpu401 (Microsoft MPU-401 MIDI UART Driver) - C:\WINDOWS\system32\drivers\msmpu401.sys
3R NAVENG - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070227.080\NAVENG.SYS
3R NAVEX15 - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070227.080\NAVEX15.SYS
1R P3 (Intel PentiumIII Processor Driver) - C:\WINDOWS\system32\drivers\p3.sys
3S rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - C:\WINDOWS\system32\drivers\rtl8139.sys
3R SMC1211 (SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver) - C:\WINDOWS\system32\drivers\SMC1211.sys
3S SONYPVU1 (Sony USB Filter Driver (SONYPVU1)) - C:\WINDOWS\system32\drivers\SONYPVU1.SYS
1R SPBBCDrv - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
3R SRTSP - C:\WINDOWS\system32\drivers\srtsp.sys
3S SRTSPL - C:\WINDOWS\system32\drivers\srtspl.sys
1R SRTSPX - C:\WINDOWS\system32\drivers\srtspx.sys
3R SYMDNS - C:\WINDOWS\system32\drivers\symdns.sys
3R SymEvent - C:\WINDOWS\system32\drivers\SYMEVENT.SYS
3R SYMFW - C:\WINDOWS\system32\drivers\symfw.sys
3R SYMIDS - C:\WINDOWS\system32\drivers\symids.sys
3R SYMIDSCO - C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20070221.002\SymIDSCo.sys
0R symlcbrd - C:\WINDOWS\system32\drivers\symlcbrd.sys
3R SYMNDIS - C:\WINDOWS\system32\drivers\symndis.sys
3R SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys
1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys
3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3R USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys
3R wanatw (WAN Miniport (ATW)) - C:\WINDOWS\system32\drivers\wanatw4.sys
3R Winachcf - C:\WINDOWS\system32\drivers\winachcf.sys
1R WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2R Automatic LiveUpdate Scheduler - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
2R BackWeb Plug-in - 6731405 (PC Protection Plus) - C:\PROGRA~1\PCPROT~1\backweb\6731405\Program\SERVIC~1.EXE
2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
2R ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2R CLTNetCnService (Symantec Lic NetConnect service) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
2R F-Secure Gatekeeper Handler Starter (FSGKHS) - "C:\Program Files\PC Protection Plus\Anti-Virus\fsgk32st.exe"
2R FSBWSYS - "C:\Program Files\PC Protection Plus\backweb\6731405\program\fsbwsys.exe"
3R FSDFWD (F-Secure Anti-Virus Firewall Daemon) - "C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe"
3R fshttps (F-Secure HTTP Server) - "C:\Program Files\PC Protection Plus\FSPC\fshttps\fshttps.exe"
2R FSMA (F-Secure Management Agent) - "C:\Program Files\PC Protection Plus\Common\FSMA32.EXE"
3S ISPwdSvc (Symantec IS Password Validation) - "C:\Program Files\Norton AntiVirus\isPwdSvc.exe"
3R LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
3S Pml Driver HPZ12 - C:\WINDOWS\System32\HPZipm12.exe
2S spupdsvc (Windows Service Pack Installer update service) - C:\WINDOWS\system32\spupdsvc.exe
3S Symantec Core LC - "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
2R SymAppCore (Symantec AppCore Service) - "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"
2R WANMiniportService (WAN Miniport (ATW) Service) - "C:\WINDOWS\wanmpsvc.exe"


-- Scheduled Tasks --------------------------------------------------------------

2007-03-01 19:04:47       544 --a------ C:\WINDOWS\Tasks\Scheduled scanning task.job<SCHEDU~1.JOB>
2007-02-24 08:28:33       526 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - mel.job<NORTON~1.JOB>

ComboScan v20070226.18 run by mel on 2007-03-01 at 20:59:45
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Celeron processor
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 510.3 MiB / 209.73 MiB
Pagefile Memory (total/avail): 1246.59 MiB / 931.87 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1997.45 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 13.98 GiB total, 7.47 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT)


-- Security Center --------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton AntiVirus v2007 (Symantec Corporation)
FW: PC Protection Plus 6.15 v6.15 (F-Secure Corporation)
AV: Norton AntiVirus v2007 (Symantec Corporation)
AV: PC Protection Plus 6.15 v6.15 (F-Secure Corporation)


-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\mel\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CUNNINGHAM
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\mel
LOGONSERVER=\\CUNNINGHAM
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0803
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\mel\LOCALS~1\Temp
TMP=C:\DOCUME~1\mel\LOCALS~1\Temp
USERDOMAIN=CUNNINGHAM
USERNAME=mel
USERPROFILE=C:\Documents and Settings\mel
windir=C:\WINDOWS


-- User Profiles ----------------------------------------------------------------

mel (admin)


-- Add/Remove Programs ----------------------------------------------------------

 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure Help"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
 --> "C:\Program Files\PC Protection Plus\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter"
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Photoshop 7.0.1 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Coach Version 1.0(Build:20020929.1) --> C:\WINDOWS\AolCInUn.exe
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
HijackThis 1.99.1 --> C:\Documents and Settings\mel\Desktop\hijackthis\HijackThis.exe /uninstall
HP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
Learning QuickBooks 2007 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B50E58B-2C48-464C-9DB9-726C650CEAE4}\Setup.exe" -l0x9
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
MetaFrame Presentation Server Web Client for Win32 --> C:\WINDOWS\System32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Mozilla Thunderbird (1.5.0.9) --> C:\Program Files\Mozilla Thunderbird\uninstall\uninstall.exe /ua "1.5.0.9 (en-US)"
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
PC Magazine StartupCop Pro --> "C:\Program Files\PC Magazine Utilities\StartupCop Pro\unins000.exe"
PC Protection Plus --> C:\PROGRA~1\PCPROT~1\Common\fsbwih.exe /uninstall
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TurboTax Deluxe 2003 --> C:\Program Files\TurboTax\Deluxe 2003\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2003\Uninstall.log" -NoGui
TurboTax Deluxe 2004 --> C:\Program Files\TurboTax\Deluxe 2004\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2004\Uninstall.log" -NoGui
TurboTax Deluxe 2005 --> C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006 --> C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005 --> MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9  -eliminate


-- End of ComboScan: finished at 2007-03-01 at 21:06:47 -------------------------

im trying to help my buddy with some trojan he has, but that superantispyware stuff didn't work. here is his hijackthis log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\PCPROT~1\backweb\6731405\Program\SERVIC~1.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\PC Protection Plus\Anti-Virus\fsgk32st.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\PC Protection Plus\Common\FSM32.EXE
C:\Program Files\PC Protection Plus\backweb\6731405\program\fsbwsys.exe
C:\Program Files\PC Protection Plus\Anti-Virus\FSGK32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\PC Protection Plus\Anti-Virus\fssm32.exe
C:\Program Files\PC Protection Plus\Common\FSMA32.EXE
C:\Program Files\PC Protection Plus\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\PC Protection Plus\backweb\6731405\Program\fspex.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\PC Protection Plus\Common\FCH32.EXE
C:\Program Files\PC Protection Plus\Anti-Virus\fsqh.exe
C:\Program Files\PC Protection Plus\Common\FAMEH32.EXE
C:\Program Files\PC Protection Plus\Anti-Virus\fsrw.exe
C:\Program Files\PC Protection Plus\FSPC\fspc.exe
C:\Program Files\PC Protection Plus\Anti-Virus\fsav32.exe
C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe
C:\PROGRA~1\PCPROT~1\ANTI-S~1\fsaw.exe
C:\Program Files\PC Protection Plus\FSGUI\fsguidll.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\mel\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\PC Protection Plus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\PC Protection Plus\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\PC Protection Plus\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: adobe gamma loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: america online 8.0 tray icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: microsoft office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PC Protection Plus.lnk = C:\Program Files\PC Protection Plus\backweb\6731405\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\PC Protection Plus\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\PC Protection Plus\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection Plus\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\PC Protection Plus\Anti-Spyware\ieshield.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {42D683F6-9C1B-11D7-A860-005056C00001} (.print Client ICA Webinstall.) - http://www.entsystems.com/TPClientInstall/english/TPICAenN.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171384475716
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PC Protection Plus (BackWeb Plug-in - 6731405) - WideOpenWest - C:\PROGRA~1\PCPROT~1\backweb\6731405\Program\SERVIC~1.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\PC Protection Plus\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\PC Protection Plus\backweb\6731405\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\PC Protection Plus\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\PC Protection Plus\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\PC Protection Plus\Common\FSMA32.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\AOL\1129172912\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\BigFix\BigFix.exe
c:\program files\common files\aol\1129172912\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1129172912\ee\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129172912\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O20 - AppInit_DLLs: 
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



SUPERAntiSpyware Scan Log
Generated 02/21/2007 at 08:19 AM

Application Version : 3.5.1016

Core Rules Database Version : 3186
Trace Rules Database Version: 1196

Scan type       : Complete Scan
Total Scan Time : 00:18:23

Memory items scanned      : 444
Memory threats detected   : 0
Registry items scanned    : 4097
Registry threats detected : 12
File items scanned        : 27228
File threats detected     : 25

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
   HKU\S-1-5-21-531480544-1978598407-787478614-1003\Software\WinAntiVirus Pro 2007
   C:\Program Files\Common Files\WinAntiVirus Pro 2007\err.log
   C:\Program Files\Common Files\WinAntiVirus Pro 2007\uwa7pcw.exe
   C:\Program Files\Common Files\WinAntiVirus Pro 2007\WAPChk.dll
   C:\Program Files\Common Files\WinAntiVirus Pro 2007
   C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2007\Logs\update.log
   C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2007\Logs\wa6Support.log
   C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2007\Logs\winav.log
   C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2007\Logs
   C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2007\PGE.dat
   C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2007
   \WA7P

Adware.HotBar (Low Risk)
   C:\WINDOWS\Downloaded Program Files\HbInstIE.dll

Adware.HotBar/SpamBlockerUtility (Low Risk)
   HKLM\Software\Spam Blocker
   HKLM\Software\Spam Blocker#BuyNow
   HKLM\Software\Spam Blocker#State
   HKLM\Software\Spam Blocker#First start
   HKLM\Software\Spam Blocker\ASAP
   HKLM\Software\Spam Blocker\ASAP#ServerAddress
   HKLM\Software\Spam Blocker\ASAP#Hash
   HKLM\Software\Spam Blocker\ASAP#URI

Adware.Toolbar888
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\888Bar
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\888Bar#DisplayName
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\888Bar#UninstallString

Adware.ClickSpring/Outer Info Network
   C:\Program Files\Outerinfo\OiUninstaller.exe
   C:\Program Files\Outerinfo\outerinfo.ico
   C:\Program Files\Outerinfo\Terms.rtf
   C:\Program Files\Outerinfo
   C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Terms.lnk
   C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Uninstall.lnk
   C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo

Trojan.Druidy/Gen
   C:\WINDOWS\SYSTEM32\DRUIDY_A4M.EXE
   C:\WINDOWS\SYSTEM32\DURVILY.EXE
   C:\WINDOWS\SYSTEM32\DURVILZ.EXE

Trojan.Downloader-Gen/Win
   C:\WINDOWS\SYSTEM32\DRUIDY_REDUX.EXE
   C:\WINDOWS\SYSTEM32\UNSVCHOSTS.LZMA

Trojan.Unknown Origin
   C:\WINDOWS\SYSTEM32\WTSSVSU.EXE

i appreciate the help fellas

ive got a trojan.durvil does anybody know how to remove this

here is my hijackthis log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\AOL\1129172912\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\common files\aol\1129172912\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1129172912\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\i