Wierd Winlogon.exe troubles

O.K. A couple of weeks ago, I successfully battled the surf sidekick pro 3 spyware/virus. Now, I have come across a new virus. I believe that tt edited my winlogon.exe file (which I'm starting to find out is quite common). Anyways, heres the problems this one has given me. The first thing which I noticed is that the IE content advisor password was changed and that the IECA was popping up for EVERY page. This was a quick enough fix, if only it was the only thing. It installed a couple of spyware programs like spywarequake and something else (also quick fixes). However, everytime I start up zonealarm now, explorer and Winlogon attempt to access the internet. They do so on these IP's/Ports:

192.168.1.1:1900 (My network gateway) (this was winlogon.exe)
66.170.32.11NS (My ISP) (winlogon)
127.0.0.1:1397 (my computer) (winlogon)
127.0.0.1:1397 (my computer) (explorer.exe)
0.0.0.0:135 (None) (winlogon)
127.0.0.1:18350 (local again) (explorer)
0.0.0.0:18350 (winlogon)

If I deny them access, then I lose access to the internet completly! WTF? I've tried vundo destroyer, look2me destroyer, and smitfraudfix (this actually came up with infected files (see below). I ran hijack this several times and deleted some "020 - winlogon" or "020 - win notify". I've run ewido, my disabled norton (not sure how that happened), adaware se, and antivir (ALL in safe mode). I REALLY need a response soon as my parents are planning on breaking down and paying the computer store for help. I obviously cant just delete the files (even if I wanted to). Here are the logs of the ones that came up with items:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:35:09 PM 7/13/2006

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{736B5468-BDAD-41BE-92D0-22AE2DDF7BCB} -> Adware.Generic : Cleaned.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B6E649FA-5461-40d7-AB4D-54FC3C8DB767}\\BandCLSID -> Adware.Generic : Cleaned.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{736b5468-bdad-41be-92d0-22ae2ddf7bcb} -> Adware.Generic : Cleaned.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2DEA8791-C2B7-48E1-8992-8E8E6A6FE789} -> Adware.Generic : Cleaned.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2DEA8791-C2B7-48E1-8992-8E8E6A6FE789} -> Adware.Generic : Cleaned.
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned.
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned.
C:\Program Files\whInstall\Sporder.dll -> Adware.Webhancer : Cleaned.
C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned.
C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned.
C:\Program Files\whInstall\webhdll.dll -> Adware.Webhancer : Cleaned.
C:\Program Files\whInstall\whAgent.exe -> Adware.Webhancer : Cleaned.
C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned.
C:\Program Files\whInstall\whInstaller.exe -> Adware.Webhancer : Cleaned.
C:\Program Files\whInstall\whSurvey.exe -> Adware.Webhancer : Cleaned.
C:\Program Files\whInstall\whiehlpr.dll -> Adware.Webhancer : Cleaned.
C:\WINDOWS\wh.exe/whAgent.exe -> Adware.WebHancer : Cleaned.
C:\Documents and Settings\Carlisle Roose.MICHAEL\Desktop\Peepster\Dark Ops\Internet Crap\Nirsoft\pspv.zip/pspv.exe -> Not-A-Virus.PSWTool.Win32.PassView.162 : Cleaned.
C:\Documents and Settings\Carlisle Roose.MICHAEL\Desktop\Peepster\Dark Ops\Internet Crap\Nirsoft\pspv\pspv.exe -> Not-A-Virus.PSWTool.Win32.PassView.162 : Cleaned.
C:\RECYCLER\S-1-5-21-2025429265-2111687655-725345543-500\Dc5.rar/Seagate\WINDOWS\Cookies\jon roose@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\RECYCLER\S-1-5-21-2025429265-2111687655-725345543-500\Dc5.rar/Seagate\WINDOWS\Cookies\jon roose@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.13:C:\Documents and Settings\Carlisle Roose.MICHAEL\Application Data\Mozilla\Firefox\Profiles\v4jleiim.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\S-1-5-21-2025429265-2111687655-725345543-500\Dc5.rar/Seagate\WINDOWS\Cookies\jon roose@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.15:C:\Documents and Settings\Carlisle Roose.MICHAEL\Application Data\Mozilla\Firefox\Profiles\v4jleiim.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.11:C:\Documents and Settings\Carlisle Roose.MICHAEL\Application Data\Mozilla\Firefox\Profiles\v4jleiim.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.12:C:\Documents and Settings\Carlisle Roose.MICHAEL\Application Data\Mozilla\Firefox\Profiles\v4jleiim.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.26:C:\Documents and Settings\Carlisle Roose.MICHAEL\Application Data\Mozilla\Firefox\Profiles\v4jleiim.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.27:C:\Documents and Settings\Carlisle Roose.MICHAEL\Application Data\Mozilla\Firefox\Profiles\v4jleiim.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.28:C:\Documents and Settings\Carlisle Roose.MICHAEL\Application Data\Mozilla\Firefox\Profiles\v4jleiim.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.29:C:\Documents and Settings\Carlisle Roose.MICHAEL\Application Data\Mozilla\Firefox\Profiles\v4jleiim.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.30:C:\Documents and Settings\Carlisle Roose.MICHAEL\Application Data\Mozilla\Firefox\Profiles\v4jleiim.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\S-1-5-21-2025429265-2111687655-725345543-500\Dc5.rar/Seagate\WINDOWS\Cookies\jon roose@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\S-1-5-21-2025429265-2111687655-725345543-500\Dc5.rar/Seagate\WINDOWS\Cookies\jon roose@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\RECYCLER\S-1-5-21-2025429265-2111687655-725345543-500\Dc4\WINDOWS\Cookies\jon roose@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\RECYCLER\S-1-5-21-2025429265-2111687655-725345543-500\Dc5.rar/Seagate\WINDOWS\Cookies\jon roose@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\RECYCLER\S-1-5-21-2025429265-2111687655-725345543-500\Dc5.rar/Seagate\WINDOWS\Cookies\jon roose@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\S-1-5-21-2025429265-2111687655-725345543-500\Dc5.rar/Seagate\WINDOWS\Cookies\jon roose@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
C:\RECYCLER\S-1-5-21-2025429265-2111687655-725345543-500\Dc5.rar/Seagate\WINDOWS\Cookies\jon roose@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\Carlisle Roose.MICHAEL\Local Settings\Temp\Cookies\carlisle roose@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.16:C:\Documents and Settings\Carlisle Roose.MICHAEL\Application Data\Mozilla\Firefox\Profiles\v4jleiim.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.17:C:\Documents and Settings\Carlisle Roose.MICHAEL\Application Data\Mozilla\Firefox\Profiles\v4jleiim.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.18:C:\Documents and Settings\Carlisle Roose.MICHAEL\Application Data\Mozilla\Firefox\Profiles\v4jleiim.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.12:C:\RECYCLER\S-1-5-21-2025429265-2111687655-725345543-500\Dc4\WINDOWS\Application Data\Mozilla\Firefox\Profiles\if8y14yy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.12:C:\RECYCLER\S-1-5-21-2025429265-2111687655-725345543-500\Dc5.rar/Seagate\WINDOWS\Application Data\Mozilla\Firefox\Profiles\if8y14yy.default\cookies.txt -> TrackingCookie.Sexcounter : Error during cleaning.
:mozilla.13:C:\RECYCLER\S-1-5-21-2025429265-2111687655-725345543-500\Dc4\WINDOWS\Application Data\Mozilla\Firefox\Profiles\if8y14yy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.13:C:\RECYCLER\S-1-5-21-2025429265-2111687655-725345543-500\Dc5.rar/Seagate\WINDOWS\Application Data\Mozilla\Firefox\Profiles\if8y14yy.default\cookies.txt -> TrackingCookie.Sexcounter : Error during cleaning.
C:\Documents and Settings\Carlisle Roose.MICHAEL\Local Settings\Temp\Cookies\carlisle roose@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.31:C:\Documents and Settings\Carlisle Roose.MICHAEL\Application Data\Mozilla\Firefox\Profiles\v4jleiim.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\RECYCLER\S-1-5-21-2025429265-2111687655-725345543-500\Dc5.rar/Seagate\WINDOWS\Cookies\jon roose@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Carlisle Roose.MICHAEL\Local Settings\Temp\Cookies\carlisle roose@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Carlisle Roose.MICHAEL\Local Settings\Temp\Cookies\carlisle roose@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\S-1-5-21-2025429265-2111687655-725345543-500\Dc5.rar/Seagate\WINDOWS\Cookies\jon roose@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\invupdate.exe -> Trojan.Imiserv.c : Cleaned.
C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld171C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1B9A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3225.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4003.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld49C9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5156.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld59CA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld70C2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7EC0.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld8F8D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld919A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld96B3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldA190.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldB69.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldBEE5.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldCB45.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldD1CE.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ldF210.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\atmclk.exe -> Trojan.Small : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : Cleaned.


::Report end


!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!



SmitFraudFix v2.70

Scan done at 23:01:49.53, Thu 07/13/2006
Run from C:\Documents and Settings\Carlisle Roose.MICHAEL\Desktop\SmitfraudFix\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"cholecyst"="{ee2975b6-e8d5-405e-8448-8fe9590f6cfb}"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\ld???.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\Documents and Settings\Carlisle Roose.MICHAEL\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyQuake2.com 2.3.lnk Deleted
C:\DOCUME~1\CARLIS~1.MIC\MYDOCU~1\FAVORI~1\Antivirus Test Online.url Deleted
C:\DOCUME~1\CARLIS~1.MIC\STARTM~1\SpyQuake2.com 2.3.lnk Deleted
C:\DOCUME~1\CARLIS~1.MIC\STARTM~1\Programs\SpyQuake2.com Deleted
C:\Program Files\Security Toolbar\ Deleted
C:\Program Files\SpyQuake2.com\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!



Logfile of HijackThis v1.99.1
Scan saved at 11:41:25 PM, on 7/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\Carlisle Roose.MICHAEL\Desktop\Peepster\hijackthis\hijackthis\HijackThis.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://C:\Program Files\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\Flash Saving Plugin\FlashSButton.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.mindleaders.com/dpec/...bs/awswaxf.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/mini...ansporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho.../yinst0401.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - https://iuware-web001.uits.indiana.e...t/iftwclix.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/11a5e73681071d3...zip/RdxIE2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://iuware-web001.uits.indiana.ed...ware/setup.exe
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?316
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

PLEASE HELP ME!!!!!!