Hey, y'all. Earlier today, I received a pop-up on my Desktop that read "Can not find script file "C:\Documents and Settings\Owner\Local Settings\Temp\.tt1.tmp.vbs". Along with this pop-up, my wallpaper went to an all-blue screen with a box of text in the middle that read as follows: "Warning! Spyware has been detected on your computer." Also, when my screen saver kicked in, I got something similar to the blue screen of death. So, in an attempt to nip this spyware in the bud, I ran a simple Ad-Aware scan, which was to no avail. The bright blue wallpaper still stood in defiance over me. After a Spybot Search & Destroy, I yet again had no luck in defeating this nasty little bug. I then resorted to the good 'ol trusty generic cleanup combo of ATF-Cleaner, SUPERAntiSpyware Full System Scan, and a HijackThis scan. After the completion of my generic cleanup, the box of text on the blue wallpaper went away. However, my wallpaper is still nothing but a bright blue hue, and it is still unchangeable. Perhaps my computer caught that nasty Malware that's been floating around? Any help on this matter would be greatly appreciated. Here's the logfiles of the SUPERAntiSpyware scan and the HJT scan (in respective order): ------------------------------------ SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 07/26/2008 at 04:13 PM Application Version : 4.15.1000 Core Rules Database Version : 3517 Trace Rules Database Version: 1507 Scan type : Complete Scan Total Scan Time : 02:35:11 Memory items scanned : 175 Memory threats detected : 0 Registry items scanned : 5827 Registry threats detected : 34 File items scanned : 83508 File threats detected : 177 Rogue.Dropper/Gen [lphcjmsj0egdp] C:\WINDOWS\SYSTEM32\LPHCJMSJ0EGDP.EXE C:\WINDOWS\SYSTEM32\LPHCJMSJ0EGDP.EXE Adware.Tracking Cookie c:\documents and settings\owner\cookies\owner@hurricanedigitalmedia[1].txt c:\documents and settings\owner\cookies\owner@a.websponsors[2].txt c:\documents and settings\owner\cookies\owner@adopt.hbmediapro[2].txt c:\documents and settings\owner\cookies\owner@please[1].txt c:\documents and settings\owner\cookies\owner@ad.echangnet[2].txt c:\documents and settings\owner\cookies\owner@network[1].txt c:\documents and settings\owner\cookies\owner@roiservice[2].txt c:\documents and settings\owner\cookies\owner@search.prositefinder[2].txt c:\documents and settings\owner\cookies\owner@admarketplace[2].txt c:\documents and settings\owner\cookies\owner@69553378[1].txt c:\documents and settings\owner\cookies\owner@adecn[1].txt c:\documents and settings\owner\cookies\owner@bs.serving-sys[1].txt c:\documents and settings\owner\cookies\owner@media.adrevolver[3].txt c:\documents and settings\owner\cookies\owner@www.googleadservices[3].txt c:\documents and settings\owner\cookies\owner@kanoodle[1].txt c:\documents and settings\owner\cookies\owner@dist.belnk[1].txt c:\documents and settings\owner\cookies\owner@e-2dj6whk4ojcpmdo.stats.esomniture[2].txt c:\documents and settings\owner\cookies\owner@try.starware[3].txt c:\documents and settings\owner\cookies\owner@adcache.trucktraderonline[2].txt c:\documents and settings\owner\cookies\owner@e-2dj6wflockdpsdo.stats.esomniture[2].txt c:\documents and settings\owner\cookies\owner@microsofteup.112.2o7[1].txt c:\documents and settings\owner\cookies\owner@stats1.reliablestats[2].txt c:\documents and settings\owner\cookies\owner@e-2dj6wjkyqidzkap.stats.esomniture[2].txt c:\documents and settings\owner\cookies\owner@bannerspace[1].txt c:\documents and settings\owner\cookies\owner@e-2dj6whk4kkdzgeq.stats.esomniture[2].txt c:\documents and settings\owner\cookies\owner@servlet[1].txt c:\documents and settings\owner\cookies\owner@lp.zango[1].txt c:\documents and settings\owner\cookies\owner@icc.intellisrv[2].txt c:\documents and settings\owner\cookies\owner@buytelco.directtrack[2].txt c:\documents and settings\owner\cookies\owner@ads.mobiledia[2].txt c:\documents and settings\owner\cookies\owner@tacoda[1].txt c:\documents and settings\owner\cookies\owner@e-2dj6wjkygpczmep.stats.esomniture[2].txt c:\documents and settings\owner\cookies\owner@sales.liveperson[1].txt c:\documents and settings\owner\cookies\owner@nbads[2].txt c:\documents and settings\owner\cookies\owner@account.netzero[1].txt c:\documents and settings\owner\cookies\owner@emarketmakers[2].txt c:\documents and settings\owner\cookies\owner@gateway[1].txt c:\documents and settings\owner\cookies\owner@ads.monster[1].txt c:\documents and settings\owner\cookies\owner@ads.traderonline[1].txt c:\documents and settings\owner\cookies\owner@partypoker[2].txt c:\documents and settings\owner\cookies\owner@yadro[2].txt c:\documents and settings\owner\cookies\owner@www.googleadservices[4].txt c:\documents and settings\owner\cookies\owner@qnsr[2].txt c:\documents and settings\owner\cookies\owner@e-2dj6wjnygldpwbp.stats.esomniture[2].txt c:\documents and settings\owner\cookies\owner@38262[1].txt c:\documents and settings\owner\cookies\owner@adlegend[2].txt c:\documents and settings\owner\cookies\owner@microsoftwlspacesmkt.112.2o7[1].txt c:\documents and settings\owner\cookies\owner@stat.dealtime[1].txt c:\documents and settings\owner\cookies\owner@e-2dj6wfloqodzmeq.stats.esomniture[2].txt c:\documents and settings\owner\cookies\owner@ath.belnk[1].txt c:\documents and settings\owner\cookies\owner@interclick[2].txt c:\documents and settings\owner\cookies\owner@jokes[1].txt c:\documents and settings\owner\cookies\owner@www.burstbeacon[1].txt c:\documents and settings\owner\cookies\owner@buycom.122.2o7[1].txt c:\documents and settings\owner\cookies\owner@indextools[1].txt c:\documents and settings\owner\cookies\owner@collective-media[2].txt c:\documents and settings\owner\cookies\owner@gateway[2].txt c:\documents and settings\owner\cookies\owner@ads.realtechnetwork[2].txt c:\documents and settings\owner\cookies\owner@e-2dj6wfkosmajkfo.stats.esomniture[1].txt c:\documents and settings\owner\cookies\owner@insightexpressai[2].txt c:\documents and settings\owner\cookies\owner@lynxtrack[1].txt c:\documents and settings\owner\cookies\owner@smileycentral[2].txt c:\documents and settings\owner\cookies\owner@creativeby.viewpoint[1].txt c:\documents and settings\owner\cookies\owner@winfixer[2].txt c:\documents and settings\owner\cookies\owner@msnportal.112.2o7[1].txt c:\documents and settings\owner\cookies\owner@nextag[1].txt c:\documents and settings\owner\cookies\owner@clicks.emarketmakers[1].txt c:\documents and settings\owner\cookies\owner@e-2dj6wjlikgazwbo.stats.esomniture[2].txt c:\documents and settings\owner\cookies\owner@adopt.specificclick[1].txt c:\documents and settings\owner\cookies\owner@belnk[2].txt c:\documents and settings\owner\cookies\owner@burstnet[1].txt c:\documents and settings\owner\cookies\owner@adopt.euroclick[2].txt c:\documents and settings\owner\cookies\owner@media.adrevolver[2].txt c:\documents and settings\owner\cookies\owner@precisionclick[1].txt c:\documents and settings\owner\cookies\owner@adrevolver[2].txt c:\documents and settings\owner\cookies\owner@ads.pointroll[1].txt c:\documents and settings\owner\cookies\owner@scholastic.122.2o7[1].txt c:\documents and settings\owner\cookies\owner@adknowledge[2].txt c:\documents and settings\owner\cookies\owner@cts.metricsdirect[1].txt c:\documents and settings\owner\cookies\owner@ads.cc214142[2].txt c:\documents and settings\owner\cookies\owner@atwola[1].txt c:\documents and settings\owner\cookies\owner@partner2profit[1].txt c:\documents and settings\owner\cookies\owner@38266[1].txt c:\documents and settings\owner\cookies\owner@entrepreneur.122.2o7[1].txt c:\documents and settings\owner\cookies\owner@homestore.122.2o7[1].txt c:\documents and settings\owner\cookies\owner@counter.cnw[1].txt c:\documents and settings\owner\cookies\owner@ad.yieldmanager[1].txt c:\documents and settings\owner\cookies\owner@regalinteractive[2].txt c:\documents and settings\owner\cookies\owner@serving-sys[2].txt c:\documents and settings\owner\cookies\owner@mb[2].txt c:\documents and settings\owner\cookies\owner@superstats[1].txt c:\documents and settings\owner\cookies\owner@ad.tbn[1].txt c:\documents and settings\owner\cookies\owner@e-2dj6wfmyokdjkeq.stats.esomniture[2].txt c:\documents and settings\owner\cookies\owner@meetupcom.122.2o7[1].txt c:\documents and settings\owner\cookies\owner@imrworldwide[2].txt c:\documents and settings\owner\cookies\owner@ads.cnn[1].txt c:\documents and settings\owner\cookies\owner@e-2dj6wfk4qgdpmkp.stats.esomniture[2].txt c:\documents and settings\owner\cookies\owner@yieldmanager[1].txt c:\documents and settings\owner\cookies\owner@ads.adbrite[1].txt c:\documents and settings\owner\cookies\owner@kontera[1].txt c:\documents and settings\owner\cookies\owner@partygaming.122.2o7[1].txt c:\documents and settings\owner\cookies\owner@list[1].txt c:\documents and settings\owner\cookies\owner@bluegrasscountry[1].txt c:\documents and settings\owner\cookies\owner@engine.adnet[2].txt c:\documents and settings\owner\cookies\owner@data3.perf.overture[1].txt c:\documents and settings\owner\cookies\owner@h.starware[1].txt c:\documents and settings\owner\cookies\owner@e-2dj6wjkockazkco.stats.esomniture[2].txt c:\documents and settings\owner\cookies\owner@amlocalhost.trymedia[2].txt c:\documents and settings\owner\cookies\owner@ads.revsci[1].txt c:\documents and settings\owner\cookies\owner@data2.perf.overture[2].txt c:\documents and settings\owner\cookies\owner@clicksor[1].txt c:\documents and settings\owner\cookies\owner@kmpads[1].txt c:\documents and settings\owner\cookies\owner@clickshapers[1].txt c:\documents and settings\owner\cookies\owner@forumfind[1].txt c:\documents and settings\owner\cookies\owner@ads.belointeractive[1].txt c:\documents and settings\owner\cookies\owner@northwestairlines.112.2o7[1].txt c:\documents and settings\owner\cookies\owner@apmebf[1].txt c:\documents and settings\owner\cookies\owner@ad.text.tbn[2].txt c:\documents and settings\owner\cookies\owner@www.googleadservices[2].txt c:\documents and settings\owner\cookies\owner@e-2dj6wjlocjazalo.stats.esomniture[2].txt c:\documents and settings\owner\cookies\owner@cpvfeed[1].txt c:\documents and settings\owner\cookies\owner@www.googleadservices[1].txt c:\documents and settings\owner\cookies\owner@dcsi583rp10000oevcqz9y4us_6l6d[1].txt c:\documents and settings\owner\cookies\owner@homeloancenter[1].txt c:\documents and settings\owner\cookies\owner@revsci[1].txt c:\documents and settings\owner\cookies\owner@73403369[1].txt c:\documents and settings\owner\cookies\owner@e-2dj6wjkyelczmcp.stats.esomniture[2].txt c:\documents and settings\owner\cookies\owner@zscript[1].txt c:\documents and settings\owner\cookies\owner@cbs.112.2o7[1].txt c:\documents and settings\owner\cookies\owner@e-2dj6wjloumcpceo.stats.esomniture[2].txt c:\documents and settings\owner\cookies\owner@adbrite[2].txt c:\documents and settings\owner\cookies\owner@75701581[1].txt c:\documents and settings\owner\cookies\owner@rambler[1].txt c:\documents and settings\owner\cookies\owner@microsoftwlmessengermkt.112.2o7[1].txt c:\documents and settings\owner\cookies\owner@3.adbrite[1].txt c:\documents and settings\owner\cookies\owner@74613876[2].txt c:\documents and settings\owner\cookies\owner@cnn.122.2o7[1].txt c:\documents and settings\owner\cookies\owner@www.collegetraditions[1].txt c:\documents and settings\owner\cookies\owner@aclickawayremotes[2].txt c:\documents and settings\owner\cookies\owner@60153518[1].txt c:\documents and settings\owner\cookies\owner@e-2dj6wjnyqhazwlq.stats.esomniture[2].txt c:\documents and settings\owner\cookies\owner@www.googleadservices[5].txt c:\documents and settings\owner\cookies\owner@try.starware[1].txt c:\documents and settings\owner\cookies\owner@anad.tacoda[2].txt c:\documents and settings\owner\cookies\owner@data4.perf.overture[2].txt c:\documents and settings\owner\cookies\owner@perf.overture[1].txt c:\documents and settings\owner\cookies\owner@insightfirst[1].txt c:\documents and settings\owner\cookies\owner@embarq.112.2o7[1].txt c:\documents and settings\owner\cookies\owner@ad.100.tbn[1].txt c:\documents and settings\owner\cookies\owner@e-2dj6wjmyulcjseo.stats.esomniture[2].txt c:\documents and settings\owner\cookies\owner@media.wii.ign[1].txt c:\documents and settings\owner\cookies\owner@specificclick[2].txt c:\documents and settings\owner\cookies\owner@eyewonder[1].txt c:\documents and settings\owner\cookies\owner@www.homeloancenter[2].txt c:\documents and settings\owner\cookies\owner@synacor.112.2o7[1].txt c:\documents and settings\owner\cookies\owner@ads.expedia[1].txt c:\documents and settings\owner\cookies\owner@ads.owen-media-store[1].txt C:\Documents and Settings\Owner\Cookies\owner@Ad-Aware-SE-Personal-Edition[1].txt Adware.180solutions/Search Assistant HKCR\MediaGateway.Installer HKCR\MediaGateway.Installer\CLSID HKCR\MediaGateway.Installer\CurVer HKCR\MediaGatewayX.Installer HKCR\MediaGatewayX.Installer\CLSID HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll#.Owner HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll#{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} Adware.Avenue Media/Internet Optimizer HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\AMeOpt HKU\S-1-5-21-1060284298-484763869-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks#_{CFBFAE00-17A6-11D0-99CB-00C04FD64497} Rogue.AntiSpywareExpert HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC\0000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc#Type HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc#Start HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc#ObjectName HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc#Opt HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc\security HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc\security#Security HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc\Enum HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\CbEvtSvc\Enum#NextInstance Trojan.Unknown Origin C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\AQ5P2SGB\INSTALL[1].EXE C:\WINDOWS\SYSTEM32\PHCJMSJ0EGDP.BMP C:\WINDOWS\U1O5M8EN.EXE Adware.Media Gateway C:\PROGRAM FILES\MEDIA GATEWAY\MEDIAGATEWAY.EXE Adware.ClearSearch C:\PROGRAM FILES\PROSITEFINDER\FT9WRR63.DLL C:\PROGRAM FILES\PROSITEFINDER\FWX3ZJKJ.DLL C:\PROGRAM FILES\PROSITEFINDER\K0XSR8RS.DLL C:\PROGRAM FILES\PROSITEFINDER\PROSITEFINDER1\PROSITEFINDER1.DLL C:\PROGRAM FILES\PROSITEFINDER\PROSITEFINDER1\PROSITEFINDER1.EXE C:\PROGRAM FILES\PROSITEFINDER\UNINSTALL.EXE C:\PROGRAM FILES\PROSITEFINDER\XBVI6XRV.DLL Trojan.NewDotNet-Installer C:\PROGRAM FILES\THEMEXP\NNWDAB638.EXE Trojan.NewDotNet C:\WINDOWS\NDNUNINSTALL6_38.EXE C:\WINDOWS\NDNUNINSTALL7_48.EXE NotHarmful.Sysinternals Bluescreen Screen Saver C:\WINDOWS\SYSTEM32\BLPHCJMSJ0EGDP.SCR Trojan.Unclassified/CBEvtSvc C:\WINDOWS\SYSTEM32\CBEVTSVC.EXE C:\WINDOWS\Prefetch\CBEVTSVC.EXE-2F4C36CD.pf Rootkit.DF_KMD C:\WINDOWS\SYSTEM32\DRIVERS\DF_KMD.SYS ------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:54:16 PM, on 7/26/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\n7vcocia.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\DynDNS Updater\DynUpPs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Greetings Workshop\GWREMIND.EXE C:\WINDOWS\system32\dns\bin\named.exe C:\Program Files\DynDNS Updater\DynTray.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myembarq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost;*.local R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\Embarq TotalAccess\ElnIE.dll R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: ElnkBhoGuard Class - {00000000-0000-0000-0000-000000000002} - C:\Program Files\Embarq TotalAccess\Toolbar\EScamBlk.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\Embarq TotalAccess\Toolbar\EScamBlk.dll O2 - BHO: ElnkPubBHO Class - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\Embarq TotalAccess\Toolbar\ElnkPuB.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Embarq TotalAccess\Accelerator\prpl_IePopupBlocker.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ElnkProtectionBHO Class - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\Embarq TotalAccess\Toolbar\ProtctIE.dll O2 - BHO: ElnkLegacyUninstBHO Class - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\Embarq TotalAccess\Toolbar\uninsttb.dll O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\Embarq TotalAccess\Toolbar\Toolbar.dll O4 - HKLM\..\Run: [n7vcocia] C:\WINDOWS\system32\n7vcocia.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe O4 - Global Startup: DynDNS Updater.lnk = C:\Program Files\DynDNS Updater\DynUpPs.exe O4 - Global Startup: Virtual Assistant.lnk = C:\Program Files\Virtual Assistant\bin\matcli.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\Embarq TotalAccess\Toolbar\SearchUI.dll/search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c11.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1115583480609 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing) O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: twdns - Unknown owner - C:\WINDOWS\system32\dns\bin\named.exe -- End of file - 9864 bytes
um i suck with hi jack this logs but you can check this site out it can help you decide what to delete http://hjt.networktechs.com/
