OK Sam I've got some logs for you.
Here is the VundoFix log.
VundoFix V6.3.20
Checking Java version...
Scan started at 7:03:56 PM 4/28/2007
Listing files found while scanning....
C:\Windows\system32\cctgiovy.dll
C:\Windows\system32\ddccyxv.dll
C:\Windows\System32\iifcdca.dll
Beginning removal...
VundoFix V6.3.20
Checking Java version...
Scan started at 12:07:00 PM 4/29/2007
Listing files found while scanning....
C:\Windows\system32\cctgiovy.dll
C:\Windows\system32\ddccyxv.dll
C:\Windows\System32\iifcdca.dll
Beginning removal...
VundoFix V6.3.20
Checking Java version...
Scan started at 3:48:30 PM 4/29/2007
Listing files found while scanning....
No infected files were found.
VundoFix V6.3.20
Checking Java version...
Scan started at 4:07:26 PM 4/29/2007
Listing files found while scanning....
VundoFix V6.3.21
Checking Java version...
Scan started at 9:49:49 AM 5/1/2007
Listing files found while scanning....
C:\Windows\system32\ddccyxv.dll
Beginning removal...
Now the OTMoveit....
File/Folder C:\Windows\system32\vyadd.bak1 not found.
C:\Windows\system32\kjsdhdtj.dll unregistered successfully.
File move failed. C:\Windows\system32\kjsdhdtj.dll scheduled to be moved on reboot.
File/Folder C:\Windows\system32\stvwa.bak1 not found.
Created on 05/01/2007 09:31:25
And last the HijackThis Log.
Deckard's System Scanner v20070426.43
Run by Joe on 2007-05-01 at 10:23:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Joe.exe) -------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:23:23 AM, on 5/1/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SpywareDetector\SDSystemTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
D:\Users\Joe\Desktop\dss.exe
D:\Users\Joe\Desktop\HIJACK~1\Joe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.c...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://us.rd.yahoo.c...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.c...//www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.c...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {36E77F70-0C24-4156-9E0C-356577F51A31} - C:\Windows\system32\kjsdhdtj.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6C622D52-0612-414B-A063-105A614D396F} - C:\Windows\system32\ddccyxv.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SD_Tips] iexplore
http://www.spywarede.../tips_vista.htmO4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) -
http://www.trendsecu...vex/TmHcmsX.CABO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitd...can8/oscan8.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: SDNotify - C:\Program Files\SpywareDetector\SDNotify.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
-- Files created between 2007-04-01 and 2007-05-01 -----------------------------
2007-04-29 22:52:54 0 d-------- C:\Program Files\ieSpell
2007-04-29 02:28:01 24576 --a------ C:\Windows\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2007-04-28 19:03:56 0 d-------- C:\VundoFix Backups
2007-04-28 17:05:44 0 d-------- C:\Program Files\Microsoft Works
2007-04-28 17:00:00 0 d-------- C:\Program Files\Microsoft.NET
2007-04-28 16:41:50 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-04-28 16:39:36 0 d-------- C:\Users\All Users\Microsoft Help
2007-04-28 16:36:14 0 dr-h----- C:\MSOCache
2007-04-28 16:30:07 0 d-------- C:\Users\All Users\Office Genuine Advantage
2007-04-17 23:46:43 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2007-04-17 23:46:37 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-04-17 08:58:54 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-04-17 08:58:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-16 00:43:46 63 --a------ C:\Windows\system\SysSD.dll
2007-04-16 00:43:19 1011712 --a------ C:\Windows\system32\VchReg.dll <Not Verified; Max Secure Software; Voucher Registration>
2007-04-16 00:43:19 270336 --a------ C:\Windows\system32\CheckDll.dll <Not Verified; Max Secure Software; Spyware Detector>
2007-04-16 00:43:17 0 d-------- C:\Program Files\SpywareDetector
2007-04-15 20:31:12 0 d-------- C:\Program Files\Lavasoft
2007-04-15 14:54:33 0 d-------- C:\Users\Joe\.housecall6.6
2007-04-15 14:44:42 0 d-------- C:\Users\All Users\CA
2007-04-15 14:44:31 0 d-------- C:\Program Files\Common Files\Scanner
2007-04-15 13:57:45 996 --a------ C:\Windows\system32\BlockedCookies
2007-04-15 13:51:31 86016 --a------ C:\Windows\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2007-04-15 13:50:01 0 d-------- C:\Program Files\PrvDef4.0
2007-04-15 10:22:56 0 d-------- C:\Windows\BDOSCAN8
2007-04-13 22:17:16 125460 --a------ C:\Windows\system32\kjsdhdtj.dll
2007-04-10 14:06:39 0 dr------- C:\Users\Joe\Documents
2007-04-10 14:05:41 0 d-------- C:\Users\All Users\Adobe
2007-04-10 14:05:23 0 d-------- C:\Program Files\Common Files\Adobe
2007-04-06 11:58:35 1168 --a------ C:\Windows\mozver.dat
2007-04-06 11:55:36 0 --a------ C:\Windows\nsreg.dat
2007-04-05 16:02:18 0 d-------- C:\Windows\Sun
2007-04-03 19:08:13 0 d-------- C:\Users\Public\Application Data
2007-04-03 18:50:33 0 d-------- C:\Users\All Users\Yahoo! Companion
2007-04-03 18:49:56 0 d-------- C:\Windows\system32\Macromed
2007-04-03 18:49:09 0 d-------- C:\Users\All Users\yahoo!
2007-04-03 18:46:18 0 d-------- C:\Program Files\MSN Messenger
2007-04-03 18:44:14 0 d-------- C:\Program Files\Yahoo!
2007-04-03 18:35:54 2936832 --a------ C:\Windows\system32\MA2_6.scr
2007-04-03 18:16:09 0 d-------- C:\Program Files\Java
2007-04-03 18:15:53 0 d-------- C:\Program Files\Common Files\Java
2007-04-03 18:14:55 0 d-------- C:\Users\All Users\DVD Shrink
2007-04-03 18:14:54 0 d-------- C:\Users\Joe\Desktop
2007-04-03 18:14:51 0 d-------- C:\Program Files\DVD Shrink
2007-04-03 17:47:26 212480 --a------ C:\Windows\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2007-04-03 17:47:26 0 d-------- C:\Program Files\ArcSoft
2007-04-03 17:46:37 0 d-------- C:\Users\All Users\EPSON
2007-04-03 17:43:52 495616 --a------ C:\Windows\system32\PICSDK2.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2007-04-03 17:43:52 73728 --a------ C:\Windows\system32\PICSDK.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2007-04-03 17:43:52 77824 --a------ C:\Windows\system32\PICEntry.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2007-04-03 17:43:51 45056 --a------ C:\Windows\system32\EpPicPrt.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2007-04-03 17:43:51 73220 --a------ C:\Windows\system32\EPPICPrinterDB.dat
2007-04-03 17:43:51 1140 --a------ C:\Windows\system32\EPPICPresetData_PT.dat
2007-04-03 17:43:51 1130 --a------ C:\Windows\system32\EPPICPresetData_FR.dat
2007-04-03 17:43:51 1137 --a------ C:\Windows\system32\EPPICPresetData_ES.dat
2007-04-03 17:43:51 1104 --a------ C:\Windows\system32\EPPICPresetData_EN.dat
2007-04-03 17:43:51 1130 --a------ C:\Windows\system32\EPPICPresetData_CF.dat
2007-04-03 17:43:51 1140 --a------ C:\Windows\system32\EPPICPresetData_BP.dat
2007-04-03 17:43:51 4943 --a------ C:\Windows\system32\EPPICPattern6.dat
2007-04-03 17:43:51 15670 --a------ C:\Windows\system32\EPPICPattern5.dat
2007-04-03 17:43:51 10673 --a------ C:\Windows\system32\EPPICPattern4.dat
2007-04-03 17:43:51 21021 --a------ C:\Windows\system32\EPPICPattern3.dat
2007-04-03 17:43:51 13280 --a------ C:\Windows\system32\EPPICPattern2.dat
2007-04-03 17:43:49 31053 --a------ C:\Windows\system32\EPPICPattern131.dat
2007-04-03 17:43:49 27417 --a------ C:\Windows\system32\EPPICPattern121.dat
2007-04-03 17:43:49 29114 --a------ C:\Windows\system32\EPPICPattern1.dat
2007-04-03 17:43:49 45056 --a------ C:\Windows\system32\EpPicMgr.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2007-04-03 17:42:43 0 d-------- C:\epson
2007-04-03 17:32:08 0 d-------- C:\Program Files\epson
2007-04-03 17:17:05 22768 --a------ C:\Windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2007-04-03 15:50:49 0 d-------- C:\Windows\Panther
2007-04-03 15:50:32 0 d--hs---- C:\Boot
2007-04-03 15:20:59 0 d-------- C:\Program Files\Avanquest update
2007-04-03 15:19:40 0 d-------- C:\Users\All Users\BVRP Software
2007-04-03 15:19:40 0 d-------- C:\Program Files\Motorola Phone Tools
2007-04-03 15:19:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-03 15:17:05 0 d-------- C:\Program Files\Common Files\InstallShield
2007-04-03 14:58:29 0 d------c- C:\Windows\system32\DRVSTORE
2007-04-03 14:58:15 0 d-------- C:\Program Files\MSXML 4.0
2007-04-03 14:55:54 0 d-------- C:\Windows\SoftwareDistribution
2007-04-03 14:54:11 0 d-------- C:\Windows\Debug
2007-04-03 14:51:47 0 d-------- C:\Windows\Prefetch
2007-04-03 14:51:33 0 d--hs---- C:\System Volume Information
2007-04-03 14:45:05 12 --a------ C:\Windows\bthservsdp.dat
2007-04-03 14:39:49 0 d-------- C:\Program Files\Microsoft IntelliType Pro
2007-04-03 14:35:24 0 d-------- C:\Windows\PCHEALTH
2007-04-03 14:35:19 0 d--hs---- C:\Windows\Installer
2007-04-03 14:26:57 0 -rahs---- C:\MSDOS.SYS
2007-04-03 14:26:57 0 -rahs---- C:\IO.SYS
2007-04-03 14:02:33 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-04-03 13:08:50 0 d--hs---- C:\Users\Joe\Templates
2007-04-03 13:08:50 0 d--hs---- C:\Users\Joe\Start Menu
2007-04-03 13:08:50 0 d--hs---- C:\Users\Joe\SendTo
2007-04-03 13:08:50 0 d--hs---- C:\Users\Joe\Recent
2007-04-03 13:08:50 0 d--hs---- C:\Users\Joe\PrintHood
2007-04-03 13:08:50 0 d--hs---- C:\Users\Joe\NetHood
2007-04-03 13:08:50 0 d--hs---- C:\Users\Joe\My Documents
2007-04-03 13:08:50 0 d--hs---- C:\Users\Joe\Local Settings
2007-04-03 13:08:50 0 d--hs---- C:\Users\Joe\Cookies
2007-04-03 13:08:50 0 d--hs---- C:\Users\Joe\Application Data
2007-04-03 13:08:48 2359296 --ahs---- C:\Users\Joe\NTUSER.DAT
2007-04-03 13:08:48 0 d--h----- C:\Users\Joe\AppData
-- Find3M Report ---------------------------------------------------------------
2007-04-29 22:53:35 0 d-------- C:\Users\Joe\AppData\Roaming\ieSpell
2007-04-28 17:04:28 0 d-------- C:\Program Files\MSBuild
2007-04-17 23:46:37 0 d-------- C:\Users\Joe\AppData\Roaming\SUPERAntiSpyware.com
2007-04-12 08:10:36 0 d-------- C:\Program Files\Windows Defender
2007-04-12 07:49:56 0 d-------- C:\Program Files\Windows Mail
2007-04-10 14:30:44 0 d-------- C:\Users\Joe\AppData\Roaming\Adobe
2007-04-08 16:48:14 0 d-------- C:\Users\Joe\AppData\Roaming\ArcSoft
2007-04-08 13:37:45 0 d-------- C:\Users\Joe\AppData\Roaming\LimeWire
2007-04-06 14:06:49 0 d-------- C:\Users\Joe\AppData\Roaming\Macromedia
2007-04-06 11:56:06 0 d-------- C:\Users\Joe\AppData\Roaming\Talkback
2007-04-06 11:55:29 0 d-------- C:\Users\Joe\AppData\Roaming\Mozilla
2007-04-03 19:08:14 0 d-------- C:\Users\Joe\AppData\Roaming\Vso
2007-04-03 19:08:14 34 --a------ C:\Users\Joe\AppData\Roaming\pcouffin.log
2007-04-03 19:07:30 7824 --a------ C:\Users\Joe\AppData\Roaming\pcouffin.cat
2007-04-03 19:05:01 0 d-------- C:\Users\Joe\AppData\Roaming\yahoo!
2007-04-03 18:19:40 0 d-------- C:\Users\Joe\AppData\Roaming\ImgBurn
2007-04-03 15:32:37 0 d-------- C:\Users\Joe\AppData\Roaming\InstallShield
2007-04-03 14:57:49 262 --a------ C:\Users\Joe\AppData\Roaming\WinssCookie.txt
2007-04-03 13:09:26 0 d-------- C:\Users\Joe\AppData\Roaming\Identities
-- Registry Dump ---------------------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
{36E77F70-0C24-4156-9E0C-356577F51A31} C:\Windows\system32\kjsdhdtj.dll
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} C:\Program Files\Yahoo!\Common\yiesrvc.dll
{6C622D52-0612-414B-A063-105A614D396F} C:\Windows\system32\ddccyxv.dll [x]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"itype"="\"C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe\""
"OneCareUI"="\"C:\\Program Files\\Microsoft Windows OneCare Live\\winssnotify.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"SD_Tips"="iexplore [url="http://www.spywaredetector.net/tips_vista.htm""]http://www.spywaredetector.net/tips_vista.htm"[/url]
"SystemTraySD"="C:\\Program Files\\SpywareDetector\\SDSystemTray.exe -AUTO"
"SDAutoLiveupdate"="C:\\Program Files\\SpywareDetector\\LiveUpdateSD.exe -AUTO"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe"
"YSearchProtection"="C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000000
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"scforceoption"=dword:00000000
"FilterAdministratorToken"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6C622D52-0612-414B-A063-105A614D396F}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="credssp.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Notification Packages REG_MULTI_SZ scecli\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0tspkg\0\0
Authentication Packages REG_MULTI_SZ msv1_0\0\0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AppInfo
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\KeyIso
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\NTDS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\OneCareMP
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ProfSvc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SWPRV
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TabletInputService
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TBS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TrustedInstaller
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgr.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgrx.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ nsi\0lltdsvc\0SSDPSRV\0upnphost\0SCardSvr\0w32time\0EventSystem\0RemoteRegistry\0WinHttpAutoProxySvc\0lanmanworkstation\0TBS\0SLUINotify\0THREADORDER\0fdrespub\0netprofm\0fdphost\0wcncsvc\0QWAVE\0Mcx2Svc\0WebClient\0\0
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv\0UxSms\0WdiSystemHost\0Netman\0trkwks\0AudioEndpointBuilder\0WUDFSvc\0irmon\0sysmain\0IPBusEnum\0dot3svc\0PcaSvc\0EMDMgmt\0TabletInputService\0wlansvc\0WPDBusEnum\0\0
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent\0\0
LocalServiceNoNetwork REG_MULTI_SZ PLA\0DPS\0BFE\0mpssvc\0ehstart\0\0
NetworkService REG_MULTI_SZ CryptSvc\0DHCP\0TermService\0KtmRm\0DNSCache\0NapAgent\0nlasvc\0WinRM\0WECSVC\0Tapisrv\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WerSvcGroup REG_MULTI_SZ wersvc\0\0
swprv REG_MULTI_SZ swprv\0\0
LocalServiceNetworkRestricted REG_MULTI_SZ DHCP\0eventlog\0AudioSrv\0LmHosts\0wscsvc\0p2pimsvc\0PNRPSvc\0p2psvc\0WPCSvc\0PnrpAutoReg\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
regsvc REG_MULTI_SZ RemoteRegistry\0\0
wcssvc REG_MULTI_SZ WcsPlugInService\0\0
DcomLaunch REG_MULTI_SZ PlugPlay\0DcomLaunch\0\0
wdisvc REG_MULTI_SZ WdiServiceHost\0\0
sdrsvc REG_MULTI_SZ sdrsvc\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
secsvcs REG_MULTI_SZ WinDefend\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
WindowsMobile REG_MULTI_SZ wcescomm\0rapimgr\0\0
LocalServiceRestricted REG_MULTI_SZ WcesComm\0RapiMgr\0\0
hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
AeLookupSvc
wercplsupport
CertPropSvc
SCPolicySvc
gpsvc
IKEEXT
LogonHours
PCAudit
iphlpsvc
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
SessionEnv
hkmsvc
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6687acd-e21c-11db-99e3-806e6f6e6963}]
shell\AutoRun\command F:\autorun.exe
-- End of Deckard's System Scanner: finished at 2007-05-01 at 10:23:55 ---------
and my searches are still being hijacked to the yahabags/homepage crap. It,s not quite there yet.