[Americano]

Hi, first of all thanks for this forum, I sorted out my PC last year as a result of following your detailed instructions and I never even needed to post a HiJackThis log.

Now I am helping my friend and have followed the instructions, AVG, ATI, VUndoFix, Panda scan and already loads of stuff has been disinfected from her machine.

I have got to the end of the steps and there is still one problem in that a window keeps popping up with CiD and then a website such as www.888.com.

Also when I close the PC an error pops up, unable to close c:\~~\WAITGR~~.exe and then when I OK that a box opens up giving the option to terminate iexplore.exe. I don't know if this is connected to the CiD problem.

I have searched on Geeks to Go and there is a topic about CiD pop ups that requested a DSS scan so I am going to post that too.

Thanks in advance

Claire

HiJackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:40, on 06/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\BT Total Broadband 220V\Help\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.client...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.client...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer Provided by Wanadoo
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\system32\WSBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: (no name) - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\matthew\LOCALS~1\Temp\{570A1544-AC80-4120-8EE2-58498F90B84D}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [popeq] C:\DOCUME~1\matthew\APPLIC~1\THIRDF~1\waitgreat.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Total Broadband 220V\Help\bin\matcli.exe
O4 - Global Startup: FreeventsSchedule.lnk = C:\Freevents\FreeventsSchedule.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrad...raderMediaX.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Print Spooler Service (erpfqo6fuearuo) - Unknown owner - C:\WINDOWS\system32\cmdbkyhrsfxi.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: sgbx_device - Sagem - C:\WINDOWS\system32\sgbxcoms.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11438 bytes


Uninstall_list.txt

Adobe Flash Player 9
Adobe Reader 7.0.9
Adobe Shockwave Player
Agere Systems PCI Soft Modem
AOL Coach Version 1.0(Build:20040229.1 uk)
AOL Spyware Protection
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
BT Broadband Help
BT Broadband Talk Softphone 3.1
BT Home Hub
BT Home Hub USB Installer
BT Wireless Connection Manager
BT Yahoo! Applications
Companion Suite IH
Cypress USB Mass Storage Driver Installation
DivX
DivX Converter
DivX Converter
DivX Player
DVD Ripper Platinum 4
DVDFab Decrypter 3.0.5.0
Google Earth
HijackThis 2.0.2
Horrible Science
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895953)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Internet Access
iTunes
J2SE Runtime Environment 5.0 Update 3
KeyMaestro Input Device Driver V2.1.1-130AU MUL
Learn2 Player (Uninstall Only)
LiveUpdate 3.0 (Symantec Corporation)
Map Button (Windows Live Toolbar)
MCE Software Encoder 1.0
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator X
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Monopoly
Mozilla Firefox (2.0.0.7)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
Napster
Network Play System (Patching)
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
OCA Client history tool install
OLYMPUS CAMEDIA Master 4.0
OneCare Advisor (Windows Live Toolbar)
OneTouch
Panda Antivirus 2008
PaperPort
PC Connectivity Solution
Philips Media Manager 3.2.1.0004
Popup Blocker (Windows Live Toolbar)
Power2Go 4.0
PowerDVD
Quake 3 Arena Demo
QuickTime
Ralink Wireless LAN Card
RealPlayer
Realtek AC'97 Audio
Rhapsody Player Engine
Roll
Roxio Burn Engine
Samsung PC Studio 2.1
Samsung USB Driver (MCCI 4.24)
Screensavers Installer Version 2
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB936509)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for Publisher 2007 (KB936646)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Shockwave
SiSRaidPackage
Smart Menus (Windows Live Toolbar)
Sonic 3D
Sony Ericsson PC Suite
Sony Picture Utility
Sony USB Driver
SpeedTouch USB Software
Starware316 4.4.1.0
SUPERAntiSpyware Free Edition
Symantec KB-DocID:2003093015493306
Tarzan Action Game
The Sims 2
The Sims 2 Pets
The Sims Makin' Magic
Tomb Raider II
Tonka Raceway
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 (KB937608)
Update for Outlook 2007 Junk Email Filter (kb943597)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Word 2007 (KB934173)
Update Rollup 2 for Windows XP Media Center Edition 2005
USB Storage Adapter FX (SM1)
Viewpoint Media Player
Wanadoo Search Toolbar
Who Wants To Be A Millionaire Cereal Demo One
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885295
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890546
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Zoo Tycoon 2

From DSS scan

Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.40GHz
CPU 1: Intel® Pentium® 4 CPU 3.40GHz
Percentage of Memory in Use: 31%
Physical Memory (total/avail): 2047.48 MiB / 1400.47 MiB
Pagefile Memory (total/avail): 3942.52 MiB / 3418.97 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1889.44 MiB

C: is Fixed (NTFS) - 271.73 GiB total, 120.46 GiB free.
D: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6L300S0 - 279.47 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 271.73 GiB - C:
\PARTITION1 - Unknown - 4.75 GiB

\\.\PHYSICALDRIVE1 - Generic CF Reader USB Device

\\.\PHYSICALDRIVE2 - Generic SM/SD/MS Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
AV: Panda Antivirus 2008 v3.00.00 (Panda Security) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL 9.0a"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Philips\\Media Manager\\Philips Media Manager.exe"="C:\\Program Files\\Philips\\Media Manager\\Philips Media Manager.exe:*:Enabled:Philips Media Manager"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL 9.0a"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"="C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"="C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe:*:Disabled:Yahoo! Browser"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Q3Ademo\\quake3.exe"="C:\\Q3Ademo\\quake3.exe:*:Enabled:quake3"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\sgbxcoms.exe"="C:\\WINDOWS\\system32\\sgbxcoms.exe:*:Disabled:Crystal Server"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\matthew\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-644E19B0BC
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\matthew
LOGONSERVER=\\YOUR-644E19B0BC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Panda Security\Panda Antivirus 2008\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\matthew\LOCALS~1\Temp
TMP=C:\DOCUME~1\matthew\LOCALS~1\Temp
USERDOMAIN=YOUR-644E19B0BC
USERNAME=matthew
USERPROFILE=C:\Documents and Settings\matthew
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

fiona (admin)
matthew (admin)
samantha (admin)
matty's (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> .
--> C:\PROGRA~1\BTTOTA~1\Help\Uninstall.exe btbb
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\WINDOWS\system32\WSBar.dll,VoilaBarUnInstall
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems PCI Soft Modem --> agrsmdel
AOL Coach Version 1.0(Build:20040229.1 uk) --> "C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe" -lang="en-uk"
AOL Spyware Protection --> C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
AOL Toolbar --> "C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51067386-0D0C-4F6C-97F5-E308D6D413D8}\Setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BT Broadband Help --> C:\WINDOWS\Motive\btbb\MCCUninst.exe
BT Broadband Talk Softphone 3.1 --> "C:\Program Files\BT Broadband Talk Softphone\unins000.exe"
BT Home Hub --> C:\Program Files\BT Home Hub\Uninstall.exe
BT Home Hub USB Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{118C26B8-5205-4CB1-B09B-221682FF414D}\Setup.exe"
BT Wireless Connection Manager --> C:\Program Files\Common Files\Motive\InstallHelper.exe /dir=C:\Program Files\Common Files\Motive /uninstallvendor=btbb_wcm /uninstallkey=BT Wireless Connection Manager
BT Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
Companion Suite IH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADD1861B-11C6-44FD-8265-6820E499BCAF}\Setup.exe" -l0x9
Cypress USB Mass Storage Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DVD Ripper Platinum 4 --> C:\Program Files\Xilisoft\DVD Ripper Platinum 4\Uninstall.exe
DVDFab Decrypter 3.0.5.0 --> "C:\Program Files\DVDFab Decrypter 3\unins000.exe"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Horrible Science --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2D049E2F-F15E-40A7-BEDD-CF3C84C6C720}\setup.exe" -l0x9 -removeonly
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Internet Access --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75AECBC5-B17D-424B-B847-D7B72B6CB97C}\setup.exe" -l0x9
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
KeyMaestro Input Device Driver V2.1.1-130AU MUL --> C:\WINDOWS\system32\KmRemove.exe
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
MCE Software Encoder 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7655E113-C306-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
Messenger Plus! Live & Sponsor (CiD) --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Age of Empires II --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Age of Empires II: The Conquerors Expansion --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator X --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 --> MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Professional 2007 Trial --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Monopoly --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7E7EC5E-4349-4E40-B37C-4342188B86EC}\Setup.exe" -l0x9
Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 AddRemoveCPRun
Network Play System (Patching) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_EA.exe
Nokia PC Suite --> MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
OCA Client history tool install --> "C:\WINDOWS\$UninstallOCA-X86Fre-ENU$\spuninst\spuninst.exe"
OLYMPUS CAMEDIA Master 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\Setup.exe"
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}
OneTouch --> C:\PROGRA~1\COMPAN~2\UNWISE.EXE /S C:\PROGRA~1\COMPAN~2\Install.log
Panda Antivirus 2008 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\Setup.exe" -l0x9 -removeonly
PaperPort --> MsiExec.exe /I{DF4C31CF-0EED-4680-873F-F6AD64E21B46}
PC Connectivity Solution --> MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
Philips Media Manager 3.2.1.0004 --> C:\Program Files\Philips\Media Manager\uninstall.exe
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
Power2Go 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Quake 3 Arena Demo --> C:\WINDOWS\unvise32.exe c:\Q3Ademo\uninstal.log
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Ralink Wireless LAN Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}\setup.exe" -l0x9 -removeonly
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Roll --> C:\WINDOWS\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
Roxio Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Samsung PC Studio 2.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE} /l1033
Samsung USB Driver (MCCI 4.24) --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{77F09242-A107-4CB6-A295-D8656C2C3795}
Screensavers Installer Version 2 --> "C:\Program Files\Screensavers.com\SSSInst\bin\SSSUninst.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB936509) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Publisher 2007 (KB936646) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\INSTALL.LOG
SiSRaidPackage --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08498FF9-6C9B-4FC2-8DE1-BD98C89CC220}\setup.exe" -l0x9
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sonic 3D --> C:\Sega\Sonic3D\directx\setup /r
Sony Ericsson PC Suite --> MsiExec.exe /I{FC906D5C-91F9-4DA4-A765-6DCBB669F317}
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" /l0009 -Control_Panel
Starware316 4.4.1.0 --> C:\Program Files\Starware316\Starware316Uninstall.exe
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Tarzan Action Game --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\DISNEY~1\TARZAN~1\DeIsL1.isu
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims 2 Pets --> C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims Makin' Magic --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}\setup.exe" -l0009
Tomb Raider II --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Core Design\Tomb Raider II\Uninst.isu"
Tonka Raceway --> C:\HASBRO\TONKA_RACEWAY\Uninstall_Tonka_Raceway.EXE
Update for Office 2007 (KB932080) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Outlook 2007 (KB937608) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}
Update for Outlook 2007 Junk Email Filter (kb943597) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A751F0DB-8476-4207-956E-20AEBBA4B1DA}
Update for Word 2007 (KB934173) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
USB Storage Adapter FX (SM1) --> SM1UN.EXE SM1FX_AT
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Wanadoo Search Toolbar --> C:\Program Files\Wanadoo\WSBar\Uninstall.exe
Who Wants To Be A Millionaire Cereal Demo One --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B38E6B2E-B798-4DAE-B9BD-6204F91F294A}\setup.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf

Edited by Americano, 06 February 2008 - 07:09 AM.

[Advertisements]

Hi Americano,
My name is Harry and we will get you fixed up there. Please note that due to a very busy schedule right now there might be some delay in my replies.

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Harry

[harrythook]

Hi Americano,
My name is Harry and we will get you fixed up there. Please note that due to a very busy schedule right now there might be some delay in my replies.

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Harry

[Americano]

Hi Harry,
Thanks so much for your reply, I appreciate your help.

Here is my combo fix log and HiJackThis log.

ComboFix 08-02.05.3 - matthew 2008-02-09 14:38:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1446 [GMT 0:00]
Running from: C:\Documents and Settings\matthew\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Starware316
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Error.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Related.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware316\Games\images\active\Games0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\Movies\images\active\Movies0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\U0055A71F.exe
C:\Documents and Settings\matthew\Application Data\FunWebProducts
C:\Documents and Settings\matthew\Application Data\HbTools
C:\Documents and Settings\matthew\Application Data\HbTools\HbTools.log
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\1.sdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\1065003.sdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\221540.sdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\3251993.sdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\351469.sdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\3852962.sdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\819382.sdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\domains.txt
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\12457
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\127887
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\15436
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\16204
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\17040
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\18906
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\23901
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\25469
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27503
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34123
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34174
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34186
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35047
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\402452
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\403305
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\427075
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44323
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\459338
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52335
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\537396
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\540999
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\592031
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\608961
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\61194
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\61779
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\64517
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\67226
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\68031
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\702289
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\713199
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\74398
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\753196
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\79824
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\82292
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\873
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\89200
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\90358
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\94407
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\97741
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\ustat\3585.dat
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\ads.cdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\btntrans.idx
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\btntrans1.dat
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\business_promo.htm
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\buttondir.txt
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\components.cdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_other.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_weather.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\default.cdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_511745-514279.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz1.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz10.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz11.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz12.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz13.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz14.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz15.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz16.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz17.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz18.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz19.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz2.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz20.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz3.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz4.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz5.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz6.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz7.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz8.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz9.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_categorize.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_comparison.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-people.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_favorites.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_Games.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hide.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hotmail.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_hsskin.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemster.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsterie.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_jobsearch.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_Mails.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_new.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_premium.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_reun.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_ringtones.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchfor.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchgo.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_weather.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_yellowpages.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\email-t1-bg.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium.cdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\hotbar_promo.htm
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\icons2.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\keywords.idx
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\keywords1.dat
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\layout.cdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\linkpathlegal.txt
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\progress.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\s_icons_buttons.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\sales_buttons.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\t2_bg.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\theweb.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\top7.cdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Top7_theweb.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\tsd_bg.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\ads.cdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\btntrans.idx
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\btntrans1.dat
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\business_promo.htm
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\buttondir.txt
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\components.cdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_other.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_weather.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\default.cdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_511745-514279.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz1.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz10.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz11.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz12.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz13.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz14.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz15.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz16.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz17.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz18.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz19.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz2.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz20.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz3.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz4.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz5.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz6.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz7.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz8.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz9.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_categorize.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_comparison.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_explorer-people.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_favorites.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_Games.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_Hide.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_Hotmail.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_hsskin.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_jemster.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_jemsterie.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_jemsteruk.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_jobsearch.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_Mails.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_new.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_premium.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_reun.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_ringtones.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_searchfor.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_searchgo.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_weather.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_yellowpages.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\email-t1-bg.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\hotbar-premium.cdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\hotbar_promo.htm
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\icons2.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\keywords.idx
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\keywords1.dat
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\layout.cdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\linkpathlegal.txt
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\progress.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\s_icons_buttons.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\sales_buttons.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\t2_bg.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\theweb.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\top7.cdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Top7_theweb.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\tsd_bg.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\ads.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\business_promo.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\buttondir.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\default.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar-premium.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar_promo.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\icons2.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords1.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\layout.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\progress.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\top7.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\matthew\Application Data\HbTools_Icons
C:\Documents and Settings\matthew\Application Data\HbTools_Icons\Registryrepair.ico
C:\Documents and Settings\matthew\Application Data\HbTools_Icons\Software_Online_9.ico
C:\Documents and Settings\matthew\Application Data\HbTools_Icons\wallpapere1.ico
C:\Documents and Settings\matthew\Application Data\Starware316
C:\Documents and Settings\matthew\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\matthew\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\Configurator\Configurator.xml
C:\Documents and Settings\matthew\Application Data\Starware316\Configurator\Configurator.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\Games\GamesOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\Games\GamesOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\Layouts\PitchLayout.xml
C:\Documents and Settings\matthew\Application Data\Starware316\Layouts\PitchLayout.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\Layouts\ToolbarLayout.xml
C:\Documents and Settings\matthew\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\Manager\ManagerOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\Movies\MoviesOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\Reference\ReferenceOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\Tem54B.tmp
C:\Documents and Settings\matthew\Application Data\Starware316\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\Weather\AlertArchive.xml
C:\Documents and Settings\matthew\Application Data\Starware316\Weather\WeatherOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\HbTools
C:\Documents and Settings\matty's\Application Data\HbTools\HbTools.log
C:\Documents and Settings\matty's\Application Data\HbTools\v3.0\HbTools\dynamic\3893245.sdf
C:\Documents and Settings\matty's\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27503
C:\Documents and Settings\matty's\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34123
C:\Documents and Settings\matty's\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34186
C:\Documents and Settings\matty's\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\427075
C:\Documents and Settings\matty's\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52335
C:\Documents and Settings\matty's\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\61779
C:\Documents and Settings\matty's\Application Data\HbTools\v3.0\HbTools\dynamic\ustat\35d6.dat
C:\Documents and Settings\matty's\Application Data\Starware316
C:\Documents and Settings\matty's\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\matty's\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\Configurator\Configurator.xml
C:\Documents and Settings\matty's\Application Data\Starware316\Configurator\Configurator.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\Games\GamesOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\Games\GamesOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\Layouts\ToolbarLayout.xml
C:\Documents and Settings\matty's\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\Manager\ManagerOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\Movies\MoviesOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\Reference\ReferenceOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\Weather\AlertArchive.xml
C:\Documents and Settings\matty's\Application Data\Starware316\Weather\WeatherOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\0040B60A.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\0054CB75.urr
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\Starware316
C:\Program Files\Starware316\brand.bmp
C:\Program Files\Starware316\icons\star_16.ico
C:\Program Files\Starware316\Starware316Config.xml
C:\Program Files\Starware316\Starware316Uninstall.exe

----- BITS: Possible infected sites -----

hxxp://au.downõj+|�C�ü¤Ì›v÷+È@™JŸ:®½‰NêGD_©½ºD˜QÄ{¶ÀzÎtç �Ò»ÌHžG†.�XóÆ…4ÌÅ
p€D¨ ÄŒWôÇ€WU Client Download


S-1-5-18
`
€HT4?

?
 



6ÚVwoQZC¬¬D¢HÿóM
XC:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\mainwwsp1.cab„
hxxp://au.down
.
((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.

2008-02-06 12:35 . 2008-02-06 12:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-06 12:31 . 2008-02-06 12:31 <DIR> d-------- C:\Deckard
2008-01-29 16:04 . 2008-01-29 16:04 <DIR> d-------- C:\Program Files\Motive
2008-01-29 16:04 . 2008-01-29 16:07 <DIR> d-------- C:\Program Files\BT Total Broadband 220V
2008-01-29 14:42 . 2008-01-29 15:44 <DIR> d-------- C:\Program Files\Motive(2)
2008-01-26 17:19 . 2008-01-26 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-01-26 17:16 . 2008-01-26 17:21 <DIR> d-------- C:\WINDOWS\system32\PAV
2008-01-26 17:16 . 2008-01-26 17:16 <DIR> d-------- C:\Program Files\Panda Security
2008-01-26 17:16 . 2007-06-06 11:43 83,640 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2008-01-26 17:16 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl
2008-01-26 17:16 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll
2008-01-26 17:16 . 2008-01-26 17:16 248 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-01-26 14:08 . 2008-01-29 16:40 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-26 14:08 . 2008-01-26 14:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-26 14:08 . 2008-01-26 14:08 <DIR> d-------- C:\Documents and Settings\matthew\Application Data\SUPERAntiSpyware.com
2008-01-26 14:08 . 2008-01-26 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-26 11:42 . 2008-01-26 11:42 <DIR> d-------- C:\Documents and Settings\matthew\Application Data\Grisoft
2008-01-26 11:42 . 2008-01-26 11:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-21 19:27 . 2008-01-21 19:27 <DIR> d-------- C:\Documents and Settings\matthew\Application Data\Windows Live Writer
2008-01-19 20:18 . 2008-01-19 20:23 88 --a------ C:\WINDOWS\cdplayer.ini
2008-01-19 20:17 . 2008-01-19 20:17 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-01-19 20:17 . 2008-01-19 20:17 <DIR> d-------- C:\Documents and Settings\matthew\Application Data\Talkback
2008-01-19 18:52 . 2008-01-19 18:52 <DIR> d-------- C:\Program Files\iPod
2008-01-14 20:23 . 2008-01-14 20:23 <DIR> d-------- C:\Program Files\third flap bash
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-10 13:05 . 2008-01-10 13:05 586,240 --a------ C:\WINDOWS\WLXPGSS.SCR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 17:41 --------- d-----w C:\Documents and Settings\matthew\Application Data\Yahoo!
2008-01-29 16:05 --------- d-----w C:\Program Files\Common Files\Motive
2008-01-29 16:04 --------- d-----w C:\Program Files\BT Home Hub
2008-01-26 17:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-21 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-19 20:17 --------- d-----w C:\Program Files\Real
2008-01-19 20:17 --------- d-----w C:\Program Files\Common Files\Real
2008-01-19 18:52 --------- d-----w C:\Program Files\iTunes
2008-01-19 18:51 --------- d-----w C:\Program Files\QuickTime
2008-01-14 20:24 --------- d-----w C:\Documents and Settings\matthew\Application Data\third flap bash
2008-01-14 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Software rule flag owns
2007-12-30 22:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-30 22:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-30 12:57 --------- d-----w C:\Program Files\Symantec
2007-12-30 11:27 --------- d-----w C:\Program Files\Alwil Software
2007-12-29 14:11 6,880 ----a-w C:\Documents and Settings\matthew\Application Data\wklnhst.dat
2007-12-26 16:16 --------- d-----w C:\Documents and Settings\matty's\Application Data\Teleca
2007-12-26 16:15 --------- d-----w C:\Documents and Settings\matty's\Application Data\PC Suite
2007-12-26 16:14 --------- d-----w C:\Documents and Settings\matty's\Application Data\Sony Ericsson
2007-12-26 15:24 --------- d-----w C:\Documents and Settings\matthew\Application Data\LimeWire
2007-12-26 15:23 --------- d-----w C:\Documents and Settings\matthew\Application Data\Nokia
2007-12-26 15:12 --------- d-----w C:\Documents and Settings\matthew\Application Data\PC Suite
2007-12-26 15:05 --------- d-----w C:\Documents and Settings\matthew\Application Data\Nokia Multimedia Player
2007-12-26 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-26 14:24 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-12-26 14:24 --------- d-----w C:\Program Files\Nokia
2007-12-26 14:24 --------- d-----w C:\Program Files\DIFX
2007-12-26 14:24 --------- d-----w C:\Program Files\Common Files\PCSuite
2007-12-26 14:24 --------- d-----w C:\Program Files\Common Files\Nokia
2007-12-25 21:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-12-25 21:06 --------- d-----w C:\Documents and Settings\matthew\Application Data\Teleca
2007-12-25 11:35 --------- d-----w C:\Documents and Settings\matthew\Application Data\Sony Ericsson
2007-12-25 11:24 --------- d-----w C:\Program Files\Sony Ericsson
2007-12-25 11:24 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-12-25 11:24 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2007-12-25 11:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2007-12-25 11:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2007-12-19 11:45 --------- d-----w C:\Program Files\MSN Messenger
2007-12-19 11:45 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-19 11:45 --------- d-----w C:\Program Files\Circle Developement
2007-12-12 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-06-16 07:49 128 ----a-w C:\Documents and Settings\matty's\Application Data\wklnhst.dat
2006-05-13 15:12 430 ----a-w C:\Documents and Settings\fiona\Application Data\wklnhst.dat
2003-08-27 21:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll
2006-07-28 13:04 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 19:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"popeq"="C:\DOCUME~1\matthew\APPLIC~1\THIRDF~1\waitgreat.exe" [2008-01-14 20:22 456704]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 17:11 2478080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-07-19 15:23 455984]
"Motive SmartBridge"="C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe" [2004-12-09 12:02 421888]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-19 20:16 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 19:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\All Users\Start Menu&

Edited by Americano, 09 February 2008 - 09:08 AM.

[harrythook]

Hey Americano

The log got cut off there, you may have to put it into two replies.
Get me the entire log please.

Harry

[Americano]

Sorry about that Harry.

I'll try again.

Here goes with the HiJackThis log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04:27, on 09/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\BT Total Broadband 220V\Help\bin\mpbtn.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\avciman.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.client...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.client...arch.yahoo.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\system32\WSBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [popeq] C:\DOCUME~1\matthew\APPLIC~1\THIRDF~1\waitgreat.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Total Broadband 220V\Help\bin\matcli.exe
O4 - Global Startup: FreeventsSchedule.lnk = C:\Freevents\FreeventsSchedule.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrad...raderMediaX.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Print Spooler Service (erpfqo6fuearuo) - Unknown owner - C:\WINDOWS\system32\cmdbkyhrsfxi.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: sgbx_device - Sagem - C:\WINDOWS\system32\sgbxcoms.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10822 bytes

[Americano]

And here is the ComboFix log.

Once again I do appreciate your help very much.

Thanks

ComboFix 08-02.05.3 - matthew 2008-02-09 14:38:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1446 [GMT 0:00]
Running from: C:\Documents and Settings\matthew\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Starware316
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Error.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Related.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware316\Games\images\active\Games0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\Movies\images\active\Movies0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\U0055A71F.exe
C:\Documents and Settings\matthew\Application Data\FunWebProducts
C:\Documents and Settings\matthew\Application Data\HbTools
C:\Documents and Settings\matthew\Application Data\HbTools\HbTools.log
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\1.sdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\1065003.sdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\221540.sdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\3251993.sdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\351469.sdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\3852962.sdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\819382.sdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\domains.txt
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\12457
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\127887
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\15436
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\16204
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\17040
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\18906
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\23901
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\25469
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27503
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34123
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34174
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34186
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35047
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\402452
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\403305
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\427075
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44323
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\459338
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52335
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\537396
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\540999
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\592031
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\608961
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\61194
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\61779
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\64517
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\67226
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\68031
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\702289
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\713199
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\74398
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\753196
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\79824
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\82292
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\873
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\89200
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\90358
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\94407
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\97741
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\dynamic\ustat\3585.dat
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\ads.cdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\btntrans.idx
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\btntrans1.dat
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\business_promo.htm
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\buttondir.txt
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\components.cdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_other.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_weather.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\default.cdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_511745-514279.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz1.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz10.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz11.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz12.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz13.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz14.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz15.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz16.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz17.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz18.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz19.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz2.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz20.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz3.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz4.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz5.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz6.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz7.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz8.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz9.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_categorize.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_comparison.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-people.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_favorites.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_Games.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hide.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hotmail.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_hsskin.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemster.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsterie.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_jobsearch.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_Mails.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_new.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_premium.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_reun.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_ringtones.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchfor.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchgo.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_weather.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Default_yellowpages.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\email-t1-bg.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium.cdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\hotbar_promo.htm
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\icons2.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\keywords.idx
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\keywords1.dat
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\layout.cdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\linkpathlegal.txt
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\progress.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\s_icons_buttons.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\sales_buttons.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\t2_bg.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\theweb.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\top7.cdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\Top7_theweb.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\1\tsd_bg.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\ads.cdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\btntrans.idx
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\btntrans1.dat
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\business_promo.htm
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\buttondir.txt
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\components.cdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_other.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_weather.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\default.cdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_511745-514279.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz1.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz10.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz11.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz12.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz13.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz14.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz15.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz16.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz17.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz18.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz19.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz2.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz20.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz3.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz4.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz5.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz6.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz7.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz8.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz9.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_categorize.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_comparison.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_explorer-people.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_favorites.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_Games.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_Hide.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_Hotmail.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_hsskin.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_jemster.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_jemsterie.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_jemsteruk.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_jobsearch.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_Mails.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_new.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_premium.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_reun.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_ringtones.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_searchfor.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_searchgo.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_weather.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Default_yellowpages.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\email-t1-bg.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\hotbar-premium.cdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\hotbar_promo.htm
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\icons2.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\keywords.idx
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\keywords1.dat
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\layout.cdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\linkpathlegal.txt
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\progress.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\s_icons_buttons.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\sales_buttons.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\t2_bg.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\theweb.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\top7.cdf
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\Top7_theweb.mnu
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\2\tsd_bg.res
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\ads.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\business_promo.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\buttondir.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\default.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar-premium.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar_promo.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\icons2.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords1.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\layout.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\progress.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\top7.xip
C:\Documents and Settings\matthew\Application Data\HbTools\v3.0\HbTools\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\matthew\Application Data\HbTools_Icons
C:\Documents and Settings\matthew\Application Data\HbTools_Icons\Registryrepair.ico
C:\Documents and Settings\matthew\Application Data\HbTools_Icons\Software_Online_9.ico
C:\Documents and Settings\matthew\Application Data\HbTools_Icons\wallpapere1.ico
C:\Documents and Settings\matthew\Application Data\Starware316
C:\Documents and Settings\matthew\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\matthew\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\Configurator\Configurator.xml
C:\Documents and Settings\matthew\Application Data\Starware316\Configurator\Configurator.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\Games\GamesOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\Games\GamesOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\Layouts\PitchLayout.xml
C:\Documents and Settings\matthew\Application Data\Starware316\Layouts\PitchLayout.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\Layouts\ToolbarLayout.xml
C:\Documents and Settings\matthew\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\Manager\ManagerOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\Movies\MoviesOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\Reference\ReferenceOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\Tem54B.tmp
C:\Documents and Settings\matthew\Application Data\Starware316\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\matthew\Application Data\Starware316\Weather\AlertArchive.xml
C:\Documents and Settings\matthew\Application Data\Starware316\Weather\WeatherOptions.xml
C:\Documents and Settings\matthew\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\HbTools
C:\Documents and Settings\matty's\Application Data\HbTools\HbTools.log
C:\Documents and Settings\matty's\Application Data\HbTools\v3.0\HbTools\dynamic\3893245.sdf
C:\Documents and Settings\matty's\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\27503
C:\Documents and Settings\matty's\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34123
C:\Documents and Settings\matty's\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\34186
C:\Documents and Settings\matty's\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\427075
C:\Documents and Settings\matty's\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\52335
C:\Documents and Settings\matty's\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\61779
C:\Documents and Settings\matty's\Application Data\HbTools\v3.0\HbTools\dynamic\ustat\35d6.dat
C:\Documents and Settings\matty's\Application Data\Starware316
C:\Documents and Settings\matty's\Application Data\Starware316\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\matty's\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\Configurator\Configurator.xml
C:\Documents and Settings\matty's\Application Data\Starware316\Configurator\Configurator.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\Games\GamesOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\Games\GamesOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\Layouts\ToolbarLayout.xml
C:\Documents and Settings\matty's\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\Manager\ManagerOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\Movies\MoviesOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\Reference\ReferenceOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\matty's\Application Data\Starware316\Weather\AlertArchive.xml
C:\Documents and Settings\matty's\Application Data\Starware316\Weather\WeatherOptions.xml
C:\Documents and Settings\matty's\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\0040B60A.urr
C:\Program Files\FunWebProducts\ScreenSaver\Images\0054CB75.urr
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\Starware316
C:\Program Files\Starware316\brand.bmp
C:\Program Files\Starware316\icons\star_16.ico
C:\Program Files\Starware316\Starware316Config.xml
C:\Program Files\Starware316\Starware316Uninstall.exe

----- BITS: Possible infected sites -----

hxxp://au.downõj+|�C�ü¤Ì›v÷+È@™JŸ:®½‰NêGD_©½ºD˜QÄ{¶ÀzÎtç �Ò»ÌHžG†.�XóÆ…4ÌÅ
p€D¨ ÄŒWôÇ€WU Client Download


S-1-5-18
`
€HT4?

?
 



6ÚVwoQZC¬¬D¢HÿóM
XC:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\mainwwsp1.cab„
hxxp://au.down
.
((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.

2008-02-06 12:35 . 2008-02-06 12:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-06 12:31 . 2008-02-06 12:31 <DIR> d-------- C:\Deckard
2008-01-29 16:04 . 2008-01-29 16:04 <DIR> d-------- C:\Program Files\Motive
2008-01-29 16:04 . 2008-01-29 16:07 <DIR> d-------- C:\Program Files\BT Total Broadband 220V
2008-01-29 14:42 . 2008-01-29 15:44 <DIR> d-------- C:\Program Files\Motive(2)
2008-01-26 17:19 . 2008-01-26 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-01-26 17:16 . 2008-01-26 17:21 <DIR> d-------- C:\WINDOWS\system32\PAV
2008-01-26 17:16 . 2008-01-26 17:16 <DIR> d-------- C:\Program Files\Panda Security
2008-01-26 17:16 . 2007-06-06 11:43 83,640 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2008-01-26 17:16 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl
2008-01-26 17:16 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll
2008-01-26 17:16 . 2008-01-26 17:16 248 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-01-26 14:08 . 2008-01-29 16:40 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-26 14:08 . 2008-01-26 14:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-26 14:08 . 2008-01-26 14:08 <DIR> d-------- C:\Documents and Settings\matthew\Application Data\SUPERAntiSpyware.com
2008-01-26 14:08 . 2008-01-26 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-26 11:42 . 2008-01-26 11:42 <DIR> d-------- C:\Documents and Settings\matthew\Application Data\Grisoft
2008-01-26 11:42 . 2008-01-26 11:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-21 19:27 . 2008-01-21 19:27 <DIR> d-------- C:\Documents and Settings\matthew\Application Data\Windows Live Writer
2008-01-19 20:18 . 2008-01-19 20:23 88 --a------ C:\WINDOWS\cdplayer.ini
2008-01-19 20:17 . 2008-01-19 20:17 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-01-19 20:17 . 2008-01-19 20:17 <DIR> d-------- C:\Documents and Settings\matthew\Application Data\Talkback
2008-01-19 18:52 . 2008-01-19 18:52 <DIR> d-------- C:\Program Files\iPod
2008-01-14 20:23 . 2008-01-14 20:23 <DIR> d-------- C:\Program Files\third flap bash
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-10 13:05 . 2008-01-10 13:05 586,240 --a------ C:\WINDOWS\WLXPGSS.SCR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 17:41 --------- d-----w C:\Documents and Settings\matthew\Application Data\Yahoo!
2008-01-29 16:05 --------- d-----w C:\Program Files\Common Files\Motive
2008-01-29 16:04 --------- d-----w C:\Program Files\BT Home Hub
2008-01-26 17:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-21 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-19 20:17 --------- d-----w C:\Program Files\Real
2008-01-19 20:17 --------- d-----w C:\Program Files\Common Files\Real
2008-01-19 18:52 --------- d-----w C:\Program Files\iTunes
2008-01-19 18:51 --------- d-----w C:\Program Files\QuickTime
2008-01-14 20:24 --------- d-----w C:\Documents and Settings\matthew\Application Data\third flap bash
2008-01-14 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Software rule flag owns
2007-12-30 22:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-30 22:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-30 12:57 --------- d-----w C:\Program Files\Symantec
2007-12-30 11:27 --------- d-----w C:\Program Files\Alwil Software
2007-12-29 14:11 6,880 ----a-w C:\Documents and Settings\matthew\Application Data\wklnhst.dat
2007-12-26 16:16 --------- d-----w C:\Documents and Settings\matty's\Application Data\Teleca
2007-12-26 16:15 --------- d-----w C:\Documents and Settings\matty's\Application Data\PC Suite
2007-12-26 16:14 --------- d-----w C:\Documents and Settings\matty's\Application Data\Sony Ericsson
2007-12-26 15:24 --------- d-----w C:\Documents and Settings\matthew\Application Data\LimeWire
2007-12-26 15:23 --------- d-----w C:\Documents and Settings\matthew\Application Data\Nokia
2007-12-26 15:12 --------- d-----w C:\Documents and Settings\matthew\Application Data\PC Suite
2007-12-26 15:05 --------- d-----w C:\Documents and Settings\matthew\Application Data\Nokia Multimedia Player
2007-12-26 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-26 14:24 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-12-26 14:24 --------- d-----w C:\Program Files\Nokia
2007-12-26 14:24 --------- d-----w C:\Program Files\DIFX
2007-12-26 14:24 --------- d-----w C:\Program Files\Common Files\PCSuite
2007-12-26 14:24 --------- d-----w C:\Program Files\Common Files\Nokia
2007-12-25 21:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-12-25 21:06 --------- d-----w C:\Documents and Settings\matthew\Application Data\Teleca
2007-12-25 11:35 --------- d-----w C:\Documents and Settings\matthew\Application Data\Sony Ericsson
2007-12-25 11:24 --------- d-----w C:\Program Files\Sony Ericsson
2007-12-25 11:24 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-12-25 11:24 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2007-12-25 11:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2007-12-25 11:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2007-12-19 11:45 --------- d-----w C:\Program Files\MSN Messenger
2007-12-19 11:45 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-19 11:45 --------- d-----w C:\Program Files\Circle Developement
2007-12-12 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-06-16 07:49 128 ----a-w C:\Documents and Settings\matty's\Application Data\wklnhst.dat
2006-05-13 15:12 430 ----a-w C:\Documents and Settings\fiona\Application Data\wklnhst.dat
2003-08-27 21:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll
2006-07-28 13:04 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 19:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"popeq"="C:\DOCUME~1\matthew\APPLIC~1\THIRDF~1\waitgreat.exe" [2008-01-14 20:22 456704]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-31 17:11 2478080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-07-19 15:23 455984]
"Motive SmartBridge"="C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe" [2004-12-09 12:02 421888]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-19 20:16 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 19:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\All Users\Start Menu\Programs\

[harrythook]

OK Americano,
You still lost a bunch of the log, no worry though

Do this:
Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Add a fresh HJT log and post it up, I'll look at it in the morning

Harry

[Americano]

Morning Harry

I can't believe I lost some of the log again. I really did check to make sure it was all there!


I have done the DSS scan. Only main.txt opened up. I ran it the other day before my original post as I had seen other members had been asked to run it. It created both files the other day so I can't understand why i hasn't created extra.txt today.


Main.txt

Deckard's System Scanner v20071014.68
Run by matthew on 2008-02-10 09:37:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as matthew.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:37:08, on 10/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE
C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\BT Total Broadband 220V\Help\bin\mpbtn.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Documents and Settings\matthew\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\matthew.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.client...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.client...arch.yahoo.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\system32\WSBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [popeq] C:\DOCUME~1\matthew\APPLIC~1\THIRDF~1\waitgreat.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Total Broadband 220V\Help\bin\matcli.exe
O4 - Global Startup: FreeventsSchedule.lnk = C:\Freevents\FreeventsSchedule.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrad...raderMediaX.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Print Spooler Service (erpfqo6fuearuo) - Unknown owner - C:\WINDOWS\system32\cmdbkyhrsfxi.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: sgbx_device - Sagem - C:\WINDOWS\system32\sgbxcoms.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10879 bytes

-- Files created between 2008-01-10 and 2008-02-10 -----------------------------

2008-02-09 14:37:47 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-09 14:37:47 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-09 14:37:47 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-09 14:37:47 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-09 14:37:47 51200 --a------ C:\WINDOWS\Nircmd.exe
2008-02-06 12:35:08 0 d-------- C:\Program Files\Trend Micro
2008-01-29 16:04:44 0 d-------- C:\Program Files\Motive
2008-01-29 16:04:44 0 d-------- C:\Program Files\BT Total Broadband 220V
2008-01-29 14:42:27 0 d-------- C:\Program Files\Motive(2)
2008-01-28 17:18:54 7077888 --a------ C:\Documents and Settings\matthew\ntuser.dat
2008-01-26 17:19:17 0 d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-01-26 17:16:55 248 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-01-26 17:16:51 0 d-------- C:\WINDOWS\system32\PAV
2008-01-26 17:16:36 0 d-------- C:\Program Files\Panda Security
2008-01-26 14:08:53 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-26 14:08:48 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-26 14:08:48 0 d-------- C:\Documents and Settings\matthew\Application Data\SUPERAntiSpyware.com
2008-01-26 14:08:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-26 13:47:19 0 d-------- C:\WINDOWS\pss
2008-01-26 11:42:47 0 d-------- C:\Documents and Settings\matthew\Application Data\Grisoft
2008-01-26 11:42:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-21 19:33:46 0 d-------- C:\Documents and Settings\matty's\Application Data\Real
2008-01-21 19:27:57 0 d-------- C:\Documents and Settings\matthew\Application Data\Windows Live Writer
2008-01-19 20:17:44 0 d-------- C:\Documents and Settings\matthew\Application Data\Talkback
2008-01-19 20:17:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-01-19 20:17:38 0 d-------- C:\Documents and Settings\matthew\Application Data\Mozilla
2008-01-19 20:17:14 0 d-------- C:\Program Files\Common Files\xing shared
2008-01-19 20:16:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Mozilla
2008-01-19 20:11:34 0 d-------- C:\Documents and Settings\matthew\Application Data\Real
2008-01-19 18:52:21 0 d-------- C:\Program Files\iPod
2008-01-14 20:23:02 0 d-------- C:\Program Files\third flap bash
2008-01-10 13:05:38 586240 --a------ C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Photo Gallery>


-- Find3M Report ---------------------------------------------------------------

2008-01-30 17:41:52 0 d-------- C:\Documents and Settings\matthew\Application Data\Yahoo!
2008-01-29 16:05:18 0 d-------- C:\Program Files\Common Files\Motive
2008-01-29 16:04:37 0 d-------- C:\Program Files\BT Home Hub
2008-01-26 17:16:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-26 14:08:30 0 d-------- C:\Program Files\Common Files
2008-01-24 20:08:10 448085 --a------ C:\Documents and Settings\matthew\Application Data\NMM-MetaData.db
2008-01-19 20:17:12 0 d-------- C:\Program Files\Real
2008-01-19 20:17:06 0 d-------- C:\Program Files\Common Files\Real
2008-01-19 18:52:36 0 d-------- C:\Program Files\iTunes
2008-01-19 18:51:06 0 d-------- C:\Program Files\QuickTime
2008-01-14 20:24:14 0 d-------- C:\Documents and Settings\matthew\Application Data\third flap bash
2007-12-30 22:32:00 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-30 12:57:44 0 d-------- C:\Program Files\Symantec
2007-12-30 11:27:44 0 d-------- C:\Program Files\Alwil Software
2007-12-29 14:11:17 6880 --a------ C:\Documents and Settings\matthew\Application Data\wklnhst.dat
2007-12-26 15:24:00 0 d-------- C:\Documents and Settings\matthew\Application Data\LimeWire
2007-12-26 15:23:04 0 d-------- C:\Documents and Settings\matthew\Application Data\Nokia
2007-12-26 15:12:00 0 d-------- C:\Documents and Settings\matthew\Application Data\PC Suite
2007-12-26 15:05:14 0 d-------- C:\Documents and Settings\matthew\Application Data\Nokia Multimedia Player
2007-12-26 14:24:55 0 d-------- C:\Program Files\Common Files\Nokia
2007-12-26 14:24:54 0 d-------- C:\Program Files\Common Files\PCSuite
2007-12-26 14:24:53 0 d-------- C:\Program Files\Nokia
2007-12-26 14:24:40 0 d-------- C:\Program Files\DIFX
2007-12-26 14:24:33 0 d-------- C:\Program Files\PC Connectivity Solution
2007-12-25 21:06:13 0 d-------- C:\Documents and Settings\matthew\Application Data\Teleca
2007-12-25 11:35:53 0 d-------- C:\Documents and Settings\matthew\Application Data\Sony Ericsson
2007-12-25 11:24:31 0 d-------- C:\Program Files\Common Files\Teleca Shared
2007-12-25 11:24:30 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2007-12-25 11:24:08 0 d-------- C:\Program Files\Sony Ericsson
2007-12-19 11:45:53 0 d-------- C:\Program Files\MSN Messenger
2007-12-19 11:45:53 0 d-------- C:\Program Files\Messenger Plus! Live
2007-12-19 11:45:53 0 d-------- C:\Program Files\Circle Developement
2007-12-03 21:25:08 1324 --a----c- C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [19/07/2007 15:23]
"Motive SmartBridge"="C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe" [09/12/2004 12:02]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [19/01/2008 20:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 19:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [27/02/2007 11:39]
"popeq"="C:\DOCUME~1\matthew\APPLIC~1\THIRDF~1\waitgreat.exe" [14/01/2008 20:22]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [31/08/2005 17:11]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BT Broadband Help.lnk - C:\Program Files\BT Total Broadband 220V\Help\bin\matcli.exe [29/01/2008 16:04:46]
FreeventsSchedule.lnk - C:\Freevents\FreeventsSchedule.exe [13/01/2006 12:13:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 27/02/2007 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 15/02/2007 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Demo.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Demo.lnk
backup=C:\WINDOWS\pss\AOL Demo.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk
backup=C:\WINDOWS\pss\BT Broadband Desktop Help.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^FreeventsSchedule.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FreeventsSchedule.lnk
backup=C:\WINDOWS\pss\FreeventsSchedule.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
backup=C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^matthew^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=C:\Documents and Settings\matthew\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTAgile]
C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_wcm_McciTrayApp]
C:\Program Files\btbb_wcm\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtcMaestro]
"C:\Program Files\KMaestro\KMaestro.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmdbkyhrsfxi]
C:\WINDOWS\system32\cmdbkyhrsfxi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flag Owns Live Grim]
C:\Documents and Settings\All Users\Application Data\Software rule flag owns\ooze long.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Frontier]
"C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1176579861\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MFPrintServer]
"C:\Program Files\Companion Suite IH\MFPrintServer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MFServices]
"C:\Program Files\Companion Suite IH\MFServices.exe" -n

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
"C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
C:\PROGRA~1\COMPAN~2\ONETOU~3.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\popeq]
C:\DOCUME~1\matthew\APPLIC~1\THIRDF~1\waitgreat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
"C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
C:\WINDOWS\SM1BG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TGX2_VFD]
"C:\WINDOWS\system32\TGVFDMsgservice.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480




-- End of Deckard's System Scanner: finished at 2008-02-10 09:37:34 ------------

[Americano]

This is the extra.txt file I got from the other day. Nothing i try will make DSS create one today. Hope it is ok

Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.40GHz
CPU 1: Intel® Pentium® 4 CPU 3.40GHz
Percentage of Memory in Use: 31%
Physical Memory (total/avail): 2047.48 MiB / 1400.47 MiB
Pagefile Memory (total/avail): 3942.52 MiB / 3418.97 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1889.44 MiB

C: is Fixed (NTFS) - 271.73 GiB total, 120.46 GiB free.
D: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6L300S0 - 279.47 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 271.73 GiB - C:
\PARTITION1 - Unknown - 4.75 GiB

\\.\PHYSICALDRIVE1 - Generic CF Reader USB Device

\\.\PHYSICALDRIVE2 - Generic SM/SD/MS Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
AV: Panda Antivirus 2008 v3.00.00 (Panda Security) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL 9.0a"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Philips\\Media Manager\\Philips Media Manager.exe"="C:\\Program Files\\Philips\\Media Manager\\Philips Media Manager.exe:*:Enabled:Philips Media Manager"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL 9.0a"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"="C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"="C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe:*:Disabled:Yahoo! Browser"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Q3Ademo\\quake3.exe"="C:\\Q3Ademo\\quake3.exe:*:Enabled:quake3"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\sgbxcoms.exe"="C:\\WINDOWS\\system32\\sgbxcoms.exe:*:Disabled:Crystal Server"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\matthew\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-644E19B0BC
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\matthew
LOGONSERVER=\\YOUR-644E19B0BC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Panda Security\Panda Antivirus 2008\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\matthew\LOCALS~1\Temp
TMP=C:\DOCUME~1\matthew\LOCALS~1\Temp
USERDOMAIN=YOUR-644E19B0BC
USERNAME=matthew
USERPROFILE=C:\Documents and Settings\matthew
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

fiona (admin)
matthew (admin)
samantha (admin)
matty's (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> .
--> C:\PROGRA~1\BTTOTA~1\Help\Uninstall.exe btbb
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 /removeonly -removeonly
--> RunDll32 C:\WINDOWS\system32\WSBar.dll,VoilaBarUnInstall
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems PCI Soft Modem --> agrsmdel
AOL Coach Version 1.0(Build:20040229.1 uk) --> "C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe" -lang="en-uk"
AOL Spyware Protection --> C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
AOL Toolbar --> "C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51067386-0D0C-4F6C-97F5-E308D6D413D8}\Setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BT Broadband Help --> C:\WINDOWS\Motive\btbb\MCCUninst.exe
BT Broadband Talk Softphone 3.1 --> "C:\Program Files\BT Broadband Talk Softphone\unins000.exe"
BT Home Hub --> C:\Program Files\BT Home Hub\Uninstall.exe
BT Home Hub USB Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{118C26B8-5205-4CB1-B09B-221682FF414D}\Setup.exe"
BT Wireless Connection Manager --> C:\Program Files\Common Files\Motive\InstallHelper.exe /dir=C:\Program Files\Common Files\Motive /uninstallvendor=btbb_wcm /uninstallkey=BT Wireless Connection Manager
BT Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
Companion Suite IH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADD1861B-11C6-44FD-8265-6820E499BCAF}\Setup.exe" -l0x9
Cypress USB Mass Storage Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DVD Ripper Platinum 4 --> C:\Program Files\Xilisoft\DVD Ripper Platinum 4\Uninstall.exe
DVDFab Decrypter 3.0.5.0 --> "C:\Program Files\DVDFab Decrypter 3\unins000.exe"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Horrible Science --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2D049E2F-F15E-40A7-BEDD-CF3C84C6C720}\setup.exe" -l0x9 -removeonly
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Internet Access --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75AECBC5-B17D-424B-B847-D7B72B6CB97C}\setup.exe" -l0x9
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
KeyMaestro Input Device Driver V2.1.1-130AU MUL --> C:\WINDOWS\system32\KmRemove.exe
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
MCE Software Encoder 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7655E113-C306-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
Messenger Plus! Live & Sponsor (CiD) --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Age of Empires II --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Age of Empires II: The Conquerors Expansion --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator X --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 --> MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Professional 2007 Trial --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Monopoly --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7E7EC5E-4349-4E40-B37C-4342188B86EC}\Setup.exe" -l0x9
Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 AddRemoveCPRun
Network Play System (Patching) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
Nokia Connectivity Cable Driver --> MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_EA.exe
Nokia PC Suite --> MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
OCA Client history tool install --> "C:\WINDOWS\$UninstallOCA-X86Fre-ENU$\spuninst\spuninst.exe"
OLYMPUS CAMEDIA Master 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\Setup.exe"
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}
OneTouch --> C:\PROGRA~1\COMPAN~2\UNWISE.EXE /S C:\PROGRA~1\COMPAN~2\Install.log
Panda Antivirus 2008 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\Setup.exe" -l0x9 -removeonly
PaperPort --> MsiExec.exe /I{DF4C31CF-0EED-4680-873F-F6AD64E21B46}
PC Connectivity Solution --> MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
Philips Media Manager 3.2.1.0004 --> C:\Program Files\Philips\Media Manager\uninstall.exe
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
Power2Go 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Quake 3 Arena Demo --> C:\WINDOWS\unvise32.exe c:\Q3Ademo\uninstal.log
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Ralink Wireless LAN Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}\setup.exe" -l0x9 -removeonly
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Roll --> C:\WINDOWS\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
Roxio Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Samsung PC Studio 2.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE} /l1033
Samsung USB Driver (MCCI 4.24) --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{77F09242-A107-4CB6-A295-D8656C2C3795}
Screensavers Installer Version 2 --> "C:\Program Files\Screensavers.com\SSSInst\bin\SSSUninst.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB936509) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Publisher 2007 (KB936646) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\INSTALL.LOG
SiSRaidPackage --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08498FF9-6C9B-4FC2-8DE1-BD98C89CC220}\setup.exe" -l0x9
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sonic 3D --> C:\Sega\Sonic3D\directx\setup /r
Sony Ericsson PC Suite --> MsiExec.exe /I{FC906D5C-91F9-4DA4-A765-6DCBB669F317}
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" /l0009 -Control_Panel
Starware316 4.4.1.0 --> C:\Program Files\Starware316\Starware316Uninstall.exe
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Tarzan Action Game --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\DISNEY~1\TARZAN~1\DeIsL1.isu
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims 2 Pets --> C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims Makin' Magic --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}\setup.exe" -l0009
Tomb Raider II --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Core Design\Tomb Raider II\Uninst.isu"
Tonka Raceway --> C:\HASBRO\TONKA_RACEWAY\Uninstall_Tonka_Raceway.EXE
Update for Office 2007 (KB932080) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Outlook 2007 (KB937608) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}
Update for Outlook 2007 Junk Email Filter (kb943597) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A751F0DB-8476-4207-956E-20AEBBA4B1DA}
Update for Word 2007 (KB934173) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
USB Storage Adapter FX (SM1) --> SM1UN.EXE SM1FX_AT
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Wanadoo Search Toolbar --> C:\Program Files\Wanadoo\WSBar\Uninstall.exe
Who Wants To Be A Millionaire Cereal Demo One --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B38E6B2E-B798-4DAE-B9BD-6204F91F294A}\setup.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf

[Americano]

And finally here is a new HJT log.

Thanks again.

Claire


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:13, on 10/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE
C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\BT Total Broadband 220V\Help\bin\mpbtn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.client...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.client...arch.yahoo.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\system32\WSBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [popeq] C:\DOCUME~1\matthew\APPLIC~1\THIRDF~1\waitgreat.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Total Broadband 220V\Help\bin\matcli.exe
O4 - Global Startup: FreeventsSchedule.lnk = C:\Freevents\FreeventsSchedule.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrad...raderMediaX.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Print Spooler Service (erpfqo6fuearuo) - Unknown owner - C:\WINDOWS\system32\cmdbkyhrsfxi.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: sgbx_device - Sagem - C:\WINDOWS\system32\sgbxcoms.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10858 bytes

[harrythook]

Ok Americano,
Lets do this:
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Next:
Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

Post the results

Harry

[Americano]

Hello again Harry,

thanks for your reply.

Here is the result of the SDFix log and HJT log. I'll post the SmitFraud in a minute.


SDFix: Version 1.140

Run by matthew on 10/02/2008 at 16:23

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
erpfqo6fuearuo

Path:
C:\WINDOWS\system32\cmdbkyhrsfxi.exe /service

erpfqo6fuearuo - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found






Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 16:33:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000007d
"TracesSuccessful"=dword:00000032

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 414


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sgbxcoms.exe"="C:\\WINDOWS\\system32\\sgbxcoms.exe:*:Disabled:Crystal Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Wed 26 Jan 2005 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Wed 26 Jan 2005 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Wed 26 Jan 2005 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Wed 26 Jan 2005 54,384 A..H. --- "C:\Program Files\AOL 9.0a\aolphx.exe"
Wed 26 Jan 2005 156,784 A..H. --- "C:\Program Files\AOL 9.0a\aoltray.exe"
Wed 26 Jan 2005 31,344 A..H. --- "C:\Program Files\AOL 9.0a\RBM.exe"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Fri 28 Jul 2006 0 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Sun 27 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 22 Jul 2002 418,816 A..HR --- "C:\WINDOWS\system32\Tools\All.exe"
Fri 19 Jul 2002 390,144 A..HR --- "C:\WINDOWS\system32\Tools\Change.exe"
Fri 19 Jul 2002 574,464 A..HR --- "C:\WINDOWS\system32\Tools\CheckPath.exe"
Tue 20 Aug 2002 430,592 A..HR --- "C:\WINDOWS\system32\Tools\Counter.exe"
Tue 23 Jul 2002 390,656 A..HR --- "C:\WINDOWS\system32\Tools\DelFolders.exe"
Fri 22 Nov 2002 399,872 A..HR --- "C:\WINDOWS\system32\Tools\DirectSetup.exe"
Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\system32\Tools\RegClean.exe"
Fri 19 Jul 2002 388,608 A..HR --- "C:\WINDOWS\system32\Tools\Regexe.exe"
Fri 19 Jul 2002 388,096 A..HR --- "C:\WINDOWS\system32\Tools\RunRegexe.exe"
Sat 10 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 14 Apr 2007 4,073 A..H. --- "C:\Program Files\Common Files\AOL\IPHSend\IPH.BAK"
Sun 10 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT6.tmp"
Sun 10 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT4.tmp"
Sun 10 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT7.tmp"
Sun 10 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT5.tmp"
Sun 10 Feb 2008 5,692 A.SH. --- "C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE2.tmp"
Sun 10 Feb 2008 5,946 A.SH. --- "C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE3.tmp"
Wed 6 Jun 2007 5,735 A.SH. --- "C:\Documents and Settings\matthew\Application Data\Roxio\Dragon\DiscInfoCache\PHILIPS__DVDR1628P1_______Q2.2_300_DICV017_DRGV2000027.TMP"
Sat 21 Oct 2006 5,436,464 A..H. --- "C:\Deckard\System Scanner\20080210093703\backup\DOCUME~1\matthew\LOCALS~1\Temp\dn227.tmp"
Mon 10 Sep 2007 6,514,795 A..H. --- "C:\Deckard\System Scanner\20080210093703\backup\DOCUME~1\matthew\LOCALS~1\Temp\dn229F.tmp"
Wed 31 Jan 2007 60,201,096 A..H. --- "C:\Deckard\System Scanner\20080210093703\backup\DOCUME~1\matthew\LOCALS~1\Temp\dn246.tmp"
Mon 25 Sep 2006 49,647,932 A..H. --- "C:\Deckard\System Scanner\20080210093703\backup\DOCUME~1\matthew\LOCALS~1\Temp\dn257.tmp"
Wed 6 Jun 2007 4,581,134 A..H. --- "C:\Deckard\System Scanner\20080210093703\backup\DOCUME~1\matthew\LOCALS~1\Temp\dn2F6.tmp"

Finished!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:43:07, on 10/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BT Total Broadband 220V\Help\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.client...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.client...arch.yahoo.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\system32\WSBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [popeq] C:\DOCUME~1\matthew\APPLIC~1\THIRDF~1\waitgreat.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Total Broadband 220V\Help\bin\matcli.exe
O4 - Global Startup: FreeventsSchedule.lnk = C:\Freevents\FreeventsSchedule.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrad...raderMediaX.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: sgbx_device - Sagem - C:\WINDOWS\system32\sgbxcoms.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10749 bytes

[Americano]

And here is the SmitFraud...

SmitFraudFix v2.286

Scan done at 16:46:42.57, 10/02/2008
Run from C:\Documents and Settings\matthew\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BT Total Broadband 220V\Help\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\matthew


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\matthew\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\matthew\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: BT Voyager 220V USB Remote NDIS Device - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

Description: BT Voyager 220V USB Remote NDIS Device - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7BE0FD66-2428-49FA-9C24-4994798A4EBB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A851DAF5-172A-4F3C-9823-258FC5A183A9}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7BE0FD66-2428-49FA-9C24-4994798A4EBB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A851DAF5-172A-4F3C-9823-258FC5A183A9}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7BE0FD66-2428-49FA-9C24-4994798A4EBB}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A851DAF5-172A-4F3C-9823-258FC5A183A9}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

[harrythook]

Looking better Claire

Lets run Combofix again so I can see where we are at

Harry

[Americano]

Hi Harry,

Things already seem much better round here!!

Here is the combofix log

ComboFix 08-02.05.3 - matthew 2008-02-10 21:26:38.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1408 [GMT 0:00]
Running from: C:\Documents and Settings\matthew\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com

.
((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.

2008-02-10 17:37 . 2008-02-10 17:37 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-10 17:37 . 2008-02-10 17:37 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-02-10 17:25 . 2006-03-21 20:56 1,522,688 --a------ C:\ati2mtag.sys
2008-02-10 17:21 . 2008-02-10 17:21 10 --a------ C:\WINDOWS\WININIT.INI
2008-02-10 17:19 . 2008-02-10 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-10 17:13 . 2008-02-10 17:13 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-02-10 17:13 . 2008-02-10 17:09 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-02-10 17:13 . 2008-02-10 17:09 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-02-10 17:04 . 2008-02-10 17:07 <DIR> d-------- C:\WINDOWS\system32\PAV
2008-02-10 17:04 . 2008-02-10 17:04 <DIR> d-------- C:\Program Files\Panda Security
2008-02-10 17:04 . 2007-09-28 13:24 83,896 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2008-02-10 17:04 . 2007-03-15 18:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl
2008-02-10 17:04 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll
2008-02-10 17:04 . 2008-02-10 17:04 248 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-02-10 16:46 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-10 16:46 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-10 16:46 . 2008-02-08 23:55 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-10 16:46 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-10 16:46 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-10 16:46 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-10 16:46 . 2008-02-10 16:46 746 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-10 16:21 . 2008-02-10 16:21 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-09 23:07 . 2004-08-10 19:00 388,608 --a------ C:\kmd.exe
2008-02-06 12:35 . 2008-02-06 12:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-06 12:31 . 2008-02-06 12:31 <DIR> d-------- C:\Deckard
2008-01-29 16:04 . 2008-01-29 16:04 <DIR> d-------- C:\Program Files\Motive
2008-01-29 16:04 . 2008-01-29 16:07 <DIR> d-------- C:\Program Files\BT Total Broadband 220V
2008-01-29 14:42 . 2008-01-29 15:44 <DIR> d-------- C:\Program Files\Motive(2)
2008-01-26 17:19 . 2008-01-26 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-01-26 14:08 . 2008-02-10 17:52 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-26 14:08 . 2008-02-10 17:52 <DIR> d-------- C:\Documents and Settings\matthew\Application Data\SUPERAntiSpyware.com
2008-01-26 14:08 . 2008-01-26 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-26 11:42 . 2008-01-26 11:42 <DIR> d-------- C:\Documents and Settings\matthew\Application Data\Grisoft
2008-01-26 11:42 . 2008-01-26 11:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-21 19:27 . 2008-01-21 19:27 <DIR> d-------- C:\Documents and Settings\matthew\Application Data\Windows Live Writer
2008-01-19 20:18 . 2008-01-19 20:23 88 --a------ C:\WINDOWS\cdplayer.ini
2008-01-19 20:17 . 2008-01-19 20:17 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-01-19 20:17 . 2008-01-19 20:17 <DIR> d-------- C:\Documents and Settings\matthew\Application Data\Talkback
2008-01-19 18:52 . 2008-01-19 18:52 <DIR> d-------- C:\Program Files\iPod
2008-01-14 20:23 . 2008-01-14 20:23 <DIR> d-------- C:\Program Files\third flap bash
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-10 13:05 . 2008-01-10 13:05 586,240 --a------ C:\WINDOWS\WLXPGSS.SCR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 17:20 --------- d-----w C:\Program Files\Google
2008-02-10 17:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-30 17:41 --------- d-----w C:\Documents and Settings\matthew\Application Data\Yahoo!
2008-01-29 16:05 --------- d-----w C:\Program Files\Common Files\Motive
2008-01-29 16:04 --------- d-----w C:\Program Files\BT Home Hub
2008-01-21 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-19 20:17 --------- d-----w C:\Program Files\Real
2008-01-19 20:17 --------- d-----w C:\Program Files\Common Files\Real
2008-01-19 18:52 --------- d-----w C:\Program Files\iTunes
2008-01-19 18:51 --------- d-----w C:\Program Files\QuickTime
2008-01-14 20:24 --------- d-----w C:\Documents and Settings\matthew\Application Data\third flap bash
2008-01-14 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Software rule flag owns
2007-12-30 22:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-30 22:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-30 12:57 --------- d-----w C:\Program Files\Symantec
2007-12-30 11:27 --------- d-----w C:\Program Files\Alwil Software
2007-12-29 14:11 6,880 ----a-w C:\Documents and Settings\matthew\Application Data\wklnhst.dat
2007-12-26 16:16 --------- d-----w C:\Documents and Settings\matty's\Application Data\Teleca
2007-12-26 16:15 --------- d-----w C:\Documents and Settings\matty's\Application Data\PC Suite
2007-12-26 16:14 --------- d-----w C:\Documents and Settings\matty's\Application Data\Sony Ericsson
2007-12-26 15:24 --------- d-----w C:\Documents and Settings\matthew\Application Data\LimeWire
2007-12-26 15:23 --------- d-----w C:\Documents and Settings\matthew\Application Data\Nokia
2007-12-26 15:12 --------- d-----w C:\Documents and Settings\matthew\Application Data\PC Suite
2007-12-26 15:05 --------- d-----w C:\Documents and Settings\matthew\Application Data\Nokia Multimedia Player
2007-12-26 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-26 14:24 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-12-26 14:24 --------- d-----w C:\Program Files\Nokia
2007-12-26 14:24 --------- d-----w C:\Program Files\DIFX
2007-12-26 14:24 --------- d-----w C:\Program Files\Common Files\PCSuite
2007-12-26 14:24 --------- d-----w C:\Program Files\Common Files\Nokia
2007-12-25 21:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-12-25 21:06 --------- d-----w C:\Documents and Settings\matthew\Application Data\Teleca
2007-12-25 11:35 --------- d-----w C:\Documents and Settings\matthew\Application Data\Sony Ericsson
2007-12-25 11:24 --------- d-----w C:\Program Files\Sony Ericsson
2007-12-25 11:24 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-12-25 11:24 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2007-12-25 11:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2007-12-25 11:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2007-12-19 11:45 --------- d-----w C:\Program Files\MSN Messenger
2007-12-19 11:45 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-19 11:45 --------- d-----w C:\Program Files\Circle Developement
2007-12-12 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-06-16 07:49 128 ----a-w C:\Documents and Settings\matty's\Application Data\wklnhst.dat
2006-05-13 15:12 430 ----a-w C:\Documents and Settings\fiona\Application Data\wklnhst.dat
2003-08-27 21:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll
2006-07-28 13:04 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-10 17:19 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 19:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-10-04 15:14 455984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 19:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
FreeventsSchedule.lnk - C:\Freevents\FreeventsSchedule.exe [2006-01-13 12:13:40 16384]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-10 17:19:52 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Demo.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Demo.lnk
backup=C:\WINDOWS\pss\AOL Demo.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk
backup=C:\WINDOWS\pss\BT Broadband Desktop Help.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Help.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Help.lnk
backup=C:\WINDOWS\pss\BT Broadband Help.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^FreeventsSchedule.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FreeventsSchedule.lnk
backup=C:\WINDOWS\pss\FreeventsSchedule.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
backup=C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^matthew^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=C:\Documents and Settings\matthew\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup
--a------ 2002-09-13 21:42 212992 C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-10-08 02:50 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2007-01-10 11:06 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTAgile]
--a------ 2007-06-18 08:39 61440 C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_wcm_McciTrayApp]
--a------ 2005-12-29 10:22 543232 C:\Program Files\btbb_wcm\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtcMaestro]
--------- 2005-02-21 05:53 245760 C:\Program Files\KMaestro\KMaestro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmdbkyhrsfxi]
C:\WINDOWS\system32\cmdbkyhrsfxi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 19:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 14:01 67584 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flag Owns Live Grim]
--a------ 2008-02-10 16:10 1423872 C:\Documents and Settings\All Users\Application Data\Software rule flag owns\ooze long.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Frontier]
--a------ 2007-06-18 08:36 12394496 C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-11-17 13:21 50736 C:\Program Files\Common Files\AOL\1176579861\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2005-01-26 09:47 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MFPrintServer]
--a------ 2005-04-05 02:37 65536 C:\Program Files\Companion Suite IH\MFPrintServer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MFServices]
--a------ 2005-04-05 02:29 159744 C:\Program Files\Companion Suite IH\MFServices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2004-12-09 12:02 421888 C:\PROGRA~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2007-06-19 10:17 1241088 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
--a------ 2005-04-05 03:24 122880 C:\PROGRA~1\COMPAN~2\ONETOU~3.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-06-18 15:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\popeq]
--a------ 2008-01-14 20:22 456704 C:\DOCUME~1\matthew\APPLIC~1\THIRDF~1\waitgreat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
--a------ 2005-07-08 16:01 1953887 C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-13 21:42 212992 C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
-ra------ 2003-08-27 21:20 94208 C:\WINDOWS\SM1BG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2006-11-24 01:06 487424 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-06-20 13:42 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a------ 2004-01-26 10:38 866816 C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-10-14 09:22 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 02:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TGX2_VFD]
--a------ 2004-12-01 13:12 233472 C:\WINDOWS\system32\TGVFDMsgservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-19 20:16 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2005-08-31 17:11 2478080 C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
--a------ 2006-07-21 16:19 129536 C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

R1 CXAVSAUD;Conexant 2388x Audio Capture;C:\WINDOWS\system32\DRIVERS\cxavsaud.sys [2005-10-25 01:56]
R1 mfxnt;mfxnt;C:\WINDOWS\system32\drivers\mfxnt.sys [2005-04-05 01:31]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-02-10 17:09]
R2 CX23880;Conexant 23880 Video Capture;C:\WINDOWS\system32\drivers\cx88vid.sys [2005-10-28 02:43]
R2 CXTUNE;Conexant 2388x Tuner;C:\WINDOWS\system32\drivers\CX88TUNE.sys [2005-11-14 03:19]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-02-10 17:09]
R3 CXAVSTS;Conexant 2388x AVStream TS Capture;C:\WINDOWS\system32\drivers\cxavsts.sys [2005-10-25 01:56]
R3 CXAVXBAR;Conexant 2388x AVStream Crossbar;C:\WINDOWS\system32\drivers\cxavxbar.sys [2005-10-25 01:56]
R3 CXBDATUNE;Conexant BDA DVB Tuner/Demod;C:\WINDOWS\system32\drivers\cxBDAtun.sys [2005-10-25 01:56]
R3 TGX263;TriGem X2 Device Driver;C:\WINDOWS\system32\Drivers\TGX263.sys [2004-11-03 14:16]
S3 HttpUsb;XML interface;C:\WINDOWS\system32\Drivers\HttpUsb.sys [2005-04-05 01:31]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 14:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 14:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 14:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 14:58]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 14:58]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 14:58]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 14:58]
S3 sgbx_device;sgbx_device;C:\WINDOWS\system32\sgbxcoms.exe [2005-04-05 01:14]
S3 UsbItf;MF F@X activities;C:\WINDOWS\system32\Drivers\UsbItf.sys [2005-04-05 01:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-02-10 21:00:00 C:\WINDOWS\Tasks\B4082258918FCBF4.job"
- c:\docume~1\matthew\applic~1\thirdf~1\Open Flaw Bleh.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 21:30:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\SYSTEM32\winlogon.exe
-> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll
.
Completion time: 2008-02-10 21:30:58
ComboFix-quarantined-files.txt 2008-02-10 21:30:56
ComboFix2.txt 2008-02-09 23:09:16
.
2008-01-29 18:26:48 --- E O F ---