Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My HijackThis log..... [RESOLVED]


  • This topic is locked This topic is locked

#1
xhyperballadx

xhyperballadx

    Member

  • Member
  • PipPip
  • 29 posts
I want to firstly apologise if I am not adhering to any of the rules before posting this. I really have NO IDEA what I'm doing. I read the 'read before posting' post and a lot of it didn't make sense.

I'm basically experiencing slowing down, program crashes, skipping audio.. all the good things..

Again, I'm really sorry if I should have sorted this myself somehow. But thank you for any help.
:)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:46:42, on 06/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Last.fm\LastFM.exe
C:\PROGRA~1\Motive\Common\MOTIVE~1.EXE
C:\Program Files\BT Broadband Desktop Help\bin\BTHelp.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE MINI T-CAM
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.liv...es/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15028/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: mljihef - mljihef.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11834 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
xhyperballadx

xhyperballadx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Thank you..

Here are the reports;
Kaspersky, main.txt, and extra.txt

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 10, 2008 11:05:53 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/02/2008
Kaspersky Anti-Virus database records: 556132
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 102737
Number of viruses found: 12
Number of infected objects: 31
Number of suspicious objects: 0
Duration of the scan process: 01:15:32

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-11142007-021220.log Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\call1024.dbb Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\call2048.dbb Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\call256.dbb Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\call512.dbb Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\chat1024.dbb Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\chat16384.dbb Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\chat256.dbb Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\chat512.dbb Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\chat8192.dbb Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\chatmsg16384.dbb Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\chatmsg2048.dbb Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\index2.dat Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\profile4096.dbb Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\transfer256.dbb Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\user1024.dbb Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\user16384.dbb Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\user256.dbb Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\user4096.dbb Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Skype\xhyperballadx\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Scott\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Google Desktop\96a14f89fd16\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Google Desktop\96a14f89fd16\dbdam Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Google Desktop\96a14f89fd16\dbdao Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Google Desktop\96a14f89fd16\dbeam Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Google Desktop\96a14f89fd16\dbeao Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Google Desktop\96a14f89fd16\dbm Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Google Desktop\96a14f89fd16\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Google Desktop\96a14f89fd16\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Google Desktop\96a14f89fd16\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Google Desktop\96a14f89fd16\fii.cf1 Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Google Desktop\96a14f89fd16\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Google Desktop\96a14f89fd16\hp Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Google Desktop\96a14f89fd16\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Google Desktop\96a14f89fd16\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Google Desktop\96a14f89fd16\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Google Desktop\96a14f89fd16\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Google Desktop\96a14f89fd16\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Google Desktop\96a14f89fd16\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Google Desktop\96a14f89fd16\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Google Desktop\96a14f89fd16\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Google Desktop\96a14f89fd16\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Google Desktop\96a14f89fd16\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Google Desktop\96a14f89fd16\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Google Desktop\96a14f89fd16\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Google\Google Desktop\96a14f89fd16\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Last.fm\Client\Last.fm.log Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Last.fm\Client\LastFmHelper.log Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Last.fm\collection.db Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{8B029EC1-01DC-49EB-BA2C-3505E7758B0E} Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\History\History.IE5\MSHist012008021020080211\index.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temp\etilqs_dNXYUMKNF3SAhK3-journal Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temp\etilqs_FMeah5VueeI1XXq Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temp\flaAE3F.tmp Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temp\~DF8015.tmp Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Scott\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Scott\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Scott\UserData\index.dat Object is locked skipped
C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\Program Files\BT Broadband Desktop Help\vendors\btbb\wwwcache\wt\deviceview\private\content\driven_dev\upgrade\McciContextUpgrade.exe/WISE0007.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped
C:\Program Files\BT Broadband Desktop Help\vendors\btbb\wwwcache\wt\deviceview\private\content\driven_dev\upgrade\McciContextUpgrade.exe WiseSFX: infected - 1 skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\4ZMLQXBA.NQF Infected: not-a-virus:AdWare.Win32.Virtumonde.md skipped
C:\Program Files\ESET\infected\A1LAUTDA.NQF Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\Program Files\ESET\infected\ECM4EOCA.NQF Infected: not-a-virus:AdWare.Win32.PurityScan.ga skipped
C:\Program Files\ESET\infected\GZAY4DAA.NQF Infected: not-a-virus:AdWare.Win32.Virtumonde.mh skipped
C:\Program Files\ESET\infected\IPKOFXAA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\Program Files\ESET\infected\IPKOFXAA.NQF NSIS: infected - 1 skipped
C:\Program Files\ESET\infected\IPKOFXAA.NQF PE-Crypt.XorPE: infected - 1 skipped
C:\Program Files\ESET\infected\K41Z0TBA.NQF/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\Program Files\ESET\infected\K41Z0TBA.NQF NSIS: infected - 1 skipped
C:\Program Files\ESET\infected\K41Z0TBA.NQF PE-Crypt.XorPE: infected - 1 skipped
C:\Program Files\ESET\infected\QKTNDOBA.NQF/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\Program Files\ESET\infected\QKTNDOBA.NQF/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\ESET\infected\QKTNDOBA.NQF NSIS: infected - 2 skipped
C:\Program Files\ESET\infected\QKTNDOBA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\Program Files\ESET\infected\SEIPCEAA.NQF/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Program Files\ESET\infected\SEIPCEAA.NQF/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Program Files\ESET\infected\SEIPCEAA.NQF/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Program Files\ESET\infected\SEIPCEAA.NQF NSIS: infected - 3 skipped
C:\Program Files\ESET\infected\SEIPCEAA.NQF PE-Crypt.XorPE: infected - 3 skipped
C:\Program Files\ESET\infected\TVNLSPDA.NQF Infected: not-a-virus:AdWare.Win32.Virtumonde.md skipped
C:\Program Files\ESET\infected\UPOWDRDA.NQF Infected: not-a-virus:AdWare.Win32.Virtumonde.md skipped
C:\Program Files\ESET\infected\UQSSCGCA.NQF Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\Program Files\ESET\infected\VJM5K2AA.NQF Infected: Trojan.Win32.Agent.bnx skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP251\A0041724.exe/webcontrol/btwebcontrol.dll Infected: not-a-virus:Dialer.Win32.BT.g skipped
C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP251\A0041724.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{1D66B0B6-AF06-40DB-BDC4-5E827C43D6E6}\RP264\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Motive\btbb\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped
C:\WINDOWS\Motive\btbb\UninstallHelper.exe/WISE0004.BIN Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped
C:\WINDOWS\Motive\btbb\UninstallHelper.exe WiseSFX: infected - 1 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Deckard's System Scanner v20071014.68
Run by Scott on 2008-02-10 23:07:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
80: 2008-02-10 23:07:58 UTC - RP265 - Deckard's System Scanner Restore Point
79: 2008-02-10 17:51:43 UTC - RP264 - System Checkpoint
78: 2008-02-09 15:05:34 UTC - RP263 - System Checkpoint
77: 2008-02-08 14:06:52 UTC - RP262 - Software Distribution Service 3.0
76: 2008-02-07 09:03:39 UTC - RP261 - System Checkpoint


-- First Restore Point --
1: 2007-11-13 21:04:03 UTC - RP186 - Restore Operation


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 6.61 GiB (less than 15%) free.


-- HijackThis (run as Scott.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:10:30, on 10/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Documents and Settings\Scott\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Scott.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE MINI T-CAM
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.liv...es/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15028/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: mljihef - mljihef.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11891 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 CLEDX (Team H2O CLEDX service) - c:\windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 TVALD (Toshiba Mobile PC Service) - c:\windows\system32\drivers\nbsmi.sys <Not Verified; Toshiba Corporation; Toshiba Notebook PC SMI Service>
R3 Tvs (TOSHIBA Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys <Not Verified; TOSHIBA Corporation; Audio Filter>
R3 ZSMC301b (MINI T-CAM) - c:\windows\system32\drivers\usbvm31b.sys <Not Verified; VM; >

S2 Nsynas32 - c:\windows\system32\drivers\nsynas32.sys <Not Verified; Syncrosoft Hard- und Software GmbH; Internet Protection Hardware Driver>
S3 catchme - c:\docume~1\scott\locals~1\temp\catchme.sys (file missing)
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 pgfilter - c:\program files\peerguardian2\pgfilter.sys (file missing)
S3 tosrfec (Bluetooth ACPI from TOSHIBA) - c:\windows\system32\drivers\tosrfec.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth EC Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 TAPPSRV (TOSHIBA Application Service) - "c:\program files\toshiba\toshiba applet\tappsrv.exe" <Not Verified; TOSHIBA Corp.; TOSHIBA TAPPSRV>

S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>
S4 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree™>
S4 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
S4 Wireless Adapter Configurator - c:\program files\bt home hub\wireless configuration\wirelessdaemon.exe <Not Verified; Tech Mahindra- PUNE; MBT- PUNE WirelessDaemon>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-10 22:58:05 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-02-10 03:30:00 426 --a------ C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
2008-02-09 02:20:00 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-02-08 17:17:11 408 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job


-- Files created between 2008-01-10 and 2008-02-10 -----------------------------

2008-02-10 21:02:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-10 21:02:04 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-10 21:02:02 0 d-------- C:\WINDOWS\LastGood
2008-02-06 22:46:25 0 d-------- C:\Program Files\Trend Micro
2008-02-06 19:02:57 0 d-------- C:\Documents and Settings\Scott\Application Data\Smart PC Solutions
2008-02-06 19:02:49 0 d-------- C:\Program Files\Smart PC Solutions
2008-02-02 20:12:38 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-02 20:12:38 0 d-------- C:\Documents and Settings\Scott\Application Data\Vso
2008-02-02 20:12:38 47360 --a------ C:\Documents and Settings\Scott\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-02 20:12:34 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-02-02 20:12:34 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-02-02 20:12:34 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-02-02 20:12:31 0 d-------- C:\Program Files\VSO
2008-01-22 16:51:24 0 d-------- C:\Program Files\VideoLAN
2008-01-16 22:02:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-01-15 21:29:02 0 d-------- C:\Program Files\PeerGuardian2


-- Find3M Report ---------------------------------------------------------------

2008-02-10 22:15:13 0 d-------- C:\Documents and Settings\Scott\Application Data\Skype
2008-02-10 18:24:09 0 d-------- C:\Documents and Settings\Scott\Application Data\uTorrent
2008-02-08 15:00:56 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-08 15:00:01 0 d-------- C:\Program Files\Norton Security Scan
2008-02-06 22:10:32 20880 --a------ C:\Program Files\HIJACKTHIS_V2[1].EXE-28CCDFB7.pf
2008-02-04 00:58:52 4646 --a------ C:\Documents and Settings\Scott\Application Data\wklnhst.dat
2008-02-02 20:12:55 34 --a------ C:\Documents and Settings\Scott\Application Data\pcouffin.log
2008-02-02 20:12:38 1144 --a------ C:\Documents and Settings\Scott\Application Data\pcouffin.inf
2008-02-02 20:12:38 7887 --a------ C:\Documents and Settings\Scott\Application Data\pcouffin.cat
2008-02-02 20:05:44 0 d-------- C:\Documents and Settings\Scott\Application Data\Adobe
2008-01-23 12:40:51 0 d-------- C:\Program Files\Lexmark Fax Solutions
2008-01-23 12:38:08 0 d-------- C:\Program Files\NCH Swift Sound
2008-01-23 12:36:46 0 d-------- C:\Program Files\Google
2008-01-16 22:00:04 0 d-------- C:\Program Files\Last.fm
2008-01-06 00:03:30 0 d-------- C:\Program Files\uTorrent
2007-12-30 00:41:08 0 d-------- C:\Program Files\DivX
2007-12-27 21:23:31 0 d-------- C:\Documents and Settings\Scott\Application Data\Yahoo!
2007-12-21 22:46:23 0 d-------- C:\Program Files\NCH Software
2007-12-15 03:03:31 0 d-------- C:\Documents and Settings\Scott\Application Data\Ableton
2007-12-15 03:03:28 0 d-------- C:\Program Files\Ableton


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [16/12/2005 23:32]
"RTHDCPL"="RTHDCPL.EXE" [09/12/2005 22:49 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [15/10/2005 13:29 C:\WINDOWS\agrsmmsg.exe]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [05/01/2006 14:02]
"TPSMain"="TPSMain.exe" [03/08/2005 14:26 C:\WINDOWS\system32\TPSMain.exe]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [30/11/2005 12:25]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [12/05/2005 10:31]
"TDispVol"="TDispVol.exe" [11/03/2005 15:03 C:\WINDOWS\system32\TDispVol.exe]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [21/07/2006 16:19]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [09/06/2004 08:37]
"btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [26/05/2007 19:21]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [25/08/2007 00:56]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30/08/2007 08:47]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [11/05/2005 01:46]
"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [08/02/2007 22:52]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 09:25]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [11/04/2005 11:26]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"eyeBeam SIP Client"="C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe" [31/07/2006 20:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [21/08/2007 21:53]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [22/08/2007 23:19]

C:\Documents and Settings\Scott\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [16/01/2008 22:00:01]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [17/03/2005 14:06:14]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [21/08/2007 21:53:37]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljihef]
mljihef.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk
backup=C:\WINDOWS\pss\BT Broadband Desktop Help.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_wcm_McciTrayApp]
C:\Program Files\btbb_wcm\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
"C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
"C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"EvtEng"=2 (0x2)
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"CFSvcs"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{449b00d2-868a-11da-a583-00a0d1df1b4d}]
AutoRun\command- browser.exe

*Newly Created Service* - ERASERUTILDRV10741



-- End of Deckard's System Scanner: finished at 2008-02-10 23:11:11 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2300 @ 1.66GHz
CPU 1: Genuine Intel® CPU T2300 @ 1.66GHz
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 1021.98 MiB / 522.24 MiB
Pagefile Memory (total/avail): 2464.52 MiB / 1710.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1919.67 MiB

C: is Fixed (NTFS) - 93.16 GiB total, 6.61 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2100BH PL - 93.16 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 93.16 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.

AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:Last.fm"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe:*:Enabled:Yahoo! Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Scott\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TOSHIBA-A225
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Scott
LOGONSERVER=\\TOSHIBA-A225
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Scott\LOCALS~1\Temp
TMP=C:\DOCUME~1\Scott\LOCALS~1\Temp
USERDOMAIN=TOSHIBA-A225
USERNAME=Scott
USERPROFILE=C:\Documents and Settings\Scott
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Scott (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\Motive\btbb\UninstallHelper.exe
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
ABBYY FineReader 6.0 Sprint --> MsiEx
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O20 - Winlogon Notify: mljihef - mljihef.dll (file missing)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe



Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{449b00d2-868a-11da-a583-00a0d1df1b4d}]


Then double click on the fix.reg file, when it prompts to merge click "Yes".



Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


Reboot and post a new DSS log
  • 0

#5
xhyperballadx

xhyperballadx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hello, the logs are as follows;


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/11/2008 at 09:01 PM

Application Version : 3.9.1008

Core Rules Database Version : 3399
Trace Rules Database Version: 1391

Scan type : Complete Scan
Total Scan Time : 02:38:47

Memory items scanned : 485
Memory threats detected : 0
Registry items scanned : 5110
Registry threats detected : 0
File items scanned : 99277
File threats detected : 210

Adware.Tracking Cookie
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][3].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][4].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][10].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][3].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected]
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][3].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][3].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
C:\Documents and Settings\Scott\Cookies\[email protected][1].txt

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\MCRH.TMP










Deckard's System Scanner v20071014.68
Run by Scott on 2008-02-11 21:53:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 6.47 GiB (less than 15%) free.


-- HijackThis (run as Scott.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:05, on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Scott\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Scott.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bjork.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE MINI T-CAM
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.liv...es/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15028/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11884 bytes

-- Files created between 2008-01-11 and 2008-02-11 -----------------------------

2008-02-11 18:14:55 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-11 18:14:41 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-11 18:14:41 0 d-------- C:\Documents and Settings\Scott\Application Data\SUPERAntiSpyware.com
2008-02-10 21:02:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-10 21:02:04 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-06 22:46:25 0 d-------- C:\Program Files\Trend Micro
2008-02-06 19:02:57 0 d-------- C:\Documents and Settings\Scott\Application Data\Smart PC Solutions
2008-02-06 19:02:49 0 d-------- C:\Program Files\Smart PC Solutions
2008-02-02 20:12:38 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-02 20:12:38 0 d-------- C:\Documents and Settings\Scott\Application Data\Vso
2008-02-02 20:12:38 47360 --a------ C:\Documents and Settings\Scott\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-02 20:12:34 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-02-02 20:12:34 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-02-02 20:12:34 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-02-02 20:12:31 0 d-------- C:\Program Files\VSO
2008-01-22 16:51:24 0 d-------- C:\Program Files\VideoLAN
2008-01-16 22:02:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-01-15 21:29:02 0 d-------- C:\Program Files\PeerGuardian2


-- Find3M Report ---------------------------------------------------------------

2008-02-11 18:14:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-11 06:15:12 0 d-------- C:\Documents and Settings\Scott\Application Data\Skype
2008-02-10 18:24:09 0 d-------- C:\Documents and Settings\Scott\Application Data\uTorrent
2008-02-08 15:00:56 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-08 15:00:01 0 d-------- C:\Program Files\Norton Security Scan
2008-02-06 22:10:32 20880 --a------ C:\Program Files\HIJACKTHIS_V2[1].EXE-28CCDFB7.pf
2008-02-04 00:58:52 4646 --a------ C:\Documents and Settings\Scott\Application Data\wklnhst.dat
2008-02-02 20:12:55 34 --a------ C:\Documents and Settings\Scott\Application Data\pcouffin.log
2008-02-02 20:12:38 1144 --a------ C:\Documents and Settings\Scott\Application Data\pcouffin.inf
2008-02-02 20:12:38 7887 --a------ C:\Documents and Settings\Scott\Application Data\pcouffin.cat
2008-02-02 20:05:44 0 d-------- C:\Documents and Settings\Scott\Application Data\Adobe
2008-01-23 12:40:51 0 d-------- C:\Program Files\Lexmark Fax Solutions
2008-01-23 12:38:08 0 d-------- C:\Program Files\NCH Swift Sound
2008-01-23 12:36:46 0 d-------- C:\Program Files\Google
2008-01-16 22:00:04 0 d-------- C:\Program Files\Last.fm
2008-01-06 00:03:30 0 d-------- C:\Program Files\uTorrent
2007-12-30 00:41:08 0 d-------- C:\Program Files\DivX
2007-12-27 21:23:31 0 d-------- C:\Documents and Settings\Scott\Application Data\Yahoo!
2007-12-21 22:46:23 0 d-------- C:\Program Files\NCH Software
2007-12-15 03:03:31 0 d-------- C:\Documents and Settings\Scott\Application Data\Ableton
2007-12-15 03:03:28 0 d-------- C:\Program Files\Ableton


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [16/12/2005 23:32]
"RTHDCPL"="RTHDCPL.EXE" [09/12/2005 22:49 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [15/10/2005 13:29 C:\WINDOWS\agrsmmsg.exe]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [05/01/2006 14:02]
"TPSMain"="TPSMain.exe" [03/08/2005 14:26 C:\WINDOWS\system32\TPSMain.exe]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [30/11/2005 12:25]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [12/05/2005 10:31]
"TDispVol"="TDispVol.exe" [11/03/2005 15:03 C:\WINDOWS\system32\TDispVol.exe]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [21/07/2006 16:19]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [09/06/2004 08:37]
"btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [26/05/2007 19:21]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [25/08/2007 00:56]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30/08/2007 08:47]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [11/05/2005 01:46]
"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [08/02/2007 22:52]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 09:25]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [11/04/2005 11:26]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"eyeBeam SIP Client"="C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe" [31/07/2006 20:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [21/08/2007 21:53]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [22/08/2007 23:19]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21/06/2007 14:06]

C:\Documents and Settings\Scott\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [20/10/2005 12:04:08]
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [16/01/2008 22:00:01]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [17/03/2005 14:06:14]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [21/08/2007 21:53:37]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk
backup=C:\WINDOWS\pss\BT Broadband Desktop Help.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_wcm_McciTrayApp]
C:\Program Files\btbb_wcm\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
"C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
"C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"EvtEng"=2 (0x2)
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"CFSvcs"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-02-11 21:53:24 ------------
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean ! We need to do a few things

You can delete the tools that we used


Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#7
xhyperballadx

xhyperballadx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
OK...
I have done all of these now.
I had to do a few things twice.
I did all of the actions, but when it came to restart, 'Dr Watson's Debugger' would crash and freeze the PC.

So,
I went back to the restore point, removed Dr.Watson from my laptop (I looked for advice on this..I hope it wasn't a bad move.. :) ) and repeated the actions again.

I now have everything set up and good to go.

However, I still experience some audio skipping. Should I put this down to having too many folders in my Music, suck it up and delete some of it?

Thank you so much, so far. :)
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
I have no idea about your music, impossible to tell really. You may have two many programs running on startup.

Any more questions ?
  • 0

#9
xhyperballadx

xhyperballadx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Ok.
One last one..
Sometimes now, I'm getting a box when I try to open programs saying;

'The instruction at "0x66006041" referenced memory at "0x66006041". The memory could not be "read". Click OK to terminate the program.
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Not sure about that, maybe ask in the Windows XP forum about that and the music problem

It isn't malware related anyway
  • 0

#11
xhyperballadx

xhyperballadx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Ok.
Thanks for your help with everything.

:)
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP